Closed Bug 1372643 Opened 7 years ago Closed 7 years ago

ScriptLoader::EncodeBytecode might be called after dropping the document reference.

Categories

(Core :: JavaScript Engine, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla56
Tracking Status
firefox56 --- fixed

People

(Reporter: nbp, Assigned: nbp)

References

Details

Attachments

(1 file)

ScriptLoader::EncodeBytecode currently use get the script global out of the mDocument field. We should check that mDocument is not null before calling GetScriptGlobalObject.
This function is used in various places where it might not be obvious that mDocument is not null, and in EncodeBytecode and GiveUpBytecodeEncoding where it might potentially be nullified on the mDocument destruction, while the ScriptLoader is kept alive by the NewRunnableMethod from MaybeTriggerBytecodeEncoding.
Attachment #8877235 - Flags: review?(mrbkap)
Attachment #8877235 - Flags: review?(mrbkap) → review+
Pushed by npierron@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/1ea55f730fc0 Guard ScriptLoader::GetScriptGlobalObject with mDocument weak-ptr check. r=mrbkap
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: