Bug 1254622 - Relookup group->newScript in CreateThisForFunctionWithGroup. r=bhackett a=lizzard
authorJan de Mooij <jdemooij@mozilla.com>
Thu, 24 Mar 2016 15:09:41 +0100
changeset 323694 25b3865d874c01fd1883b03291a479047db055d5
parent 323693 9b97e56d0ff2a6363fa741832ed1092f72fd39f1
child 323695 c46b441ec89f41b7e76deecd4624b477923cb7c6
push id5913
push userjlund@mozilla.com
push dateMon, 25 Apr 2016 16:57:49 +0000
treeherdermozilla-beta@dcaf0a6fa115 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbhackett, lizzard
bugs1254622
milestone47.0a2
Bug 1254622 - Relookup group->newScript in CreateThisForFunctionWithGroup. r=bhackett a=lizzard MozReview-Commit-ID: KXd7kB70f1Z
js/src/jsobj.cpp
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -927,18 +927,19 @@ CreateThisForFunctionWithGroup(JSContext
         // Not enough objects with this group have been created yet, so make a
         // plain object and register it with the group. Use the maximum number
         // of fixed slots, as is also required by the TypeNewScript.
         gc::AllocKind allocKind = GuessObjectGCKind(NativeObject::MAX_FIXED_SLOTS);
         PlainObject* res = NewObjectWithGroup<PlainObject>(cx, group, allocKind, newKind);
         if (!res)
             return nullptr;
 
-        if (newKind != SingletonObject)
-            newScript->registerNewObject(res);
+        // Make sure group->newScript is still there.
+        if (newKind != SingletonObject && group->newScript())
+            group->newScript()->registerNewObject(res);
 
         return res;
     }
 
     gc::AllocKind allocKind = NewObjectGCKind(&PlainObject::class_);
 
     if (newKind == SingletonObject) {
         Rooted<TaggedProto> protoRoot(cx, group->proto());