128857 2014-02-14 17:06:29 -0800 [JSManagedValue value] needs to be protected by the API lock 2014-02-14 17:22:48 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mhahnenberg mhahnenberg oldest_to_newest 981042 0 mhahnenberg 2014-02-14 17:06:29 -0800 It needs to be because on 32-bit systems we can allocate new JS objects, and allocation always needs to be protected by the lock. Additionally, there were a number of race conditions when loading the JSGlobalObject from the Weak<> field of the JSManagedValue in order to get the JSContext. The fix is to store a RefPtr<JSLock> in the JSManagedValue. The JSLock already stores a weak pointer to its corresponding VM, so this avoids a reference cycle. First we'll lock the JSLock, then check its VM pointer. If it's invalid, return nil. If it's valid, proceed as normal after initiating an APIEntryShim. 981044 1 224266 mhahnenberg 2014-02-14 17:13:37 -0800 Created attachment 224266 Patch 981045 2 224266 mark.lam 2014-02-14 17:19:40 -0800 Comment on attachment 224266 Patch r=me 981046 3 mhahnenberg 2014-02-14 17:22:48 -0800 Committed r164147: <http://trac.webkit.org/changeset/164147> 224266 2014-02-14 17:13:37 -0800 2014-02-14 17:19:40 -0800 Patch bug-128857-20140214171326.patch text/plain 4451 mhahnenberg SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTY0MTQ2KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIwIEBA CisyMDE0LTAyLTE0ICBNYXJrIEhhaG5lbmJlcmcgIDxtaGFobmVuYmVyZ0BhcHBsZS5jb20+CisK KyAgICAgICAgLVtKU01hbmFnZWRWYWx1ZSB2YWx1ZV0gbmVlZHMgdG8gYmUgcHJvdGVjdGVkIGJ5 IHRoZSBBUEkgbG9jaworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5j Z2k/aWQ9MTI4ODU3CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAg ICAgICAgKiBBUEkvQVBJQ2FzdC5oOgorICAgICAgICAodG9SZWYpOiBBZGRlZCBhbiBBU1NFUlQg c28gdGhhdCB3ZSBjYW4gZGV0ZWN0IHRoZXNlIHNvcnRzIG9mIGVycm9ycyBlYXJsaWVyLiBPbiAz Mi1iaXQgdG9SZWYKKyAgICAgICAgY2FuIGFsbG9jYXRlIG9iamVjdHMgc28gd2UgbmVlZCB0byBi ZSBob2xkaW5nIHRoZSBsb2NrLgorICAgICAgICAqIEFQSS9BUElTaGltcy5oOiBSZW1vdmVkIG91 dGRhdGVkIGNvbW1lbnRzLgorICAgICAgICAqIEFQSS9KU01hbmFnZWRWYWx1ZS5tbTogQWRkZWQg UmVmUHRyPEpTTG9jaz4gdG8gSlNNYW5hZ2VkVmFsdWUuCisgICAgICAgICgtW0pTTWFuYWdlZFZh bHVlIGluaXRXaXRoVmFsdWU6XSk6IEluaXRpYWxpemUgdGhlIG1fbG9jayBmaWVsZC4KKyAgICAg ICAgKC1bSlNNYW5hZ2VkVmFsdWUgdmFsdWVdKTogTG9jayB0aGUgSlNMb2NrLCBjaGVjayB0aGUg Vk0qLCByZXR1cm4gbmlsIGlmIGludmFsaWQsIHRha2UgdGhlIEFQSUVudHJ5U2hpbSBvdGhlcndp c2UuCisgICAgICAgICogcnVudGltZS9KU0xvY2suY3BwOiBCdWcgZml4IGluIEpTTG9jay4gV2Ug d2VyZSBhc3N1bWluZyB0aGF0IHRoZSBWTSB3YXMgYWx3YXlzIG5vbi1udWxsIGluIEpTTG9jazo6 bG9jay4KKyAgICAgICAgKEpTQzo6SlNMb2NrOjpsb2NrKToKKwogMjAxNC0wMi0xNCAgT2xpdmVy IEh1bnQgIDxvbGl2ZXJAYXBwbGUuY29tPgogCiAgICAgICAgIEltcGxlbWVudCBhIGZldyBtb3Jl IEFycmF5IHByb3RvdHlwZSBmdW5jdGlvbnMgaW4gSlMKSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0 Q29yZS9BUEkvQVBJQ2FzdC5oCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9B UEkvQVBJQ2FzdC5oCShyZXZpc2lvbiAxNjQxMzcpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUv QVBJL0FQSUNhc3QuaAkod29ya2luZyBjb3B5KQpAQCAtMTI0LDYgKzEyNCw3IEBAIGlubGluZSBK U0M6OlZNKiB0b0pTKEpTQ29udGV4dEdyb3VwUmVmIGcKIAogaW5saW5lIEpTVmFsdWVSZWYgdG9S ZWYoSlNDOjpFeGVjU3RhdGUqIGV4ZWMsIEpTQzo6SlNWYWx1ZSB2KQogeworICAgIEFTU0VSVChl eGVjLT52bSgpLmN1cnJlbnRUaHJlYWRJc0hvbGRpbmdBUElMb2NrKCkpOwogI2lmIFVTRShKU1ZB TFVFMzJfNjQpCiAgICAgaWYgKCF2KQogICAgICAgICByZXR1cm4gMDsKSW5kZXg6IFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9BUEkvQVBJU2hpbXMuaAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNj cmlwdENvcmUvQVBJL0FQSVNoaW1zLmgJKHJldmlzaW9uIDE2NDEzNykKKysrIFNvdXJjZS9KYXZh U2NyaXB0Q29yZS9BUEkvQVBJU2hpbXMuaAkod29ya2luZyBjb3B5KQpAQCAtNTYsMTQgKzU2LDEy IEBAIHByb3RlY3RlZDoKIAogY2xhc3MgQVBJRW50cnlTaGltIDogcHVibGljIEFQSUVudHJ5U2hp bVdpdGhvdXRMb2NrIHsKIHB1YmxpYzoKLSAgICAvLyBOb3JtYWwgQVBJIGVudHJ5CiAgICAgQVBJ RW50cnlTaGltKEV4ZWNTdGF0ZSogZXhlYywgYm9vbCByZWdpc3RlclRocmVhZCA9IHRydWUpCiAg ICAgICAgIDogQVBJRW50cnlTaGltV2l0aG91dExvY2soJmV4ZWMtPnZtKCksIHJlZ2lzdGVyVGhy ZWFkKQogICAgICAgICAsIG1fbG9ja0hvbGRlcihleGVjLT52bSgpLmV4Y2x1c2l2ZVRocmVhZCA/ IDAgOiBleGVjKQogICAgIHsKICAgICB9CiAKLSAgICAvLyBKU1Byb3BlcnR5TmFtZUFjY3VtdWxh dG9yIG9ubHkgaGFzIGEgdm0uCiAgICAgQVBJRW50cnlTaGltKFZNKiB2bSwgYm9vbCByZWdpc3Rl clRocmVhZCA9IHRydWUpCiAgICAgICAgIDogQVBJRW50cnlTaGltV2l0aG91dExvY2sodm0sIHJl Z2lzdGVyVGhyZWFkKQogICAgICAgICAsIG1fbG9ja0hvbGRlcih2bS0+ZXhjbHVzaXZlVGhyZWFk ID8gMCA6IHZtKQpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL0FQSS9KU01hbmFnZWRWYWx1 ZS5tbQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvQVBJL0pTTWFuYWdlZFZh bHVlLm1tCShyZXZpc2lvbiAxNjQxMzcpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvQVBJL0pT TWFuYWdlZFZhbHVlLm1tCSh3b3JraW5nIGNvcHkpCkBAIC0zMCw2ICszMCw3IEBACiAjaWYgSlND X09CSkNfQVBJX0VOQUJMRUQKIAogI2ltcG9ydCAiQVBJQ2FzdC5oIgorI2ltcG9ydCAiQVBJU2hp bXMuaCIKICNpbXBvcnQgIkhlYXAuaCIKICNpbXBvcnQgIkpTQ29udGV4dEludGVybmFsLmgiCiAj aW1wb3J0ICJKU1ZhbHVlSW50ZXJuYWwuaCIKQEAgLTE2OCw2ICsxNjksNyBAQCBwcml2YXRlOgog CiBAaW1wbGVtZW50YXRpb24gSlNNYW5hZ2VkVmFsdWUgewogICAgIEpTQzo6V2VhazxKU0M6OkpT R2xvYmFsT2JqZWN0PiBtX2dsb2JhbE9iamVjdDsKKyAgICBSZWZQdHI8SlNDOjpKU0xvY2s+IG1f bG9jazsKICAgICBXZWFrVmFsdWVSZWYgbV93ZWFrVmFsdWU7CiAgICAgTlNNYXBUYWJsZSAqbV9v d25lcnM7CiB9CkBAIC0yMDMsNiArMjA1LDggQEAgLSAoaW5zdGFuY2V0eXBlKWluaXRXaXRoVmFs dWU6KEpTVmFsdWUgKgogICAgIEpTQzo6V2VhazxKU0M6OkpTR2xvYmFsT2JqZWN0PiB3ZWFrKGds b2JhbE9iamVjdCwgbWFuYWdlZFZhbHVlSGFuZGxlT3duZXIoKSwgc2VsZik7CiAgICAgbV9nbG9i YWxPYmplY3Quc3dhcCh3ZWFrKTsKIAorICAgIG1fbG9jayA9ICZleGVjLT52bSgpLmFwaUxvY2so KTsKKwogICAgIE5TUG9pbnRlckZ1bmN0aW9uc09wdGlvbnMgd2Vha0lET3B0aW9ucyA9IE5TUG9p bnRlckZ1bmN0aW9uc1dlYWtNZW1vcnkgfCBOU1BvaW50ZXJGdW5jdGlvbnNPYmplY3RQZXJzb25h bGl0eTsKICAgICBOU1BvaW50ZXJGdW5jdGlvbnNPcHRpb25zIGludGVnZXJPcHRpb25zID0gTlNQ b2ludGVyRnVuY3Rpb25zT3BhcXVlTWVtb3J5IHwgTlNQb2ludGVyRnVuY3Rpb25zSW50ZWdlclBl cnNvbmFsaXR5OwogICAgIG1fb3duZXJzID0gW1tOU01hcFRhYmxlIGFsbG9jXSBpbml0V2l0aEtl eU9wdGlvbnM6d2Vha0lET3B0aW9ucyB2YWx1ZU9wdGlvbnM6aW50ZWdlck9wdGlvbnMgY2FwYWNp dHk6MV07CkBAIC0yNTgsNiArMjYyLDExIEBAIC0gKHZvaWQpZGlkUmVtb3ZlT3duZXI6KGlkKW93 bmVyCiAKIC0gKEpTVmFsdWUgKil2YWx1ZQogeworICAgIFdURjo6TG9ja2VyPEpTQzo6SlNMb2Nr PiBsb2NrZXIobV9sb2NrLmdldCgpKTsKKyAgICBpZiAoIW1fbG9jay0+dm0oKSkKKyAgICAgICAg cmV0dXJuIG5pbDsKKworICAgIEpTQzo6QVBJRW50cnlTaGltIHNoaW0obV9sb2NrLT52bSgpKTsK ICAgICBpZiAoIW1fZ2xvYmFsT2JqZWN0KQogICAgICAgICByZXR1cm4gbmlsOwogICAgIGlmICht X3dlYWtWYWx1ZS5pc0NsZWFyKCkpCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGlt ZS9KU0xvY2suY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1l L0pTTG9jay5jcHAJKHJldmlzaW9uIDE2NDEzNykKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9y dW50aW1lL0pTTG9jay5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTEyMSw2ICsxMjEsOSBAQCB2b2lk IEpTTG9jazo6bG9jayhpbnRwdHJfdCBsb2NrQ291bnQpCiAgICAgQVNTRVJUKCFtX2xvY2tDb3Vu dCk7CiAgICAgbV9sb2NrQ291bnQgPSBsb2NrQ291bnQ7CiAKKyAgICBpZiAoIW1fdm0pCisgICAg ICAgIHJldHVybjsKKwogICAgIFdURlRocmVhZERhdGEmIHRocmVhZERhdGEgPSB3dGZUaHJlYWRE YXRhKCk7CiAKICAgICBSRUxFQVNFX0FTU0VSVCghbV92bS0+c3RhY2tQb2ludGVyQXRWTUVudHJ5 KCkpOwo=