Bug 942121 - Fix WebIDL dictionary member tracing to null-check nullable object types before trying to trace them, since passing pointer-to-null to JS_CallObjectTracer is not OK. r=smaug, a=lsblakk
authorBoris Zbarsky <bzbarsky@mit.edu>
Sat, 26 Apr 2014 21:50:00 -0400
changeset 193183 4fe45aedd3f969841c9015b77caa241e1a4fcf2f
parent 193182 971c128f84bb04db922d28437d38e7f6f05bb389
child 193184 9df6cc4e738eca1ce4f1309208452c6ab436530a
push id474
push userasasaki@mozilla.com
push dateMon, 02 Jun 2014 21:01:02 +0000
treeherdermozilla-release@967f4cf1b31c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug, lsblakk
bugs942121
milestone30.0a2
Bug 942121 - Fix WebIDL dictionary member tracing to null-check nullable object types before trying to trace them, since passing pointer-to-null to JS_CallObjectTracer is not OK. r=smaug, a=lsblakk
dom/bindings/Codegen.py
--- a/dom/bindings/Codegen.py
+++ b/dom/bindings/Codegen.py
@@ -9540,16 +9540,18 @@ if (""",
             memberData = "%s.Value()" % memberLoc
 
         memberName = "%s.%s" % (self.makeClassName(self.dictionary),
                                 memberLoc)
 
         if type.isObject():
             trace = CGGeneric('JS_CallObjectTracer(trc, %s, "%s");' %
                               ("&"+memberData, memberName))
+            if type.nullable():
+                trace = CGIfWrapper(trace, memberData)
         elif type.isAny():
             trace = CGGeneric('JS_CallValueTracer(trc, %s, "%s");' %
                               ("&"+memberData, memberName))
         elif (type.isSequence() or type.isDictionary() or
               type.isSpiderMonkeyInterface() or type.isUnion()):
             if type.nullable():
                 memberNullable = memberData
                 memberData = "%s.Value()" % memberData