Closed Bug 1372643 Opened 3 years ago Closed 3 years ago

ScriptLoader::EncodeBytecode might be called after dropping the document reference.

Categories

(Core :: JavaScript Engine, enhancement)

enhancement
Not set

Tracking

()

RESOLVED FIXED
mozilla56
Tracking Status
firefox56 --- fixed

People

(Reporter: nbp, Assigned: nbp)

References

Details

Attachments

(1 file)

ScriptLoader::EncodeBytecode currently use get the script global out of the mDocument field.  We should check that mDocument is not null before calling GetScriptGlobalObject.
This function is used in various places where it might not be obvious that
mDocument is not null, and in EncodeBytecode and GiveUpBytecodeEncoding
where it might potentially be nullified on the mDocument destruction, while
the ScriptLoader is kept alive by the NewRunnableMethod from MaybeTriggerBytecodeEncoding.
Attachment #8877235 - Flags: review?(mrbkap)
Attachment #8877235 - Flags: review?(mrbkap) → review+
Pushed by npierron@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/1ea55f730fc0
Guard ScriptLoader::GetScriptGlobalObject with mDocument weak-ptr check. r=mrbkap
https://hg.mozilla.org/mozilla-central/rev/1ea55f730fc0
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in before you can comment on or make changes to this bug.