mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-15 07:27:48 -05:00
8830740643
* gnu/packages/patches/icecat-CVE-2015-0822.patch, gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch, gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch, gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch, gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch, gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
89 lines
3.1 KiB
Diff
89 lines
3.1 KiB
Diff
From 97ba04bf95606b409b1b3035504a41c274ecffe2 Mon Sep 17 00:00:00 2001
|
|
From: Shu-yu Guo <shu@rfrn.org>
|
|
Date: Mon, 26 Jan 2015 18:26:25 -0800
|
|
Subject: [PATCH] Bug 1119579 - Don't GC while iterating compartments in
|
|
findAllGlobals. r=sfink, a=abillings
|
|
|
|
---
|
|
js/src/vm/Debugger.cpp | 56 ++++++++++++++++++++++++++++++--------------------
|
|
1 file changed, 34 insertions(+), 22 deletions(-)
|
|
|
|
diff --git a/js/src/vm/Debugger.cpp b/js/src/vm/Debugger.cpp
|
|
index 27e993d..a8decef 100644
|
|
--- a/js/src/vm/Debugger.cpp
|
|
+++ b/js/src/vm/Debugger.cpp
|
|
@@ -2825,37 +2825,49 @@ Debugger::findAllGlobals(JSContext *cx, unsigned argc, Value *vp)
|
|
{
|
|
THIS_DEBUGGER(cx, argc, vp, "findAllGlobals", args, dbg);
|
|
|
|
- RootedObject result(cx, NewDenseEmptyArray(cx));
|
|
- if (!result)
|
|
- return false;
|
|
+ AutoObjectVector globals(cx);
|
|
|
|
- for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) {
|
|
- if (c->options().invisibleToDebugger())
|
|
- continue;
|
|
+ {
|
|
+ // Accumulate the list of globals before wrapping them, because
|
|
+ // wrapping can GC and collect compartments from under us, while
|
|
+ // iterating.
|
|
|
|
- c->zone()->scheduledForDestruction = false;
|
|
+ for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) {
|
|
+ if (c->options().invisibleToDebugger())
|
|
+ continue;
|
|
|
|
- GlobalObject *global = c->maybeGlobal();
|
|
+ c->zone()->scheduledForDestruction = false;
|
|
|
|
- if (cx->runtime()->isSelfHostingGlobal(global))
|
|
- continue;
|
|
+ GlobalObject *global = c->maybeGlobal();
|
|
|
|
- if (global) {
|
|
- /*
|
|
- * We pulled |global| out of nowhere, so it's possible that it was
|
|
- * marked gray by XPConnect. Since we're now exposing it to JS code,
|
|
- * we need to mark it black.
|
|
- */
|
|
- JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT);
|
|
+ if (cx->runtime()->isSelfHostingGlobal(global))
|
|
+ continue;
|
|
|
|
- RootedValue globalValue(cx, ObjectValue(*global));
|
|
- if (!dbg->wrapDebuggeeValue(cx, &globalValue))
|
|
- return false;
|
|
- if (!NewbornArrayPush(cx, result, globalValue))
|
|
- return false;
|
|
+ if (global) {
|
|
+ /*
|
|
+ * We pulled |global| out of nowhere, so it's possible that it was
|
|
+ * marked gray by XPConnect. Since we're now exposing it to JS code,
|
|
+ * we need to mark it black.
|
|
+ */
|
|
+ JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT);
|
|
+ if (!globals.append(global))
|
|
+ return false;
|
|
+ }
|
|
}
|
|
}
|
|
|
|
+ RootedObject result(cx, NewDenseEmptyArray(cx));
|
|
+ if (!result)
|
|
+ return false;
|
|
+
|
|
+ for (size_t i = 0; i < globals.length(); i++) {
|
|
+ RootedValue globalValue(cx, ObjectValue(*globals[i]));
|
|
+ if (!dbg->wrapDebuggeeValue(cx, &globalValue))
|
|
+ return false;
|
|
+ if (!NewbornArrayPush(cx, result, globalValue))
|
|
+ return false;
|
|
+ }
|
|
+
|
|
args.rval().setObject(*result);
|
|
return true;
|
|
}
|
|
--
|
|
2.2.1
|
|
|