Bug 911216 - avoid debug-only null deref on alloc failure (r=till)
authorLuke Wagner <luke@mozilla.com>
Mon, 04 Jul 2016 10:19:54 -0500
changeset 303515 e57b6ee6509c8a9315085c139664ec5cc390cba9
parent 303514 86e45db70ad2a947f51eb48404e912f49eccac41
child 303516 ca64f3dba55e967a08644ee3ce643a584dd4e7d4
push id79114
push userlwagner@mozilla.com
push dateMon, 04 Jul 2016 15:20:15 +0000
treeherdermozilla-inbound@e57b6ee6509c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstill
bugs911216
milestone50.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 911216 - avoid debug-only null deref on alloc failure (r=till) MozReview-Commit-ID: GSbx344Jzys
js/src/builtin/Promise.cpp
--- a/js/src/builtin/Promise.cpp
+++ b/js/src/builtin/Promise.cpp
@@ -102,17 +102,17 @@ PromiseObject::create(JSContext* cx, Han
         // the current one.
         // All state stored in a Promise's fixed slots must be created in the
         // same compartment, so we get all of that out of the way here.
         // (Except for the resolution functions, which are created below.)
         mozilla::Maybe<AutoCompartment> ac;
         if (wrappedProto)
             ac.emplace(cx, usedProto);
 
-        promise = &NewObjectWithClassProto(cx, &class_, usedProto)->as<PromiseObject>();
+        promise = NewObjectWithClassProto<PromiseObject>(cx, usedProto);
         if (!promise)
             return nullptr;
 
         // Step 4.
         promise->setFixedSlot(PROMISE_STATE_SLOT, Int32Value(PROMISE_STATE_PENDING));
 
         // Step 5.
         RootedArrayObject reactions(cx, NewDenseEmptyArray(cx));