[gjs] context: Empty heap wrapper after removing tracer

From: Philip Chimento <pchimento src gnome org>
To: commits-list gnome org
Cc:
Subject: [gjs] context: Empty heap wrapper after removing tracer
Date: Thu, 26 Jan 2017 23:32:50 +0000 (UTC)

commit d857b26a3468543e6bcceb4308b541592351beca
Author: Philip Chimento <philip endlessm com>
Date:   Fri Jan 20 15:00:24 2017 -0800

    context: Empty heap wrapper after removing tracer
    
    This did not break before, but in SpiderMonkey 38 not doing this is more
    likely to cause crashes because the pointer stored in the JS::Heap
    wrapper is more likely to become invalid once it is no longer traced.
    This would crash under SpiderMonkey 38 when executing JS::Heap's
    destructor, so we should instead empty out the wrapper after removing the
    tracer.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=776966

 gjs/context.cpp |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/gjs/context.cpp b/gjs/context.cpp
index 93ea8e8..2a52e06 100644
--- a/gjs/context.cpp
+++ b/gjs/context.cpp
@@ -419,6 +419,7 @@ gjs_context_dispose(GObject *object)
 
         JS_RemoveExtraGCRootsTracer(js_context->runtime, gjs_context_tracer,
                                     js_context);
+        js_context->global = NULL;
 
         /* Tear down JS */
         JS_DestroyContext(js_context->context);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]