Bug 1368735 - Fix GeneratorObject::suspend to allocate the array before changing generator state. r=jonco
authorJan de Mooij <jdemooij@mozilla.com>
Fri, 02 Jun 2017 18:41:15 +0200
changeset 410160 d375de81480f9fd9d736c696541ff6d2e55baf49
parent 410159 0678eef8a8bd0f8c9edc063cf9c6434c6771b90b
child 410161 c5cefe156423e8bc688cba4511847ba4f4c5571a
push id7391
push usermtabara@mozilla.com
push dateMon, 12 Jun 2017 13:08:53 +0000
treeherdermozilla-beta@2191d7f87e2e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjonco
bugs1368735
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1368735 - Fix GeneratorObject::suspend to allocate the array before changing generator state. r=jonco
js/src/vm/GeneratorObject.cpp
--- a/js/src/vm/GeneratorObject.cpp
+++ b/js/src/vm/GeneratorObject.cpp
@@ -74,26 +74,28 @@ GeneratorObject::suspend(JSContext* cx, 
                   genObj->callee().isLegacyGenerator());
 
     if (*pc == JSOP_YIELD && genObj->isClosing() && genObj->is<LegacyGeneratorObject>()) {
         RootedValue val(cx, ObjectValue(*frame.callee()));
         ReportValueError(cx, JSMSG_BAD_GENERATOR_YIELD, JSDVG_IGNORE_STACK, val, nullptr);
         return false;
     }
 
+    ArrayObject* stack = nullptr;
+    if (nvalues > 0) {
+        stack = NewDenseCopiedArray(cx, nvalues, vp);
+        if (!stack)
+            return false;
+    }
+
     uint32_t yieldAndAwaitIndex = GET_UINT24(pc);
     genObj->setYieldAndAwaitIndex(yieldAndAwaitIndex);
     genObj->setEnvironmentChain(*frame.environmentChain());
-
-    if (nvalues) {
-        ArrayObject* stack = NewDenseCopiedArray(cx, nvalues, vp);
-        if (!stack)
-            return false;
+    if (stack)
         genObj->setExpressionStack(*stack);
-    }
 
     return true;
 }
 
 bool
 GeneratorObject::finalSuspend(JSContext* cx, HandleObject obj)
 {
     Rooted<GeneratorObject*> genObj(cx, &obj->as<GeneratorObject>());