Bug 1503722: Check for null in JSScript::freeScriptData r=tcampbell
authorIain Ireland <iireland@mozilla.com>
Fri, 09 Nov 2018 16:38:08 +0000
changeset 501883 76e2c4ebce30de682dee25f8f924d2170e028abd
parent 501882 5a9b2d76dfa992ec7d7dd3952143939df6be8c04
child 501884 bf3af210c6a79525cea206418f9ce4fd3bb589cf
push id10290
push userffxbld-merge
push dateMon, 03 Dec 2018 16:23:23 +0000
treeherdermozilla-beta@700bed2445e6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstcampbell
bugs1503722
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1503722: Check for null in JSScript::freeScriptData r=tcampbell Differential Revision: https://phabricator.services.mozilla.com/D11472
js/src/jit-test/tests/xdr/bug1503722.js
js/src/vm/JSScript.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/xdr/bug1503722.js
@@ -0,0 +1,10 @@
+// |jit-test| skip-if: !('oomAtAllocation' in this) || helperThreadCount() === 0
+
+let THREAD_TYPE_PARSE = 4;
+let t = cacheEntry("function f() { function g() { }; return 3; };");
+evaluate(t, { sourceIsLazy: true, saveIncrementalBytecode: true });
+for (var i = 1; i < 20; ++i) {
+    oomAtAllocation(i, THREAD_TYPE_PARSE);
+    offThreadDecodeScript(t);
+    gc();
+}
--- a/js/src/vm/JSScript.cpp
+++ b/js/src/vm/JSScript.cpp
@@ -2809,18 +2809,20 @@ JSScript::createSharedScriptData(JSConte
 
     setScriptData(ssd);
     return true;
 }
 
 void
 JSScript::freeScriptData()
 {
-    scriptData_->decRefCount();
-    scriptData_ = nullptr;
+    if (scriptData_) {
+        scriptData_->decRefCount();
+        scriptData_ = nullptr;
+    }
 }
 
 void
 JSScript::setScriptData(js::SharedScriptData* data)
 {
     MOZ_ASSERT(!scriptData_);
     scriptData_ = data;
     scriptData_->incRefCount();