Bug 1172076 - Switch compartment before computing recover instruction results. r=jandem, a=lizzard
authorNicolas B. Pierron <nicolas.b.pierron@mozilla.com>
Mon, 15 Jun 2015 11:48:15 +0200
changeset 267751 e71a296662b4b234acb42557b8337746fdad381e
parent 267750 b6a371e7e153a71c9256af8f59aa39c57bb35394
child 267752 68aa36e9b5fc173ec1900fa005f88ba4aac7742e
push id830
push userraliiev@mozilla.com
push dateFri, 19 Jun 2015 19:24:37 +0000
treeherdermozilla-release@932614382a68 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem, lizzard
bugs1172076
milestone39.0
Bug 1172076 - Switch compartment before computing recover instruction results. r=jandem, a=lizzard
js/src/jit/JitFrames.cpp
--- a/js/src/jit/JitFrames.cpp
+++ b/js/src/jit/JitFrames.cpp
@@ -2141,16 +2141,18 @@ SnapshotIterator::initInstructionResults
     // If there is only one resume point in the list of instructions, then there
     // is no instruction to recover, and thus no need to register any results.
     if (recover_.numInstructions() == 1)
         return true;
 
     JitFrameLayout* fp = fallback.frame->jsFrame();
     RInstructionResults* results = fallback.activation->maybeIonFrameRecovery(fp);
     if (!results) {
+        AutoCompartment ac(cx, fallback.frame->script()->compartment());
+
         // We do not have the result yet, which means that an observable stack
         // slot is requested.  As we do not want to bailout every time for the
         // same reason, we need to recompile without optimizing away the
         // observable stack slots.  The script would later be recompiled to have
         // support for Argument objects.
         if (fallback.consequence == MaybeReadFallback::Fallback_Invalidate &&
             !ionScript_->invalidate(cx, /* resetUses = */ false, "Observe recovered instruction."))
         {