Bug 1417405 - Make sure to hold a strong ref on the stack to arguments passed to IsPotentiallyScrollable. r=smaug, a=gchang
authorBoris Zbarsky <bzbarsky@mit.edu>
Fri, 17 Nov 2017 01:10:01 -0500
changeset 445084 fb7969babb002d449eb86bf91c371a9117fa0980
parent 445083 07afcea951ff9ff7d77452a04c6a082d2a5f1d9b
child 445085 1721d3342c811d77216565d6777e4d16478467fe
push id1618
push userCallek@gmail.com
push dateThu, 11 Jan 2018 17:45:48 +0000
treeherdermozilla-release@882ca853e05a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug, gchang
bugs1417405
milestone58.0
Bug 1417405 - Make sure to hold a strong ref on the stack to arguments passed to IsPotentiallyScrollable. r=smaug, a=gchang
dom/base/nsDocument.cpp
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@@ -11052,17 +11052,17 @@ nsIDocument::IsPotentiallyScrollable(HTM
   return true;
 }
 
 Element*
 nsIDocument::GetScrollingElement()
 {
   // Keep this in sync with IsScrollingElement.
   if (GetCompatibilityMode() == eCompatibility_NavQuirks) {
-    HTMLBodyElement* body = GetBodyElement();
+    RefPtr<HTMLBodyElement> body = GetBodyElement();
     if (body && !IsPotentiallyScrollable(body)) {
       return body;
     }
 
     return nullptr;
   }
 
   return GetRootElement();
@@ -11073,25 +11073,27 @@ nsIDocument::IsScrollingElement(Element*
 {
   // Keep this in sync with GetScrollingElement.
   MOZ_ASSERT(aElement);
 
   if (GetCompatibilityMode() != eCompatibility_NavQuirks) {
     return aElement == GetRootElement();
   }
 
+  // In the common case when aElement != body, avoid refcounting.
   HTMLBodyElement* body = GetBodyElement();
   if (aElement != body) {
     return false;
   }
 
   // Now we know body is non-null, since aElement is not null.  It's the
   // scrolling element for the document if it itself is not potentially
   // scrollable.
-  return !IsPotentiallyScrollable(body);
+  RefPtr<HTMLBodyElement> strongBody(body);
+  return !IsPotentiallyScrollable(strongBody);
 }
 
 void
 nsIDocument::ObsoleteSheet(nsIURI *aSheetURI, ErrorResult& rv)
 {
   nsresult res = CSSLoader()->ObsoleteSheet(aSheetURI);
   if (NS_FAILED(res)) {
     rv.Throw(res);