[webkit-changes] [253624] trunk/Source/JavaScriptCore

[carlosgc]

Title: [253624] trunk/Source/_javascript_Core

Revision

253624

Author

carlo...@webkit.org

Date

2019-12-17 06:13:13 -0800 (Tue, 17 Dec 2019)

Log Message

[GLIB] jsc_context_evaluate_in_object should take the API lock before calling setGlobalScopeExtension
https://bugs.webkit.org/show_bug.cgi?id=205331

Reviewed by Žan Doberšek.

We are now getting a crash due to an assert because the api lock is not held.

* API/glib/JSCContext.cpp:
(jsc_context_evaluate_in_object):

Modified Paths

• trunk/Source/_javascript_Core/API/glib/JSCContext.cpp
• trunk/Source/_javascript_Core/ChangeLog

Diff

Modified: trunk/Source/_javascript_Core/API/glib/JSCContext.cpp (253623 => 253624)

--- trunk/Source/_javascript_Core/API/glib/JSCContext.cpp	2019-12-17 14:09:54 UTC (rev 253623)
+++ trunk/Source/_javascript_Core/API/glib/JSCContext.cpp	2019-12-17 14:13:13 UTC (rev 253624)
@@ -894,8 +894,8 @@
         instance ? jscClassCreateContextWithJSWrapper(objectClass, context, instance) : JSGlobalContextCreateInGroup(jscVirtualMachineGetContextGroup(context->priv->vm.get()), nullptr));
     JSC::JSGlobalObject* globalObject = toJS(objectContext.get());
     JSC::VM& vm = globalObject->vm();
-    auto* jsObject = globalObject;
-    jsObject->setGlobalScopeExtension(JSC::JSWithScope::create(vm, jsObject, jsObject->globalScope(), toJS(JSContextGetGlobalObject(context->priv->jsContext.get()))));
+    JSC::JSLockHolder locker(globalObject);
+    globalObject->setGlobalScopeExtension(JSC::JSWithScope::create(vm, globalObject, globalObject->globalScope(), toJS(JSContextGetGlobalObject(context->priv->jsContext.get()))));
     JSValueRef exception = nullptr;
     JSValueRef result = evaluateScriptInContext(objectContext.get(), String::fromUTF8(code, length < 0 ? strlen(code) : length), uri, lineNumber, &exception);
     if (jscContextHandleExceptionIfNeeded(context, exception))

Modified: trunk/Source/_javascript_Core/ChangeLog (253623 => 253624)

--- trunk/Source/_javascript_Core/ChangeLog	2019-12-17 14:09:54 UTC (rev 253623)
+++ trunk/Source/_javascript_Core/ChangeLog	2019-12-17 14:13:13 UTC (rev 253624)
@@ -1,3 +1,15 @@
+2019-12-17  Carlos Garcia Campos  <cgar...@igalia.com>
+
+        [GLIB] jsc_context_evaluate_in_object should take the API lock before calling setGlobalScopeExtension
+        https://bugs.webkit.org/show_bug.cgi?id=205331
+
+        Reviewed by Žan Doberšek.
+
+        We are now getting a crash due to an assert because the api lock is not held.
+
+        * API/glib/JSCContext.cpp:
+        (jsc_context_evaluate_in_object):
+
 2019-12-16  Mark Lam  <mark....@apple.com>
 
         Relanding r253581: Changed jsc shell timeout mechanism to leverage the VMTraps and use CPUTime.

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes