Bug 1574071: Handle DocAddSizeOf after unlink. r=mccr8
authorKris Maglione <maglione.k@gmail.com>
Thu, 15 Aug 2019 21:43:55 +0000
changeset 488361 673ebee1e845f5fd65c7ae95c2ea4372f10fc037
parent 488360 2fce06fd642bada80669049de12f9b15924c979b
child 488362 791d6cda0dddf0478ba8a13f6cef42177261b309
push id113906
push userncsoregi@mozilla.com
push dateFri, 16 Aug 2019 04:07:24 +0000
treeherdermozilla-inbound@d887276421d3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
Bug 1574071: Handle DocAddSizeOf after unlink. r=mccr8 Under some odd circumstances, the devtools heap snapshot code tries to record a Document after the cycle collector has unlinked it, which leads to a crash when trying to add the size of the (now null) CSS loader. Differential Revision: https://phabricator.services.mozilla.com/D42176
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@@ -14046,18 +14046,21 @@ void Document::DocAddSizeOfExcludingThis
   for (auto& sheetArray : mAdditionalSheets) {
     AddSizeOfOwnedSheetArrayExcludingThis(aWindowSizes, sheetArray);
   // Lumping in the loader with the style-sheets size is not ideal,
   // but most of the things in there are in fact stylesheets, so it
   // doesn't seem worthwhile to separate it out.
-  aWindowSizes.mLayoutStyleSheetsSize +=
-      CSSLoader()->SizeOfIncludingThis(aWindowSizes.mState.mMallocSizeOf);
+  // This can be null if we've already been unlinked.
+  if (mCSSLoader) {
+    aWindowSizes.mLayoutStyleSheetsSize +=
+        mCSSLoader->SizeOfIncludingThis(aWindowSizes.mState.mMallocSizeOf);
+  }
   aWindowSizes.mDOMOtherSize += mAttrStyleSheet
                                     ? mAttrStyleSheet->DOMSizeOfIncludingThis(
                                     : 0;
   aWindowSizes.mDOMOtherSize += mStyledLinks.ShallowSizeOfExcludingThis(