Skip to content

V
V8
Commit c0849f8b authored by dcarney@chromium.org's avatar dcarney@chromium.org
Browse files
Options

Bootstrapper::DetachGlobal also need to unset global_proxy's constructor to... 

Bootstrapper::DetachGlobal also need to unset global_proxy's constructor to remove all refs to context

DetachGlobal detaches original context of a global proxy object.

Before this patch, the constructor JSFunction still carried a reference to the old context after |Bootstrapper::DetachGlobal| call.
This patch removes the reference by setting the constructor null.

TEST=http/tests/security/isolatedWorld w/ --enable-leak-detection
LOG=N
BUG=364377
R=dcarney@chromium.org

Review URL: https://codereview.chromium.org/397953009

Patch from Kouhei Ueno <kouhei@chromium.org>.

git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22460 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent 2bb3f965
Hide whitespace changes
Inline Side-by-side
Showing with 1 addition and 0 deletions
src/bootstrapper.cc
View file @ c0849f8b
......@@ -355,6 +355,7 @@ void Bootstrapper::DetachGlobal(Handle<Context> env) {
Handle<JSGlobalProxy> global_proxy(JSGlobalProxy::cast(env->global_proxy()));
global_proxy->set_native_context(*factory->null_value());
SetObjectPrototype(global_proxy, factory->null_value());
global_proxy->map()->set_constructor(*factory->null_value());
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment