This repository was archived by the owner on Jan 15, 2021. It is now read-only.
This repository was archived by the owner on Jan 15, 2021. It is now read-only.
Code bug in MozValue.cc #107
Description
This code bug was found while investigating another bug (thaliproject/Thali_CordovaPlugin#1592).
JS::Heap<JS::Value> hval;
hval = JS::ObjectOrNullValue(reserved_obj);
JS::AddNamedValueRoot(ctx_, &hval, nullptr);
JS_SetReservedSlot(object_, GC_SLOT_GC_CALL, hval);
hval is allocated on the stack and then passed to AddNamedValueRoot that is expecting a JS::Value object allocated on the heap.
The bug is low priority since that code path is not currently used by the ThaliProject code or any JXcore test.