Bug 1483183 - Discard pending exception during CCW GetProp IC failure r=tcampbell
☠☠ backed out by 56856b94af05 ☠ ☠
authorMatthew Gaudet <mgaudet@mozilla.com>
Wed, 15 Aug 2018 17:33:08 -0700
changeset 432388 4e417850332a6d2ad41dbedcf273e651a5f7285c
parent 432387 b43dff21dd79154d1b06b2e0318bfc9f79d41f28
child 432389 9370dc79ddfc94fdb20f3ae6036c9fcbd3c3d6c1
push id106723
push usermgaudet@mozilla.com
push dateMon, 20 Aug 2018 15:52:54 +0000
treeherdermozilla-inbound@9370dc79ddfc [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstcampbell
bugs1483183
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1483183 - Discard pending exception during CCW GetProp IC failure r=tcampbell
js/src/jit-test/tests/cacheir/bug1483183.js
js/src/jit/CacheIR.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/cacheir/bug1483183.js
@@ -0,0 +1,5 @@
+stackTest(new Function(`
+newGlobal({
+  sameZoneAs: []
+}).frame;
+`));
--- a/js/src/jit/CacheIR.cpp
+++ b/js/src/jit/CacheIR.cpp
@@ -1136,18 +1136,20 @@ GetPropIRGenerator::tryAttachCrossCompar
     // If we allowed different zones we would have to wrap strings.
     if (unwrapped->compartment()->zone() != cx_->compartment()->zone())
         return false;
 
     // Take the unwrapped object's global, and wrap in a
     // this-compartment wrapper. This is what will be stored in the IC
     // keep the compartment alive.
     RootedObject wrappedTargetGlobal(cx_, &unwrapped->nonCCWGlobal());
-    if (!cx_->compartment()->wrap(cx_, &wrappedTargetGlobal))
-        return false;
+    if (!cx_->compartment()->wrap(cx_, &wrappedTargetGlobal)) {
+        cx_->clearPendingException();
+        return false;
+    }
 
     bool isWindowProxy = false;
     RootedShape shape(cx_);
     RootedNativeObject holder(cx_);
 
     // Enter realm of target since some checks have side-effects
     // such as de-lazifying type info.
     {