Bug 1289058 - Null check principals before holding them in JS::FirstSubsumedFrame; r=jimb
authorNick Fitzgerald <fitzgen@gmail.com>
Mon, 25 Jul 2016 15:07:22 -0700
changeset 331653 0d3a0369254a6d5adcfd80542155420b50d64fbd
parent 331652 19686b2399b5b0d41ac6a2405061ac9a5f143af2
child 331654 072a565bf24efd7687c76fa7a39c79700b023af2
push id9858
push userjlund@mozilla.com
push dateMon, 01 Aug 2016 14:37:10 +0000
treeherdermozilla-aurora@203106ef6cb6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjimb
bugs1289058
milestone50.0a1
Bug 1289058 - Null check principals before holding them in JS::FirstSubsumedFrame; r=jimb
js/src/jit-test/tests/saved-stacks/bug-1289058.js
js/src/jsapi.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/saved-stacks/bug-1289058.js
@@ -0,0 +1,13 @@
+const g1 = newGlobal({});
+const g2 = newGlobal(newGlobal);
+g1.g2obj = g2.eval("new Object");
+g1.evaluate(`
+  const global = this;
+  function capture(shouldIgnoreSelfHosted = true) {
+    return captureFirstSubsumedFrame(global.g2obj, shouldIgnoreSelfHosted);
+  }
+  (function iife1() {
+    const captureTrueStack = capture(true);
+  }());
+`, {
+});
--- a/js/src/jsapi.h
+++ b/js/src/jsapi.h
@@ -5928,17 +5928,18 @@ struct FirstSubsumedFrame
      */
     explicit FirstSubsumedFrame(JSContext* cx, bool ignoreSelfHostedFrames = true);
 
     explicit FirstSubsumedFrame(JSContext* ctx, JSPrincipals* p, bool ignoreSelfHostedFrames = true)
       : cx(ctx)
       , principals(p)
       , ignoreSelfHosted(ignoreSelfHostedFrames)
     {
-        JS_HoldPrincipals(principals);
+        if (principals)
+            JS_HoldPrincipals(principals);
     }
 
     // No copying because we want to avoid holding and dropping principals
     // unnecessarily.
     FirstSubsumedFrame(const FirstSubsumedFrame&) = delete;
     FirstSubsumedFrame& operator=(const FirstSubsumedFrame&) = delete;
 
     FirstSubsumedFrame(FirstSubsumedFrame&& rhs)