Commit d92e78f4 authored by Nicolas B. Pierron's avatar Nicolas B. Pierron
Browse files

Bug 1743449 part 1 - Add assertion to avoid mixing UniquePtr with RefPtr. r=arai 

RefPtr<CompilationStencil> would be used for caching the result of compilation
which might be reused by other functions inside SpiderMonkey. However, many
compilation functions are returning UniquePtr<CompilationStencil>.

Converting a RefPtr<..> to a UniquePtr<..>, when the ref-count is not equal to
1, or when the value still exists in a cache will cause some UAF. This assertion
prevents such mistake to happen in future patches.

Differential Revision: https://phabricator.services.mozilla.com/D132694
parent a5e210a5

js/src/frontend/CompilationStencil.h

+7 −0
Original line number Diff line number Diff line
@@ -1146,6 +1146,13 @@ struct CompilationStencil { 
  CompilationStencil(CompilationStencil&&) = delete;

  CompilationStencil& operator=(const CompilationStencil&) = delete;

  CompilationStencil& operator=(CompilationStencil&&) = delete;

#ifdef DEBUG

  ~CompilationStencil() {

    // We can mix UniquePtr<..> and RefPtr<..>. This asserts that a UniquePtr

    // does not delete a reference-counted stencil.

    MOZ_ASSERT(!refCount);

  }

#endif



  static inline ScriptStencilIterable functionScriptStencils(

      const CompilationStencil& stencil, CompilationGCOutput& gcOutput);