Bug 1008107 - Allow SandboxPrivate to be null in sandbox_finalize. r=bz, a=lmandel
authorBill McCloskey <wmccloskey@mozilla.com>
Thu, 21 Aug 2014 13:29:20 -0700
changeset 208372 85318a1536ee
parent 208371 74a58e14d1d3
child 208373 8f49d60bf5c9
push id3847
push userryanvm@gmail.com
push date2014-08-22 01:00 +0000
treeherdermozilla-beta@8f49d60bf5c9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz, lmandel
bugs1008107
milestone32.0
Bug 1008107 - Allow SandboxPrivate to be null in sandbox_finalize. r=bz, a=lmandel
js/xpconnect/src/Sandbox.cpp
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@@ -654,19 +654,23 @@ sandbox_resolve(JSContext *cx, HandleObj
     return JS_ResolveStandardClass(cx, obj, id, &resolved);
 }
 
 static void
 sandbox_finalize(JSFreeOp *fop, JSObject *obj)
 {
     nsIScriptObjectPrincipal *sop =
         static_cast<nsIScriptObjectPrincipal *>(xpc_GetJSPrivate(obj));
-    MOZ_ASSERT(sop);
+    if (!sop) {
+        // sop can be null if CreateSandboxObject fails in the middle.
+        return;
+    }
+
     static_cast<SandboxPrivate *>(sop)->ForgetGlobalObject();
-    NS_IF_RELEASE(sop);
+    NS_RELEASE(sop);
     DestroyProtoAndIfaceCache(obj);
 }
 
 static bool
 sandbox_convert(JSContext *cx, HandleObject obj, JSType type, MutableHandleValue vp)
 {
     if (type == JSTYPE_OBJECT) {
         vp.set(OBJECT_TO_JSVAL(obj));