Closed
Bug 1372643
Opened 7 years ago
Closed 7 years ago
ScriptLoader::EncodeBytecode might be called after dropping the document reference.
Categories
(Core :: JavaScript Engine, enhancement)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla56
Tracking | Status | |
---|---|---|
firefox56 | --- | fixed |
People
(Reporter: nbp, Assigned: nbp)
References
Details
Attachments
(1 file)
847 bytes,
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
ScriptLoader::EncodeBytecode currently use get the script global out of the mDocument field. We should check that mDocument is not null before calling GetScriptGlobalObject.
Assignee | ||
Comment 1•7 years ago
|
||
This function is used in various places where it might not be obvious that
mDocument is not null, and in EncodeBytecode and GiveUpBytecodeEncoding
where it might potentially be nullified on the mDocument destruction, while
the ScriptLoader is kept alive by the NewRunnableMethod from MaybeTriggerBytecodeEncoding.
Attachment #8877235 -
Flags: review?(mrbkap)
Updated•7 years ago
|
Attachment #8877235 -
Flags: review?(mrbkap) → review+
Pushed by npierron@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/1ea55f730fc0
Guard ScriptLoader::GetScriptGlobalObject with mDocument weak-ptr check. r=mrbkap
Comment 3•7 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox56:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in
before you can comment on or make changes to this bug.
Description
•