Bug 897676 - Null out |si| if we end up using that of the proto in WrapNewGlobal. r=mrbkap
☠☠ backed out by dcb2b4276185 ☠ ☠
authorBobby Holley <bobbyholley@gmail.com>
Mon, 29 Jul 2013 16:03:04 -0700
changeset 140471 a0bc16b5a4289ac84df94328078d6531b786ee1c
parent 140470 ffc00bad90de444511ce58c6e4d7f2d025b09e25
child 140472 b43b3d14ea161a22d8885ca6f21aaa1854ec502f
push id1970
push userryanvm@gmail.com
push dateTue, 30 Jul 2013 17:12:32 +0000
treeherderfx-team@72240998c094 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmrbkap
bugs897676
milestone25.0a1
Bug 897676 - Null out |si| if we end up using that of the proto in WrapNewGlobal. r=mrbkap
js/xpconnect/src/XPCWrappedNative.cpp
--- a/js/xpconnect/src/XPCWrappedNative.cpp
+++ b/js/xpconnect/src/XPCWrappedNative.cpp
@@ -355,17 +355,23 @@ XPCWrappedNative::WrapNewGlobal(xpcObjec
     // This is probably more trouble than it's worth, since we've already created
     // an XPCNativeScriptableInfo for ourselves. Moreover, most of that class is
     // shared internally via XPCNativeScriptableInfoShared, so the memory
     // savings are negligible. Nevertheless, this is what ::Init() does, and we
     // want to be as consistent as possible with that code.
     XPCNativeScriptableInfo* siProto = proto->GetScriptableInfo();
     if (siProto && siProto->GetCallback() == sciWrapper.GetCallback()) {
         wrapper->mScriptableInfo = siProto;
+        // XPCNativeScriptableShared instances live in a map, and are
+        // GCed, but XPCNativeScriptableInfo is per-instance and must be
+        // manually managed. If we're switching over to that of the proto, we
+        // need to destroy the one we've allocated, and also null out the
+        // AutoMarkingPtr, so that it doesn't try to mark garbage data.
         delete si;
+        si = nullptr;
     } else {
         wrapper->mScriptableInfo = si;
     }
 
     // Set the JS object to the global we already created.
     wrapper->mFlatJSObject = global;
     wrapper->mFlatJSObject.setFlags(FLAT_JS_OBJECT_VALID);