Bug 1456536 - Fix OOM handling in shell grayRoot() function r=sfink
authorJon Coppeard <jcoppeard@mozilla.com>
Fri, 04 May 2018 09:47:58 +0100
changeset 473001 927cb3d95ae59298050ddb69a9e4fcb99e003289
parent 473000 6d837b6dd6b4ce4efa804515bd95d747f27c9110
child 473002 6262a4f457d1fca0c5d59012994965f6217482d5
push id1728
push userjlund@mozilla.com
push dateMon, 18 Jun 2018 21:12:27 +0000
treeherdermozilla-release@c296fde26f5f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssfink
bugs1456536
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1456536 - Fix OOM handling in shell grayRoot() function r=sfink
js/src/jit-test/tests/gc/bug-1456536.js
js/src/shell/js.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-1456536.js
@@ -0,0 +1,3 @@
+if (!('oomTest' in this))
+   quit();
+oomTest(new Function(`let a = grayRoot();`));
--- a/js/src/shell/js.cpp
+++ b/js/src/shell/js.cpp
@@ -6241,16 +6241,19 @@ EnsureShellCompartmentPrivate(JSContext*
 }
 
 static bool
 EnsureGrayRoot(JSContext* cx, unsigned argc, Value* vp)
 {
     CallArgs args = CallArgsFromVp(argc, vp);
 
     auto priv = EnsureShellCompartmentPrivate(cx);
+    if (!priv)
+        return false;
+
     if (!priv->grayRoot) {
         if (!(priv->grayRoot = NewDenseEmptyArray(cx, nullptr, TenuredObject)))
             return false;
     }
 
     args.rval().setObject(*priv->grayRoot);
     return true;
 }