Bug 1306281 - Defer release during finalization of sandbox principals, r=bholley.
☠☠ backed out by aa490cced7ba ☠ ☠
authorBrian Hackett <bhackett1024@gmail.com>
Wed, 12 Oct 2016 13:09:49 -0600
changeset 317880 0d4f60fa9597d39c291b9dcd6004c6ecb7b08657
parent 317879 9722fdd1114b38e8d9a112922ca3ff335d6c504b
child 317881 8f08d2842a623d28aedc098f808793643d32cccd
push id33170
push usercbook@mozilla.com
push dateFri, 14 Oct 2016 10:37:07 +0000
treeherderautoland@0d101ebfd95c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1306281
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1306281 - Defer release during finalization of sandbox principals, r=bholley.
js/xpconnect/src/Sandbox.cpp
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@@ -43,16 +43,17 @@
 #include "mozilla/dom/FileReaderBinding.h"
 #include "mozilla/dom/ScriptSettings.h"
 #include "mozilla/dom/TextDecoderBinding.h"
 #include "mozilla/dom/TextEncoderBinding.h"
 #include "mozilla/dom/UnionConversions.h"
 #include "mozilla/dom/URLBinding.h"
 #include "mozilla/dom/URLSearchParamsBinding.h"
 #include "mozilla/dom/XMLHttpRequest.h"
+#include "mozilla/DeferredFinalize.h"
 
 using namespace mozilla;
 using namespace JS;
 using namespace xpc;
 
 using mozilla::dom::DestroyProtoAndIfaceCache;
 using mozilla::dom::IndexedDatabaseManager;
 
@@ -406,17 +407,17 @@ sandbox_finalize(js::FreeOp* fop, JSObje
     nsIScriptObjectPrincipal* sop =
         static_cast<nsIScriptObjectPrincipal*>(xpc_GetJSPrivate(obj));
     if (!sop) {
         // sop can be null if CreateSandboxObject fails in the middle.
         return;
     }
 
     static_cast<SandboxPrivate*>(sop)->ForgetGlobalObject();
-    NS_RELEASE(sop);
+    DeferredFinalize(sop);
     DestroyProtoAndIfaceCache(obj);
 }
 
 static void
 sandbox_moved(JSObject* obj, const JSObject* old)
 {
     // Note that this hook can be called before the private pointer is set. In
     // this case the SandboxPrivate will not exist yet, so there is nothing to