summaryrefslogtreecommitdiffstats
path: root/js/src/vm/JSObject.cpp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-17 09:03:13 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-17 09:03:13 +0000
commit0681b3ac9a6ab4879ca2fbfcf8aa9d00a67b8365 (patch)
tree1437375a1c16af40bb2982577c25eb9608e17566 /js/src/vm/JSObject.cpp
parentAdding debian version 115.11.0esr-1~deb12u1. (diff)
downloadfirefox-esr-0681b3ac9a6ab4879ca2fbfcf8aa9d00a67b8365.tar.xz
firefox-esr-0681b3ac9a6ab4879ca2fbfcf8aa9d00a67b8365.zip
Merging upstream version 115.12.0esr.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'js/src/vm/JSObject.cpp')
-rw-r--r--js/src/vm/JSObject.cpp8
1 files changed, 4 insertions, 4 deletions
diff --git a/js/src/vm/JSObject.cpp b/js/src/vm/JSObject.cpp
index 292971cf3e..4398725fde 100644
--- a/js/src/vm/JSObject.cpp
+++ b/js/src/vm/JSObject.cpp
@@ -1221,6 +1221,10 @@ void JSObject::swap(JSContext* cx, HandleObject a, HandleObject b,
MOZ_RELEASE_ASSERT(js::ObjectMayBeSwapped(a));
MOZ_RELEASE_ASSERT(js::ObjectMayBeSwapped(b));
+ // Don't allow a GC which may observe intermediate state or run before we
+ // execute all necessary barriers.
+ gc::AutoSuppressGC nogc(cx);
+
if (!Watchtower::watchObjectSwap(cx, a, b)) {
oomUnsafe.crash("watchObjectSwap");
}
@@ -1311,10 +1315,6 @@ void JSObject::swap(JSContext* cx, HandleObject a, HandleObject b,
a->as<ProxyObject>().setInlineValueArray();
}
} else {
- // Avoid GC in here to avoid confusing the tracing code with our
- // intermediate state.
- gc::AutoSuppressGC suppress(cx);
-
// When the objects have different sizes, they will have different numbers
// of fixed slots before and after the swap, so the slots for native objects
// will need to be rearranged. Remember the original values from the