Bug 1172076 - Switch compartment before computing recover instruction results. r=jandem, a=2.2+
authorNicolas B. Pierron <nicolas.b.pierron@mozilla.com>
Mon, 15 Jun 2015 11:48:15 +0200
changeset 238645 31820845d067e896a751894f75d389013caad22e
parent 238644 08627d5b256b8b50a9779f8ca5412cf9c8a632fe
child 238646 05fb211d4c6c60fba3964517f2218166a71f84a4
push id702
push userryanvm@gmail.com
push dateThu, 18 Jun 2015 14:43:27 +0000
treeherdermozilla-b2g37_v2_2@05fb211d4c6c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem, 2.2
bugs1172076
milestone37.0
Bug 1172076 - Switch compartment before computing recover instruction results. r=jandem, a=2.2+
js/src/jit/JitFrames.cpp
--- a/js/src/jit/JitFrames.cpp
+++ b/js/src/jit/JitFrames.cpp
@@ -2041,16 +2041,18 @@ SnapshotIterator::initInstructionResults
     // If there is only one resume point in the list of instructions, then there
     // is no instruction to recover, and thus no need to register any results.
     if (recover_.numInstructions() == 1)
         return true;
 
     JitFrameLayout* fp = fallback.frame->jsFrame();
     RInstructionResults* results = fallback.activation->maybeIonFrameRecovery(fp);
     if (!results) {
+        AutoCompartment ac(cx, fallback.frame->script()->compartment());
+
         // We do not have the result yet, which means that an observable stack
         // slot is requested.  As we do not want to bailout every time for the
         // same reason, we need to recompile without optimizing away the
         // observable stack slots.  The script would later be recompiled to have
         // support for Argument objects.
         if (fallback.consequence == MaybeReadFallback::Fallback_Invalidate &&
             !ionScript_->invalidate(cx, /* resetUses = */ false, "Observe recovered instruction."))
         {