Bug 941766 - Fix an exact rooting hazard in NPAPI; r=johns
authorTerrence Cole <terrence@mozilla.com>
Fri, 06 Dec 2013 13:52:13 -0800
changeset 174988 d8d1d24d789370fe4d26ef95b7b1e3899bc44aff
parent 174987 d441322e0ad02abed87ae31fe9b249bf92b0d8d6
child 174989 1e7ec87921a571c99a4627da9f50dcee3b580112
push id445
push userffxbld
push dateMon, 10 Mar 2014 22:05:19 +0000
treeherdermozilla-release@dc38b741b04e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjohns
bugs941766
milestone28.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 941766 - Fix an exact rooting hazard in NPAPI; r=johns
dom/plugins/base/nsJSNPRuntime.cpp
--- a/dom/plugins/base/nsJSNPRuntime.cpp
+++ b/dom/plugins/base/nsJSNPRuntime.cpp
@@ -1002,21 +1002,18 @@ nsJSObjWrapper::GetNewOrUsed(NPP npp, JS
     // No hash yet (or any more), initialize it.
     if (!sJSObjWrappers.init(16)) {
       NS_ERROR("Error initializing PLDHashTable!");
 
       return nullptr;
     }
   }
 
-  nsJSObjWrapperKey key(obj, npp);
-
-  JSObjWrapperTable::AddPtr p = sJSObjWrappers.lookupForAdd(key);
-
-  if (p/* && p->value()*/) {
+  JSObjWrapperTable::Ptr p = sJSObjWrappers.lookupForAdd(nsJSObjWrapperKey(obj, npp));
+  if (p) {
     MOZ_ASSERT(p->value());
     // Found a live nsJSObjWrapper, return it.
 
     return _retainobject(p->value());
   }
 
   // No existing nsJSObjWrapper, create one.
 
@@ -1025,17 +1022,18 @@ nsJSObjWrapper::GetNewOrUsed(NPP npp, JS
 
   if (!wrapper) {
     // Out of memory, entry not yet added to table.
     return nullptr;
   }
 
   wrapper->mJSObj = obj;
 
-  if (!sJSObjWrappers.add(p, key, wrapper)) {
+  nsJSObjWrapperKey key(obj, npp);
+  if (!sJSObjWrappers.putNew(key, wrapper)) {
     // Out of memory, free the wrapper we created.
     _releaseobject(wrapper);
     return nullptr;
   }
 
   NS_ASSERTION(wrapper->mNpp == npp, "nsJSObjWrapper::mNpp not initialized!");
 
   // Root the JSObject, its lifetime is now tied to that of the