Fix dictionary-mode scope property node alloc to happen inside rt->gcLock (538307, r=jorendorff).
authorBrendan Eich <brendan@mozilla.org>
Wed, 03 Mar 2010 17:14:20 -0800
changeset 39418 89aad519e0505234b43c175cf6a957b352cc1137
parent 39417 671b658375d4d924864dd54943d5cfe30040f623
child 39419 fcd3ffeb34ef22d94ca055fe6a312b848d6de005
push idunknown
push userunknown
push dateunknown
reviewersjorendorff
bugs538307
milestone1.9.3a3pre
Fix dictionary-mode scope property node alloc to happen inside rt->gcLock (538307, r=jorendorff).
js/src/jsscope.cpp
--- a/js/src/jsscope.cpp
+++ b/js/src/jsscope.cpp
@@ -1092,17 +1092,19 @@ JSScope::generateOwnShape(JSContext *cx)
     shape = js_GenerateShape(cx, false);
     setOwnShape();
 }
 
 JSScopeProperty *
 JSScope::newDictionaryProperty(JSContext *cx, const JSScopeProperty &child,
                                JSScopeProperty **childp)
 {
+    JS_LOCK_GC(cx->runtime);
     JSScopeProperty *dprop = NewScopeProperty(cx->runtime);
+    JS_UNLOCK_GC(cx->runtime);
     if (!dprop) {
         JS_ReportOutOfMemory(cx);
         return NULL;
     }
 
     dprop->id = child.id;
     dprop->getter = child.getter;
     dprop->setter = child.setter;