Bug 1503722: Check for null in JSScript::freeScriptData r=tcampbell
☠☠ backed out by f21eb25a48d6 ☠ ☠
authorIain Ireland <iireland@mozilla.com>
Fri, 09 Nov 2018 14:14:15 +0000
changeset 445416 9a56e222166a7782bac4775046ea4b9d13eeb624
parent 445415 f21bc9ca2ff3aa0a6172a3c4bf702d8736578e32
child 445417 08de19d5e162077aa84c50f5ae8669c19456f568
push id35015
push userdluca@mozilla.com
push dateFri, 09 Nov 2018 17:45:20 +0000
treeherdermozilla-central@2f1158e5e0ce [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstcampbell
bugs1503722
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1503722: Check for null in JSScript::freeScriptData r=tcampbell Differential Revision: https://phabricator.services.mozilla.com/D11472
js/src/jit-test/tests/xdr/bug1503722.js
js/src/vm/JSScript.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/xdr/bug1503722.js
@@ -0,0 +1,10 @@
+// |jit-test| skip-if: helperThreadCount() === 0
+
+let THREAD_TYPE_PARSE = 4;
+let t = cacheEntry("function f() { function g() { }; return 3; };");
+evaluate(t, { sourceIsLazy: true, saveIncrementalBytecode: true });
+for (var i = 1; i < 20; ++i) {
+    oomAtAllocation(i, THREAD_TYPE_PARSE);
+    offThreadDecodeScript(t);
+    gc();
+}
--- a/js/src/vm/JSScript.cpp
+++ b/js/src/vm/JSScript.cpp
@@ -2809,18 +2809,20 @@ JSScript::createSharedScriptData(JSConte
 
     setScriptData(ssd);
     return true;
 }
 
 void
 JSScript::freeScriptData()
 {
-    scriptData_->decRefCount();
-    scriptData_ = nullptr;
+    if (scriptData_) {
+        scriptData_->decRefCount();
+        scriptData_ = nullptr;
+    }
 }
 
 void
 JSScript::setScriptData(js::SharedScriptData* data)
 {
     MOZ_ASSERT(!scriptData_);
     scriptData_ = data;
     scriptData_->incRefCount();