From d7e5ad445cc8cb3f3f04e7c177350fcf1c12c62f Mon Sep 17 00:00:00 2001 From: Gaming4JC Date: Sun, 5 Jan 2020 10:31:42 -0500 Subject: Bug 1299363 - Part 4: Hold a pointer of ElementQueue in ReactionsStack instead. 1. It is possible that invoking a reaction triggers pushing a new ElementQueue into ReactionStack (e.g., calling define() in constructor which probably enqueue another upgrade reaction), and the reference of ElementQueue passed to InvokeReactions becomes invalid due to the memmove in nsTArray implementation. 2. And we get another benefit from this is memmove becomes faster. Tag UXP Issue #1344 --- dom/base/CustomElementRegistry.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'dom/base/CustomElementRegistry.h') diff --git a/dom/base/CustomElementRegistry.h b/dom/base/CustomElementRegistry.h index db208bf71..620492cbb 100644 --- a/dom/base/CustomElementRegistry.h +++ b/dom/base/CustomElementRegistry.h @@ -247,7 +247,7 @@ private: ~CustomElementReactionsStack() {}; // The choice of 8 for the auto size here is based on gut feeling. - AutoTArray mReactionsStack; + AutoTArray, 8> mReactionsStack; ElementQueue mBackupQueue; // https://html.spec.whatwg.org/#enqueue-an-element-on-the-appropriate-element-queue bool mIsBackupQueueProcessing; @@ -258,7 +258,7 @@ private: * Invoke custom element reactions * https://html.spec.whatwg.org/multipage/scripting.html#invoke-custom-element-reactions */ - void InvokeReactions(ElementQueue& aElementQueue); + void InvokeReactions(ElementQueue* aElementQueue); void Enqueue(Element* aElement, CustomElementReaction* aReaction); -- cgit v1.2.3