Bug 1295033 - Handle failure in nsXPCWrappedJS constructor r=mccr8
authorJon Coppeard <jcoppeard@mozilla.com>
Wed, 07 Dec 2016 13:43:24 -1000
changeset 325396 a4417f62daa838bfb6cd501ddfaeb9f1e70240e0
parent 325395 28a55c1ec275c381b2dfd174c8847d8339d7f652
child 325397 b8866907ddc0ef7073fbf827d07c52e9fa8335ef
push id24
push usermaklebus@msu.edu
push dateTue, 20 Dec 2016 03:11:33 +0000
reviewersmccr8
bugs1295033
milestone53.0a1
Bug 1295033 - Handle failure in nsXPCWrappedJS constructor r=mccr8
js/xpconnect/src/XPCWrappedJS.cpp
js/xpconnect/src/XPCWrappedJSClass.cpp
--- a/js/xpconnect/src/XPCWrappedJS.cpp
+++ b/js/xpconnect/src/XPCWrappedJS.cpp
@@ -400,29 +400,33 @@ nsXPCWrappedJS::nsXPCWrappedJS(JSContext
 
     // There is an extra AddRef to support weak references to wrappers
     // that are subject to finalization. See the top of the file for more
     // details.
     NS_ADDREF_THIS();
 
     if (IsRootWrapper()) {
         MOZ_ASSERT(!IsMultiCompartment(), "mNext is always nullptr here");
-        xpc::CompartmentPrivate::Get(mJSObj)->GetWrappedJSMap()->Add(cx, this);
+        if (!xpc::CompartmentPrivate::Get(mJSObj)->GetWrappedJSMap()->Add(cx, this)) {
+            *rv = NS_ERROR_OUT_OF_MEMORY;
+        }
     } else {
         NS_ADDREF(mRoot);
         mNext = mRoot->mNext;
         mRoot->mNext = this;
 
         // We always start wrappers in the per-compartment table. If adding
         // this wrapper to the chain causes it to cross compartments, we need
         // to migrate the chain to the global table on the XPCJSContext.
         if (mRoot->IsMultiCompartment()) {
             xpc::CompartmentPrivate::Get(mRoot->mJSObj)->GetWrappedJSMap()->Remove(mRoot);
-            MOZ_RELEASE_ASSERT(nsXPConnect::GetContextInstance()->
-                    GetMultiCompartmentWrappedJSMap()->Add(cx, mRoot));
+            auto destMap = nsXPConnect::GetContextInstance()->GetMultiCompartmentWrappedJSMap();
+            if (!destMap->Add(cx, mRoot)) {
+                *rv = NS_ERROR_OUT_OF_MEMORY;
+            }
         }
     }
 }
 
 nsXPCWrappedJS::~nsXPCWrappedJS()
 {
     Destroy();
 }
--- a/js/xpconnect/src/XPCWrappedJSClass.cpp
+++ b/js/xpconnect/src/XPCWrappedJSClass.cpp
@@ -549,17 +549,19 @@ nsXPCWrappedJSClass::DelegatedQueryInter
     nsCOMPtr<nsIInterfaceInfo> info;
     nsXPConnect::XPConnect()->GetInfoForIID(&aIID, getter_AddRefs(info));
     if (info && NS_SUCCEEDED(info->IsFunction(&isFunc)) && isFunc) {
         RefPtr<nsXPCWrappedJS> wrapper;
         RootedObject obj(RootingCx(), self->GetJSObject());
         nsresult rv = nsXPCWrappedJS::GetNewOrUsed(obj, aIID, getter_AddRefs(wrapper));
 
         // Do the same thing we do for the "check for any existing wrapper" case above.
-        *aInstancePtr = wrapper.forget().take()->GetXPTCStub();
+        if (NS_SUCCEEDED(rv) && wrapper) {
+            *aInstancePtr = wrapper.forget().take()->GetXPTCStub();
+        }
         return rv;
     }
 
     // else we do the more expensive stuff...
 
     // check if the JSObject claims to implement this interface
     RootedObject jsobj(ccx, CallQueryInterfaceOnJSObject(ccx, self->GetJSObject(),
                                                          aIID));