Bug 1289058 - Null check principals before holding them in JS::FirstSubsumedFrame; r=jimb
authorNick Fitzgerald <fitzgen@gmail.com>
Mon, 25 Jul 2016 15:07:22 -0700
changeset 348689 0d3a0369254a6d5adcfd80542155420b50d64fbd
parent 348688 19686b2399b5b0d41ac6a2405061ac9a5f143af2
child 348690 072a565bf24efd7687c76fa7a39c79700b023af2
push id1230
push userjlund@mozilla.com
push dateMon, 31 Oct 2016 18:13:35 +0000
treeherdermozilla-release@5e06e3766db2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjimb
bugs1289058
milestone50.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1289058 - Null check principals before holding them in JS::FirstSubsumedFrame; r=jimb
js/src/jit-test/tests/saved-stacks/bug-1289058.js
js/src/jsapi.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/saved-stacks/bug-1289058.js
@@ -0,0 +1,13 @@
+const g1 = newGlobal({});
+const g2 = newGlobal(newGlobal);
+g1.g2obj = g2.eval("new Object");
+g1.evaluate(`
+  const global = this;
+  function capture(shouldIgnoreSelfHosted = true) {
+    return captureFirstSubsumedFrame(global.g2obj, shouldIgnoreSelfHosted);
+  }
+  (function iife1() {
+    const captureTrueStack = capture(true);
+  }());
+`, {
+});
--- a/js/src/jsapi.h
+++ b/js/src/jsapi.h
@@ -5928,17 +5928,18 @@ struct FirstSubsumedFrame
      */
     explicit FirstSubsumedFrame(JSContext* cx, bool ignoreSelfHostedFrames = true);
 
     explicit FirstSubsumedFrame(JSContext* ctx, JSPrincipals* p, bool ignoreSelfHostedFrames = true)
       : cx(ctx)
       , principals(p)
       , ignoreSelfHosted(ignoreSelfHostedFrames)
     {
-        JS_HoldPrincipals(principals);
+        if (principals)
+            JS_HoldPrincipals(principals);
     }
 
     // No copying because we want to avoid holding and dropping principals
     // unnecessarily.
     FirstSubsumedFrame(const FirstSubsumedFrame&) = delete;
     FirstSubsumedFrame& operator=(const FirstSubsumedFrame&) = delete;
 
     FirstSubsumedFrame(FirstSubsumedFrame&& rhs)