Bug 1305236 - Don't call ExposeObjectToActiveJS on null pointer. r=smaug, a=ritu
authorJon Coppeard <jcoppeard@mozilla.com>
Thu, 29 Sep 2016 10:18:50 +0100
changeset 350558 2b1c242aecce48db247440f44525c2e89020c352
parent 350557 64ddbbd1b2f09e5fabfec5a3df47677cc7410fff
child 350559 f599f4e3d84fe2f99c7c0995f224152ebdb87a34
push id1230
push userjlund@mozilla.com
push dateMon, 31 Oct 2016 18:13:35 +0000
treeherdermozilla-release@5e06e3766db2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug, ritu
bugs1305236
milestone50.0
Bug 1305236 - Don't call ExposeObjectToActiveJS on null pointer. r=smaug, a=ritu
dom/bindings/Exceptions.cpp
js/public/GCAPI.h
--- a/dom/bindings/Exceptions.cpp
+++ b/dom/bindings/Exceptions.cpp
@@ -634,17 +634,19 @@ NS_IMETHODIMP JSStackFrame::GetFormatted
     mFormattedStackInitialized = true;
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP JSStackFrame::GetNativeSavedFrame(JS::MutableHandle<JS::Value> aSavedFrame)
 {
-  JS::ExposeObjectToActiveJS(mStack);
+  if (mStack) {
+    JS::ExposeObjectToActiveJS(mStack);
+  }
   aSavedFrame.setObjectOrNull(mStack);
   return NS_OK;
 }
 
 NS_IMETHODIMP JSStackFrame::ToString(JSContext* aCx, nsACString& _retval)
 {
   _retval.Truncate();
 
--- a/js/public/GCAPI.h
+++ b/js/public/GCAPI.h
@@ -627,16 +627,17 @@ namespace JS {
  * This should be called when an object that is marked gray is exposed to the JS
  * engine (by handing it to running JS code or writing it into live JS
  * data). During incremental GC, since the gray bits haven't been computed yet,
  * we conservatively mark the object black.
  */
 static MOZ_ALWAYS_INLINE void
 ExposeObjectToActiveJS(JSObject* obj)
 {
+    MOZ_ASSERT(obj);
     js::gc::ExposeGCThingToActiveJS(GCCellPtr(obj));
 }
 
 static MOZ_ALWAYS_INLINE void
 ExposeScriptToActiveJS(JSScript* script)
 {
     js::gc::ExposeGCThingToActiveJS(GCCellPtr(script));
 }