Bug 1496673 - Fix crash in custom element data memory reporting code. r=jdai, a=pascalc
authorBoris Zbarsky <bzbarsky@mit.edu>
Fri, 05 Oct 2018 21:27:14 +0000
changeset 490266 c79baa59f78f
parent 490265 1c577d6a48f0
child 490267 db5fb5feecf9
push id9969
push userryanvm@gmail.com
push dateThu, 11 Oct 2018 17:41:24 +0000
treeherdermozilla-beta@f439e5f9e3d3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjdai, pascalc
bugs1496673
milestone63.0
Bug 1496673 - Fix crash in custom element data memory reporting code. r=jdai, a=pascalc While iterating the list in CustomElementReactionsStack::InvokeReactions we can have null pointers in mReactionQueue for reactions that have already been invoked. Differential Revision: https://phabricator.services.mozilla.com/D7923
dom/base/CustomElementRegistry.cpp
--- a/dom/base/CustomElementRegistry.cpp
+++ b/dom/base/CustomElementRegistry.cpp
@@ -261,17 +261,22 @@ CustomElementData::Unlink()
 size_t
 CustomElementData::SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const
 {
   size_t n = aMallocSizeOf(this);
 
   n += mReactionQueue.ShallowSizeOfExcludingThis(aMallocSizeOf);
 
   for (auto& reaction : mReactionQueue) {
-    n += reaction->SizeOfIncludingThis(aMallocSizeOf);
+    // "reaction" can be null if we're being called indirectly from
+    // InvokeReactions (e.g. due to a reaction causing a memory report to be
+    // captured somehow).
+    if (reaction) {
+      n += reaction->SizeOfIncludingThis(aMallocSizeOf);
+    }
   }
 
   return n;
 }
 
 //-----------------------------------------------------
 // CustomElementRegistry