[gjs/wip/ptomato/mozjs38: 6/26] context: Empty heap wrapper after removing tracer

From: Philip Chimento <pchimento src gnome org>
To: commits-list gnome org
Cc:
Subject: [gjs/wip/ptomato/mozjs38: 6/26] context: Empty heap wrapper after removing tracer
Date: Tue, 24 Jan 2017 02:33:24 +0000 (UTC)

commit 8b269a9afe756bf19f09e9270c527f1a89b1daaa
Author: Philip Chimento <philip endlessm com>
Date:   Fri Jan 20 15:00:24 2017 -0800

    context: Empty heap wrapper after removing tracer
    
    This did not break before, but in SpiderMonkey 38 not doing this is more
    likely to cause crashes because the pointer stored in the JS::Heap
    wrapper is more likely to become invalid once it is no longer traced.
    This would crash under SpiderMonkey 38 when executing JS::Heap's
    destructor, so we should instead empty out the wrapper after removing the
    tracer.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=776966

 gjs/context.cpp |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/gjs/context.cpp b/gjs/context.cpp
index 35693d8..dcade98 100644
--- a/gjs/context.cpp
+++ b/gjs/context.cpp
@@ -407,6 +407,7 @@ gjs_context_dispose(GObject *object)
 
         JS_RemoveExtraGCRootsTracer(js_context->runtime, gjs_context_tracer,
                                     js_context);
+        js_context->global = NULL;
 
         /* Tear down JS */
         JS_DestroyContext(js_context->context);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]