On Wed, Aug 13, 2014 at 4:35 AM, Aryeh Gregor <a...@aryeh.name> wrote:
> On Tue, Aug 12, 2014 at 6:46 PM, L. David Baron <dba...@dbaron.org> wrote: > > In these cases we document that it's likely safe for callers to do > > this by having those getters return raw pointers. Getters that > > require reference-counting return already_AddRefed. Thus the > > designer of the API makes a choice about whether the caller is > > required to reference-count the result. > > How is this code safe? > > nsIContent* child = node->GetFirstChild(); > // Do some stuff with child > > It compiles fine, but if any subsequent code causes the child to be > removed from its parent, it could get freed. In particular, this can > happen if anything indirectly triggers mutation observers, and I > distinctly remember a sec-critical bug caused by exactly that. > There are huge swathes of code where we know DOM mutation should not happen. Reflow and painting for example. Rob -- oIo otoeololo oyooouo otohoaoto oaonoyooonoeo owohooo oioso oaonogoroyo owoiotoho oao oboroootohoeoro oooro osoiosotoeoro owoiololo oboeo osouobojoeocoto otooo ojouodogomoeonoto.o oAogoaoiono,o oaonoyooonoeo owohooo osoaoyoso otooo oao oboroootohoeoro oooro osoiosotoeoro,o o‘oRoaocoao,o’o oioso oaonosowoeoroaoboloeo otooo otohoeo ocooouoroto.o oAonodo oaonoyooonoeo owohooo osoaoyoso,o o‘oYooouo ofooooolo!o’o owoiololo oboeo oiono odoaonogoeoro ooofo otohoeo ofoioroeo ooofo ohoeololo. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
