Bug 1305236 - Don't call ExposeObjectToActiveJS on null pointer r=smaug
authorJon Coppeard <jcoppeard@mozilla.com>
Thu, 29 Sep 2016 10:18:50 +0100
changeset 315817 955340c5cf9eff6f6aa79c88f656fa27428fb12f
parent 315816 f54d698d7de7c83e65d365eed3d10dc775be9884
child 315818 d9b67ef4fb0a2f2de2c398034ffe027c07aae8e9
push id20634
push usercbook@mozilla.com
push dateFri, 30 Sep 2016 10:10:13 +0000
treeherderfx-team@afe79b010d13 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs1305236
milestone52.0a1
Bug 1305236 - Don't call ExposeObjectToActiveJS on null pointer r=smaug
dom/bindings/Exceptions.cpp
js/public/GCAPI.h
--- a/dom/bindings/Exceptions.cpp
+++ b/dom/bindings/Exceptions.cpp
@@ -652,17 +652,19 @@ NS_IMETHODIMP JSStackFrame::GetFormatted
     mFormattedStackInitialized = true;
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP JSStackFrame::GetNativeSavedFrame(JS::MutableHandle<JS::Value> aSavedFrame)
 {
-  JS::ExposeObjectToActiveJS(mStack);
+  if (mStack) {
+    JS::ExposeObjectToActiveJS(mStack);
+  }
   aSavedFrame.setObjectOrNull(mStack);
   return NS_OK;
 }
 
 NS_IMETHODIMP JSStackFrame::ToString(JSContext* aCx, nsACString& _retval)
 {
   _retval.Truncate();
 
--- a/js/public/GCAPI.h
+++ b/js/public/GCAPI.h
@@ -637,16 +637,17 @@ namespace JS {
  * This should be called when an object that is marked gray is exposed to the JS
  * engine (by handing it to running JS code or writing it into live JS
  * data). During incremental GC, since the gray bits haven't been computed yet,
  * we conservatively mark the object black.
  */
 static MOZ_ALWAYS_INLINE void
 ExposeObjectToActiveJS(JSObject* obj)
 {
+    MOZ_ASSERT(obj);
     js::gc::ExposeGCThingToActiveJS(GCCellPtr(obj));
 }
 
 static MOZ_ALWAYS_INLINE void
 ExposeScriptToActiveJS(JSScript* script)
 {
     js::gc::ExposeGCThingToActiveJS(GCCellPtr(script));
 }