GNOME Bugzilla – Bug 742574
Calling JSContextRef related functions from Java finalizers
Last modified: 2015-01-08 09:56:03 UTC
It's not allowed to call JSContextRef related functions from Java finalizers, or anything that can cause GC for that matter: http://trac.webkit.org/browser/trunk/Source/JavaScriptCore/API/JSObjectRef.h#L94 Attached patches fix the two occurences of this, which would cause crashes otherwise.
Created attachment 294075 [details] [review] closure: Don't call JSValueUnprotect() from a finalizer We would not get here at all anyway if the object still had a "protect count" higher than 0, as that would prevent the GC from cleaning up the object. Also the docs say: You must not call any function that may cause a garbage collection or an allocation of a garbage collected object from within a JSObjectFinalizeCallback. This includes all functions that have a JSContextRef parameter.
Created attachment 294076 [details] [review] engine: Don't call JSValueUnprotect() from the finalizer of the object JSValueUnprotect() would be called from g_object_set_data_full() via the destroy notify we set for the data before. Steal the qdata instead as this won't call the destroy notify, and we don't have to clean up anything here. We would not get here at all anyway if the object still had a "protect count" higher than 0, as that would prevent the GC from cleaning up the object. Also the docs say: You must not call any function that may cause a garbage collection or an allocation of a garbage collected object from within a JSObjectFinalizeCallback. This includes all functions that have a JSContextRef parameter. Also consistently use the qdata variants of the functions instead of the data variants that take a string instead of a quark.
Thanks - I'd been removing the unprotect locally for a while, but never quite sure if it was just me... All committed.