From bbd4001cb261cc54e2adf804ea7cbeb09078d7d9 Mon Sep 17 00:00:00 2001
From: trav90 <travawine@protonmail.ch>
Date: Sat, 7 Apr 2018 12:24:30 -0500
Subject: Fix Value::isGCThing footgun, stop returning true for NullValue

---
 js/src/gc/Barrier.cpp | 2 +-
 js/src/gc/Barrier.h   | 2 +-
 js/src/gc/Marking.cpp | 4 ++--
 js/src/gc/Marking.h   | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'js/src/gc')

diff --git a/js/src/gc/Barrier.cpp b/js/src/gc/Barrier.cpp
index f19f6f046..6dab8d25b 100644
--- a/js/src/gc/Barrier.cpp
+++ b/js/src/gc/Barrier.cpp
@@ -56,7 +56,7 @@ HeapSlot::preconditionForWriteBarrierPost(NativeObject* obj, Kind kind, uint32_t
     bool isCorrectSlot = kind == Slot
                          ? obj->getSlotAddressUnchecked(slot)->get() == target
                          : static_cast<HeapSlot*>(obj->getDenseElements() + slot)->get() == target;
-    bool isBlackToGray = target.isMarkable() &&
+    bool isBlackToGray = target.isGCThing() &&
                          IsMarkedBlack(obj) && JS::GCThingIsMarkedGray(JS::GCCellPtr(target));
     return isCorrectSlot && !isBlackToGray;
 }
diff --git a/js/src/gc/Barrier.h b/js/src/gc/Barrier.h
index 950c96314..effc9233e 100644
--- a/js/src/gc/Barrier.h
+++ b/js/src/gc/Barrier.h
@@ -282,7 +282,7 @@ template <typename S> struct ReadBarrierFunctor : public VoidDefaultAdaptor<S> {
 template <>
 struct InternalBarrierMethods<Value>
 {
-    static bool isMarkable(const Value& v) { return v.isMarkable(); }
+    static bool isMarkable(const Value& v) { return v.isGCThing(); }
     static bool isMarkableTaggedPointer(const Value& v) { return isMarkable(v); }
 
     static void preBarrier(const Value& v) {
diff --git a/js/src/gc/Marking.cpp b/js/src/gc/Marking.cpp
index d9235f9ac..b2c105999 100644
--- a/js/src/gc/Marking.cpp
+++ b/js/src/gc/Marking.cpp
@@ -328,7 +328,7 @@ ShouldMarkCrossCompartment(JSTracer* trc, JSObject* src, Cell* cell)
 static bool
 ShouldMarkCrossCompartment(JSTracer* trc, JSObject* src, const Value& val)
 {
-    return val.isMarkable() && ShouldMarkCrossCompartment(trc, src, (Cell*)val.toGCThing());
+    return val.isGCThing() && ShouldMarkCrossCompartment(trc, src, val.toGCThing());
 }
 
 static void
@@ -1599,7 +1599,7 @@ ObjectDenseElementsMayBeMarkable(NativeObject* nobj)
     if (!mayBeMarkable) {
         const Value* elements = nobj->getDenseElementsAllowCopyOnWrite();
         for (unsigned i = 0; i < nobj->getDenseInitializedLength(); i++)
-            MOZ_ASSERT(!elements[i].isMarkable());
+            MOZ_ASSERT(!elements[i].isGCThing());
     }
 #endif
 
diff --git a/js/src/gc/Marking.h b/js/src/gc/Marking.h
index ec4c69a2f..73f63d804 100644
--- a/js/src/gc/Marking.h
+++ b/js/src/gc/Marking.h
@@ -404,7 +404,7 @@ IsAboutToBeFinalizedDuringSweep(TenuredCell& tenured);
 inline Cell*
 ToMarkable(const Value& v)
 {
-    if (v.isMarkable())
+    if (v.isGCThing())
         return (Cell*)v.toGCThing();
     return nullptr;
 }
-- 
cgit v1.2.3