Bug 1496673. Fix crash in custom element data memory reporting code. r=jdai
authorBoris Zbarsky <bzbarsky@mit.edu>
Fri, 05 Oct 2018 21:27:14 +0000
changeset 495588 82e3da06b72f9ef230bd1c7f99df020993ae5c20
parent 495587 4a0b6cfb51a1bd90eed7475b0ee06b0e1092fe10
child 495589 9a47689aab049be860164e673ee32d4be58a033f
push id9984
push userffxbld-merge
push dateMon, 15 Oct 2018 21:07:35 +0000
treeherdermozilla-beta@183d27ea8570 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjdai
bugs1496673
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1496673. Fix crash in custom element data memory reporting code. r=jdai While iterating the list in CustomElementReactionsStack::InvokeReactions we can have null pointers in mReactionQueue for reactions that have already been invoked. Differential Revision: https://phabricator.services.mozilla.com/D7923
dom/base/CustomElementRegistry.cpp
--- a/dom/base/CustomElementRegistry.cpp
+++ b/dom/base/CustomElementRegistry.cpp
@@ -255,17 +255,22 @@ CustomElementData::Unlink()
 size_t
 CustomElementData::SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const
 {
   size_t n = aMallocSizeOf(this);
 
   n += mReactionQueue.ShallowSizeOfExcludingThis(aMallocSizeOf);
 
   for (auto& reaction : mReactionQueue) {
-    n += reaction->SizeOfIncludingThis(aMallocSizeOf);
+    // "reaction" can be null if we're being called indirectly from
+    // InvokeReactions (e.g. due to a reaction causing a memory report to be
+    // captured somehow).
+    if (reaction) {
+      n += reaction->SizeOfIncludingThis(aMallocSizeOf);
+    }
   }
 
   return n;
 }
 
 //-----------------------------------------------------
 // CustomElementRegistry