ma1 pushed to branch mullvad-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser

Commits:

3 changed files:

Changes:

  • js/src/gc/Zone.cpp
    ... ... @@ -918,7 +918,13 @@ void Zone::clearScriptCounts(Realm* realm) {
    918 918
       // Clear all hasScriptCounts_ flags of BaseScript, in order to release all
    
    919 919
       // ScriptCounts entries of the given realm.
    
    920 920
       for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) {
    
    921
    -    BaseScript* script = i.get().key();
    
    921
    +    const HeapPtr<BaseScript*>& script = i.get().key();
    
    922
    +    if (IsAboutToBeFinalized(script)) {
    
    923
    +      // Dead scripts may be present during incremental GC until script
    
    924
    +      // finalizers have been run.
    
    925
    +      continue;
    
    926
    +    }
    
    927
    +
    
    922 928
         if (script->realm() != realm) {
    
    923 929
           continue;
    
    924 930
         }
    
    ... ... @@ -939,7 +945,13 @@ void Zone::clearScriptLCov(Realm* realm) {
    939 945
       }
    
    940 946
     
    
    941 947
       for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) {
    
    942
    -    BaseScript* script = i.get().key();
    
    948
    +    const HeapPtr<BaseScript*>& script = i.get().key();
    
    949
    +    if (IsAboutToBeFinalized(script)) {
    
    950
    +      // Dead scripts may be present during incremental GC until script
    
    951
    +      // finalizers have been run.
    
    952
    +      continue;
    
    953
    +    }
    
    954
    +
    
    943 955
         if (script->realm() == realm) {
    
    944 956
           i.remove();
    
    945 957
         }
    

  • js/src/jit-test/tests/debug/bug-1904011.js
    1
    +// |jit-test| --fuzzing-safe; --ion-offthread-compile=off
    
    2
    +gczeal(0);
    
    3
    +
    
    4
    +let g = newGlobal({newCompartment: true});
    
    5
    +let dbg = new Debugger(g);
    
    6
    +
    
    7
    +dbg.collectCoverageInfo = true;
    
    8
    +g.eval("0");
    
    9
    +
    
    10
    +// Start a GC in the debugger's zone and yield after sweeping objects.
    
    11
    +schedulezone(g);
    
    12
    +gczeal(22);
    
    13
    +startgc(100);
    
    14
    +
    
    15
    +dbg.collectCoverageInfo = false;

  • toolkit/components/antitracking/StoragePrincipalHelper.cpp
    ... ... @@ -445,7 +445,7 @@ bool StoragePrincipalHelper::GetOriginAttributes(
    445 445
       nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
    
    446 446
       loadInfo->GetOriginAttributes(&aAttributes);
    
    447 447
     
    
    448
    -  bool isPrivate = false;
    
    448
    +  bool isPrivate = aAttributes.mPrivateBrowsingId > 0;
    
    449 449
       nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel);
    
    450 450
       if (pbChannel) {
    
    451 451
         nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate);
    
    ... ... @@ -454,7 +454,9 @@ bool StoragePrincipalHelper::GetOriginAttributes(
    454 454
         // Some channels may not implement nsIPrivateBrowsingChannel
    
    455 455
         nsCOMPtr<nsILoadContext> loadContext;
    
    456 456
         NS_QueryNotificationCallbacks(aChannel, loadContext);
    
    457
    -    isPrivate = loadContext && loadContext->UsePrivateBrowsing();
    
    457
    +    if (loadContext) {
    
    458
    +      isPrivate = loadContext->UsePrivateBrowsing();
    
    459
    +    }
    
    458 460
       }
    
    459 461
       aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate);
    
    460 462