Bug 1499177 - Fix rooting hazard between return value and destructor in structured clone test function, r=perry
authorSteve Fink <sfink@mozilla.com>
Mon, 15 Oct 2018 12:41:28 -0700
changeset 500000 bc4d8d0bf57555a39cf825c91c82fea0843072bc
parent 499999 5687061cc8320ab2f339766cb1cf0c0877deee72
child 500001 57b0208b6a7809a487584f128eced32eb99c16d4
push id1864
push userffxbld-merge
push dateMon, 03 Dec 2018 15:51:40 +0000
treeherdermozilla-release@f040763d99ad [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersperry
bugs1499177
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1499177 - Fix rooting hazard between return value and destructor in structured clone test function, r=perry
dom/base/StructuredCloneTester.cpp
--- a/dom/base/StructuredCloneTester.cpp
+++ b/dom/base/StructuredCloneTester.cpp
@@ -71,33 +71,34 @@ StructuredCloneTester::ReadStructuredClo
   }
 
   nsIGlobalObject* global = xpc::CurrentNativeGlobal(aCx);
 
   if (NS_WARN_IF(!global)) {
     return nullptr;
   }
 
-  // Prevent the return value from being trashed by a GC during ~nsRefPtr
-  JS::RootedObject result(aCx);
+  // Prevent the return value from being trashed by a GC during ~RefPtr
+  JS::Rooted<JSObject*> result(aCx);
+  {
+    RefPtr<StructuredCloneTester> sct = new StructuredCloneTester(
+      global,
+      static_cast<bool>(serializable),
+      static_cast<bool>(deserializable)
+    );
 
-  RefPtr<StructuredCloneTester> sct = new StructuredCloneTester(
-    global,
-    static_cast<bool>(serializable),
-    static_cast<bool>(deserializable)
-  );
+    // "Fail" deserialization
+    if (!sct->Deserializable()) {
+      xpc::Throw(aCx, NS_ERROR_DOM_DATA_CLONE_ERR);
+      return nullptr;
+    }
 
-  // "Fail" deserialization
-  if (!sct->Deserializable()) {
-    xpc::Throw(aCx, NS_ERROR_DOM_DATA_CLONE_ERR);
-    return nullptr;
+    result = sct->WrapObject(aCx, nullptr);
   }
 
-  result = sct->WrapObject(aCx, nullptr);
-
   return result;
 }
 
 bool
 StructuredCloneTester::WriteStructuredClone(JSStructuredCloneWriter* aWriter) const
 {
   return JS_WriteUint32Pair(aWriter, SCTAG_DOM_STRUCTURED_CLONE_TESTER, 0) &&
          JS_WriteUint32Pair(aWriter, static_cast<uint32_t>(Serializable()),