Bug 1522817 - Always expose returned target object of wrapper r=sfink a=pascalc
The comment here talks about unmarking wrapper targets in case we're in incremental GC, but it does it conditially based on the color of the wrapper. We can't depend on that because a wrapper marked gray may eventually be marked black. Also, I don't think we should be touching gray wrappers anyway. Let's just always expose here.
Differential Revision:
https://phabricator.services.mozilla.com/D29211
--- a/js/src/proxy/Wrapper.cpp
+++ b/js/src/proxy/Wrapper.cpp
@@ -305,19 +305,17 @@ JSObject* Wrapper::wrappedObject(JSObjec
if (!wrapper->runtimeFromMainThread()->gc.isIncrementalGCInProgress() &&
wrapper->isMarkedBlack()) {
JS::AssertObjectIsNotGray(target);
}
#endif
// Unmark wrapper targets that should be black in case an incremental GC
// hasn't marked them the correct color yet.
- if (!wrapper->isMarkedGray()) {
- JS::ExposeObjectToActiveJS(target);
- }
+ JS::ExposeObjectToActiveJS(target);
}
return target;
}
JS_FRIEND_API JSObject* js::UncheckedUnwrapWithoutExpose(JSObject* wrapped) {
while (true) {
if (!wrapped->is<WrapperObject>() || MOZ_UNLIKELY(IsWindowProxy(wrapped))) {