Bug 1487167 - Various DOM rooting issues. r=bz
authorSteve Fink <sfink@mozilla.com>
Tue, 28 Aug 2018 21:26:50 -0700
changeset 493255 05ca2a671aef4bca6ef7119a5b2611ec90ac1433
parent 493254 c173cb530f63fe1a264d4493b536801d974415c7
child 493256 cb374250a4f92ef6b39a9334eb9bbfee694770af
push id9984
push userffxbld-merge
push dateMon, 15 Oct 2018 21:07:35 +0000
treeherdermozilla-beta@183d27ea8570 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1487167
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1487167 - Various DOM rooting issues. r=bz
dom/base/ContentFrameMessageManager.cpp
dom/base/ContentProcessMessageManager.cpp
dom/base/CustomElementRegistry.cpp
dom/bindings/DOMJSProxyHandler.cpp
dom/serviceworkers/ServiceWorkerContainer.cpp
--- a/dom/base/ContentFrameMessageManager.cpp
+++ b/dom/base/ContentFrameMessageManager.cpp
@@ -1,25 +1,29 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "ContentFrameMessageManager.h"
+#include "js/RootingAPI.h"
 #include "mozilla/dom/ScriptSettings.h"
 
 using namespace mozilla;
 using namespace mozilla::dom;
 
 JSObject*
 ContentFrameMessageManager::GetOrCreateWrapper()
 {
-  AutoJSAPI jsapi;
-  jsapi.Init();
+  JS::RootedValue val(RootingCx());
+  {
+    // Scope to run ~AutoJSAPI before working with a raw JSObject*.
+    AutoJSAPI jsapi;
+    jsapi.Init();
 
-  JS::RootedValue val(jsapi.cx());
-  if (!GetOrCreateDOMReflectorNoWrap(jsapi.cx(), this, &val)) {
-    return nullptr;
+    if (!GetOrCreateDOMReflectorNoWrap(jsapi.cx(), this, &val)) {
+      return nullptr;
+    }
   }
   MOZ_ASSERT(val.isObject());
   return &val.toObject();
 }
--- a/dom/base/ContentProcessMessageManager.cpp
+++ b/dom/base/ContentProcessMessageManager.cpp
@@ -109,23 +109,27 @@ ContentProcessMessageManager::WrapObject
                                          JS::Handle<JSObject*> aGivenProto)
 {
   return ContentProcessMessageManager_Binding::Wrap(aCx, this, aGivenProto);
 }
 
 JSObject*
 ContentProcessMessageManager::GetOrCreateWrapper()
 {
-  AutoJSAPI jsapi;
-  jsapi.Init();
+  JS::RootedValue val(RootingCx());
+  {
+    // Scope to run ~AutoJSAPI before working with a raw JSObject*.
+    AutoJSAPI jsapi;
+    jsapi.Init();
 
-  JS::RootedValue val(jsapi.cx());
-  if (!GetOrCreateDOMReflectorNoWrap(jsapi.cx(), this, &val)) {
-    return nullptr;
+    if (!GetOrCreateDOMReflectorNoWrap(jsapi.cx(), this, &val)) {
+      return nullptr;
+    }
   }
+  MOZ_ASSERT(val.isObject());
   return &val.toObject();
 }
 
 void
 ContentProcessMessageManager::LoadScript(const nsAString& aURL)
 {
   Init();
   JS::Rooted<JSObject*> messageManager(mozilla::dom::RootingCx(), GetOrCreateWrapper());
--- a/dom/base/CustomElementRegistry.cpp
+++ b/dom/base/CustomElementRegistry.cpp
@@ -747,17 +747,17 @@ CustomElementRegistry::GetDocGroup() con
 {
   return mWindow ? mWindow->GetDocGroup() : nullptr;
 }
 
 int32_t
 CustomElementRegistry::InferNamespace(JSContext* aCx,
                                       JS::Handle<JSObject*> constructor)
 {
-  JSObject* XULConstructor = XULElement_Binding::GetConstructorObject(aCx);
+  JS::Rooted<JSObject*> XULConstructor(aCx, XULElement_Binding::GetConstructorObject(aCx));
 
   JS::Rooted<JSObject*> proto(aCx, constructor);
   while (proto) {
     if (proto == XULConstructor) {
       return kNameSpaceID_XUL;
     }
 
     JS_GetPrototype(aCx, proto, &proto);
--- a/dom/bindings/DOMJSProxyHandler.cpp
+++ b/dom/bindings/DOMJSProxyHandler.cpp
@@ -100,16 +100,19 @@ CheckExpandoAndGeneration(JSObject* prox
 static inline void
 CheckDOMProxy(JSObject* proxy)
 {
 #ifdef DEBUG
   MOZ_ASSERT(IsDOMProxy(proxy), "expected a DOM proxy object");
   MOZ_ASSERT(!js::gc::EdgeNeedsSweepUnbarriered(&proxy));
   nsISupports* native = UnwrapDOMObject<nsISupports>(proxy);
   nsWrapperCache* cache;
+  // QI to nsWrapperCache cannot GC for very non-obvious reasons; see
+  // https://searchfox.org/mozilla-central/rev/55da592d85c2baf8d8818010c41d9738c97013d2/js/xpconnect/src/XPCWrappedJSClass.cpp#521,545-548
+  JS::AutoSuppressGCAnalysis nogc;
   CallQueryInterface(native, &cache);
   MOZ_ASSERT(cache->GetWrapperPreserveColor() == proxy);
 #endif
 }
 
 // static
 JSObject*
 DOMProxyHandler::GetAndClearExpandoObject(JSObject* obj)
--- a/dom/serviceworkers/ServiceWorkerContainer.cpp
+++ b/dom/serviceworkers/ServiceWorkerContainer.cpp
@@ -82,21 +82,21 @@ ServiceWorkerContainer::IsEnabled(JSCont
   if (!StaticPrefs::dom_serviceWorkers_enabled()) {
     return false;
   }
 
   if (IsInPrivateBrowsing(aCx)) {
     return false;
   }
 
-  if (IsSecureContextOrObjectIsFromSecureContext(aCx, aGlobal)) {
+  if (IsSecureContextOrObjectIsFromSecureContext(aCx, global)) {
     return true;
   }
 
-  const bool isTestingEnabledInWindow = IsServiceWorkersTestingEnabledInWindow(aGlobal);
+  const bool isTestingEnabledInWindow = IsServiceWorkersTestingEnabledInWindow(global);
   const bool isTestingEnabledByPref = StaticPrefs::dom_serviceWorkers_testing_enabled();
   const bool isTestingEnabled = isTestingEnabledByPref || isTestingEnabledInWindow;
 
   return isTestingEnabled;
 }
 
 // static
 already_AddRefed<ServiceWorkerContainer>