Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/750e4cfc90f8 Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233152 # HG changeset patch # User Jan de Mooij # Date 1451478493 -3600 # Node ID 750e4cfc90f80df657e44c9c63b1865023d88682 # Parent 93617c30c0df35f719dead526b78649d564f5ac3 Bug 1233152 - Use PersistentRooted for ParseTask script and sourceObject. r=terrence a=abillings diff --git a/js/src/vm/HelperThreads.cpp b/js/src/vm/HelperThreads.cpp --- a/js/src/vm/HelperThreads.cpp +++ b/js/src/vm/HelperThreads.cpp @@ -198,17 +198,17 @@ static const JSClass parseTaskGlobalClas ParseTask::ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal, JSContext* initCx, const char16_t* chars, size_t length, JS::OffThreadCompileCallback callback, void* callbackData) : cx(cx), options(initCx), chars(chars), length(length), alloc(JSRuntime::TEMP_LIFO_ALLOC_PRIMARY_CHUNK_SIZE), exclusiveContextGlobal(initCx, exclusiveContextGlobal), callback(callback), callbackData(callbackData), - script(nullptr), errors(cx), overRecursed(false) + script(initCx->runtime(), nullptr), errors(cx), overRecursed(false) { } bool ParseTask::init(JSContext* cx, const ReadOnlyCompileOptions& options) { if (!this->options.copy(cx, options)) return false; diff --git a/js/src/vm/HelperThreads.h b/js/src/vm/HelperThreads.h --- a/js/src/vm/HelperThreads.h +++ b/js/src/vm/HelperThreads.h @@ -472,17 +472,17 @@ struct ParseTask // Callback invoked off the main thread when the parse finishes. JS::OffThreadCompileCallback callback; void* callbackData; // Holds the final script between the invocation of the callback and the // point where FinishOffThreadScript is called, which will destroy the // ParseTask. - JSScript* script; + PersistentRootedScript script; // Any errors or warnings produced during compilation. These are reported // when finishing the script. Vector errors; bool overRecursed; ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal, JSContext* initCx, const char16_t* chars, size_t length,