Bug 1254622 - Relookup group->newScript in CreateThisForFunctionWithGroup. r=bhackett
authorJan de Mooij <jdemooij@mozilla.com>
Thu, 24 Mar 2016 15:09:41 +0100
changeset 290234 2912de2754baafcc07201c4ecda7c975622e6df5
parent 290233 e302d8d2af8bea5303ff1797f52668b8874918b5
child 290235 6a57a5f81339e57cc6443b7142b15810c5fd5fe1
push id30117
push userryanvm@gmail.com
push dateFri, 25 Mar 2016 15:36:00 +0000
treeherdermozilla-central@b45ee3e065b7 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbhackett
bugs1254622
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1254622 - Relookup group->newScript in CreateThisForFunctionWithGroup. r=bhackett
js/src/jsobj.cpp
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -927,18 +927,19 @@ CreateThisForFunctionWithGroup(JSContext
         // Not enough objects with this group have been created yet, so make a
         // plain object and register it with the group. Use the maximum number
         // of fixed slots, as is also required by the TypeNewScript.
         gc::AllocKind allocKind = GuessObjectGCKind(NativeObject::MAX_FIXED_SLOTS);
         PlainObject* res = NewObjectWithGroup<PlainObject>(cx, group, allocKind, newKind);
         if (!res)
             return nullptr;
 
-        if (newKind != SingletonObject)
-            newScript->registerNewObject(res);
+        // Make sure group->newScript is still there.
+        if (newKind != SingletonObject && group->newScript())
+            group->newScript()->registerNewObject(res);
 
         return res;
     }
 
     gc::AllocKind allocKind = NewObjectGCKind(&PlainObject::class_);
 
     if (newKind == SingletonObject) {
         Rooted<TaggedProto> protoRoot(cx, group->proto());