See no evil, speak no evil, do no evil. Read not English, Speak not English, Do not do Coverity

diff -r e60330fab5fe js/src/jscntxt.cpp
--- a/js/src/jscntxt.cpp	Sun Jun 07 09:32:19 2009 +0300
+++ b/js/src/jscntxt.cpp	Mon Jun 22 17:09:12 2009 +0300
@@ -192,16 +192,17 @@ js_InitContextThread(JSContext *cx)
 
         * Another thread cannot initialize entry->thread. *
         JS_ASSERT(!entry->thread);
         entry->thread = thread;
     }
 
     JS_APPEND_LINK(&cx->threadLinks, &thread->contextList);
     cx->thread = thread;
+    JS_UNLOCK_GC(rt);
     return true;
 }
 
 void
 js_ClearContextThread(JSContext *cx)
 {
     JS_ASSERT(CURRENT_THREAD_IS_ME(cx->thread));
     JS_REMOVE_AND_INIT_LINK(&cx->threadLinks);

What's wrong with that?

Let's review the patch, from the header, we see that we're in js_InitContextThread - cool.

Can we read the file to see how it should work?

Let's

391     if (!js_InitContextThread(cx)) {
392         FreeContext(cx);
393         return NULL;
394     }
...
397     /*
398      * Here the GC lock is still held after js_InitContextThread took it and
399      * the GC is not running on another thread.

So what was our friend the monkey doing?

The monkey was unlocking something which was intentionally locked for the success case.