Bug 1298776 - Handle nullptr return from CreatePromiseObjectInternal in PromiseObject::create. r=evilpie
authorTill Schneidereit <till@tillschneidereit.net>
Mon, 12 Sep 2016 16:31:47 +0200
changeset 339309 4b33830da34cb7b672c50007490bc1a8f441fec0
parent 339308 7f3a9e2318555b99f355f0bd84a0e62c0459ed91
child 339310 569def7d611ec9c0b8b9c538f6a48b7f87c02502
push id10033
push userraliiev@mozilla.com
push dateMon, 19 Sep 2016 13:50:26 +0000
treeherdermozilla-aurora@5dddbefdf759 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersevilpie
bugs1298776
milestone51.0a1
Bug 1298776 - Handle nullptr return from CreatePromiseObjectInternal in PromiseObject::create. r=evilpie MozReview-Commit-ID: Hp6Y7yrOQBk
js/src/builtin/Promise.cpp
js/src/jit-test/tests/promise/bug-1298776.js
--- a/js/src/builtin/Promise.cpp
+++ b/js/src/builtin/Promise.cpp
@@ -712,16 +712,18 @@ PromiseObject::create(JSContext* cx, Han
         usedProto = CheckedUnwrap(proto);
         if (!usedProto)
             return nullptr;
     }
 
 
     // Steps 3-7.
     Rooted<PromiseObject*> promise(cx, CreatePromiseObjectInternal(cx, usedProto, wrappedProto));
+    if (!promise)
+        return nullptr;
 
     RootedValue promiseVal(cx, ObjectValue(*promise));
     if (wrappedProto && !cx->compartment()->wrap(cx, &promiseVal))
         return nullptr;
 
     // Step 8.
     // The resolving functions are created in the compartment active when the
     // (maybe wrapped) Promise constructor was called. They contain checks and
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/promise/bug-1298776.js
@@ -0,0 +1,1 @@
+oomTest(Function(`new Promise(res=>res)`));