Bug 1305236 - Don't call ExposeObjectToActiveJS on null pointer. r=smaug, a=ritu
authorJon Coppeard <jcoppeard@mozilla.com>
Thu, 29 Sep 2016 10:18:50 +0100
changeset 355947 3a72e917e75649b350147c1aa6bce5f57a64c3d5
parent 355946 6a7bac1a09cc3208aab7c0fc0dcedb7e84cc5ffc
child 355948 a9ba2aa61f5b9f5cbc25ed8431bb41f2d0c47703
push id6570
push userraliiev@mozilla.com
push dateMon, 14 Nov 2016 12:26:13 +0000
treeherdermozilla-beta@f455459b2ae5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug, ritu
bugs1305236
milestone51.0a2
Bug 1305236 - Don't call ExposeObjectToActiveJS on null pointer. r=smaug, a=ritu
dom/bindings/Exceptions.cpp
js/public/GCAPI.h
--- a/dom/bindings/Exceptions.cpp
+++ b/dom/bindings/Exceptions.cpp
@@ -652,17 +652,19 @@ NS_IMETHODIMP JSStackFrame::GetFormatted
     mFormattedStackInitialized = true;
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP JSStackFrame::GetNativeSavedFrame(JS::MutableHandle<JS::Value> aSavedFrame)
 {
-  JS::ExposeObjectToActiveJS(mStack);
+  if (mStack) {
+    JS::ExposeObjectToActiveJS(mStack);
+  }
   aSavedFrame.setObjectOrNull(mStack);
   return NS_OK;
 }
 
 NS_IMETHODIMP JSStackFrame::ToString(JSContext* aCx, nsACString& _retval)
 {
   _retval.Truncate();
 
--- a/js/public/GCAPI.h
+++ b/js/public/GCAPI.h
@@ -637,16 +637,17 @@ namespace JS {
  * This should be called when an object that is marked gray is exposed to the JS
  * engine (by handing it to running JS code or writing it into live JS
  * data). During incremental GC, since the gray bits haven't been computed yet,
  * we conservatively mark the object black.
  */
 static MOZ_ALWAYS_INLINE void
 ExposeObjectToActiveJS(JSObject* obj)
 {
+    MOZ_ASSERT(obj);
     js::gc::ExposeGCThingToActiveJS(GCCellPtr(obj));
 }
 
 static MOZ_ALWAYS_INLINE void
 ExposeScriptToActiveJS(JSScript* script)
 {
     js::gc::ExposeGCThingToActiveJS(GCCellPtr(script));
 }