Fixing rtm++ bug 54121. Make sure to unroot the JS object before setting the script object to null to avoid referencing deleted memory later on in the GC. Thanks to sean@beatnik.com for testing and helping with the patch. a=waterson, r=brendan

This commit is contained in:
jst%netscape.com 2000-10-17 21:19:26 +00:00
Родитель 0f6d661c05
Коммит 1bc2495bff
2 изменённых файлов: 16 добавлений и 0 удалений

Просмотреть файл

@ -348,6 +348,14 @@ nsHTMLEmbedElement::GetScriptObject(nsIScriptContext* aContext,
// don't cache it so that the next call can get the correct script object // don't cache it so that the next call can get the correct script object
// if the plugin instance is available at the next call. // if the plugin instance is available at the next call.
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
if (mInner.mDocument) {
// Since we're resetting the script object to null we'll remove the
// reference to it so that we won't add the same named reference
// again the next time someone requests the script object.
aContext->RemoveReference((void *)&mInner.mDOMSlots->mScriptObject,
mInner.mDOMSlots->mScriptObject);
}
mInner.SetScriptObject(nsnull); mInner.SetScriptObject(nsnull);
*aScriptObject = elementObject; *aScriptObject = elementObject;

Просмотреть файл

@ -348,6 +348,14 @@ nsHTMLEmbedElement::GetScriptObject(nsIScriptContext* aContext,
// don't cache it so that the next call can get the correct script object // don't cache it so that the next call can get the correct script object
// if the plugin instance is available at the next call. // if the plugin instance is available at the next call.
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
if (mInner.mDocument) {
// Since we're resetting the script object to null we'll remove the
// reference to it so that we won't add the same named reference
// again the next time someone requests the script object.
aContext->RemoveReference((void *)&mInner.mDOMSlots->mScriptObject,
mInner.mDOMSlots->mScriptObject);
}
mInner.SetScriptObject(nsnull); mInner.SetScriptObject(nsnull);
*aScriptObject = elementObject; *aScriptObject = elementObject;