From 04b113155e70f42d60f013655ffc7df387e3b51b Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@python.org>
Date: Wed, 24 Oct 2012 13:51:28 -0700
Subject: [PATCH] Bug 804558 - Make JSScript::loadSource GC-safe. r=terrence

---
 js/src/jsfun.cpp    | 11 +++++++----
 js/src/jsscript.cpp | 12 ++++++------
 js/src/jsscript.h   |  2 +-
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/js/src/jsfun.cpp b/js/src/jsfun.cpp
index 22252b104bad..93257ab01f58 100644
--- a/js/src/jsfun.cpp
+++ b/js/src/jsfun.cpp
@@ -620,8 +620,12 @@ JSString *
 js::FunctionToString(JSContext *cx, HandleFunction fun, bool bodyOnly, bool lambdaParen)
 {
     StringBuffer out(cx);
+    RootedScript script(cx);
 
-    if (fun->isInterpreted() && fun->script()->isGeneratorExp) {
+    if (fun->isInterpreted())
+        script = fun->script();
+
+    if (fun->isInterpreted() && script->isGeneratorExp) {
         if ((!bodyOnly && !out.append("function genexp() {")) ||
             !out.append("\n    [generator expression]\n") ||
             (!bodyOnly && !out.append("}"))) {
@@ -643,13 +647,12 @@ js::FunctionToString(JSContext *cx, HandleFunction fun, bool bodyOnly, bool lamb
         }
     }
     bool haveSource = fun->isInterpreted() && !fun->isSelfHostedBuiltin();
-    if (haveSource && !fun->script()->scriptSource()->hasSourceData() &&
-        !fun->script()->loadSource(cx, &haveSource))
+    if (haveSource && !script->scriptSource()->hasSourceData() &&
+        !JSScript::loadSource(cx, script, &haveSource))
     {
         return NULL;
     }
     if (haveSource) {
-        RootedScript script(cx, fun->script());
         RootedString srcStr(cx, script->sourceData(cx));
         if (!srcStr)
             return NULL;
diff --git a/js/src/jsscript.cpp b/js/src/jsscript.cpp
index b5fb1ad709d7..2990f1aed1b7 100644
--- a/js/src/jsscript.cpp
+++ b/js/src/jsscript.cpp
@@ -1041,20 +1041,20 @@ JSScript::setScriptSource(ScriptSource *ss)
     scriptSource_ = ss;
 }
 
-bool
-JSScript::loadSource(JSContext *cx, bool *worked)
+/* static */ bool
+JSScript::loadSource(JSContext *cx, HandleScript script, bool *worked)
 {
-    JS_ASSERT(!scriptSource_->hasSourceData());
+    JS_ASSERT(!script->scriptSource_->hasSourceData());
     *worked = false;
-    if (!cx->runtime->sourceHook || !scriptSource_->sourceRetrievable())
+    if (!cx->runtime->sourceHook || !script->scriptSource_->sourceRetrievable())
         return true;
     jschar *src = NULL;
     uint32_t length;
-    if (!cx->runtime->sourceHook(cx, this, &src, &length))
+    if (!cx->runtime->sourceHook(cx, script, &src, &length))
         return false;
     if (!src)
         return true;
-    ScriptSource *ss = scriptSource();
+    ScriptSource *ss = script->scriptSource();
     ss->setSource(src, length);
     *worked = true;
     return true;
diff --git a/js/src/jsscript.h b/js/src/jsscript.h
index 91633efa2953..108219bf29df 100644
--- a/js/src/jsscript.h
+++ b/js/src/jsscript.h
@@ -575,7 +575,7 @@ struct JSScript : public js::gc::Cell
 
     JSFlatString *sourceData(JSContext *cx);
 
-    bool loadSource(JSContext *cx, bool *worked);
+    static bool loadSource(JSContext *cx, js::HandleScript scr, bool *worked);
 
     js::ScriptSource *scriptSource() {
         return scriptSource_;