Bug 1544670, don't let one to reuse unlinked CallbackObjectHolder, r=mccr8
authorOlli Pettay <Olli.Pettay@helsinki.fi>
Wed, 17 Apr 2019 11:41:31 +0000
changeset 470360 f0be6dbacdb0145d2991780ed9c88d2973d72797
parent 470359 ffa5452d8247f2877a3ce4cc449b7ac336ef829b
child 470361 4bc97c0629fad26ca8739c69bd5fe36e746b18ff
push id112868
push useropoprus@mozilla.com
push dateMon, 22 Apr 2019 22:19:22 +0000
treeherdermozilla-inbound@24537856cc88 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmccr8
bugs1544670
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1544670, don't let one to reuse unlinked CallbackObjectHolder, r=mccr8 Differential Revision: https://phabricator.services.mozilla.com/D27732
dom/bindings/CallbackObject.h
--- a/dom/bindings/CallbackObject.h
+++ b/dom/bindings/CallbackObject.h
@@ -520,18 +520,19 @@ class CallbackObjectHolder : CallbackObj
   static const uintptr_t XPCOMCallbackFlag = 1u;
 
   friend void ImplCycleCollectionUnlink<WebIDLCallbackT, XPCOMCallbackT>(
       CallbackObjectHolder& aField);
 
   void UnlinkSelf() {
     // NS_IF_RELEASE because we might have been unlinked before
     nsISupports* ptr = GetISupports();
+    // Clear mPtrBits before the release to prevent reentrance.
+    mPtrBits = 0;
     NS_IF_RELEASE(ptr);
-    mPtrBits = 0;
   }
 
   uintptr_t mPtrBits;
 };
 
 NS_DEFINE_STATIC_IID_ACCESSOR(CallbackObject, DOM_CALLBACKOBJECT_IID)
 
 template <class T, class U>