From 57fdfc58fdd88ff7abea3ddee9914a3ebf7252a6 Mon Sep 17 00:00:00 2001
From: Brian Hackett <bhackett1024@gmail.com>
Date: Mon, 14 Nov 2011 17:06:53 -0800
Subject: [PATCH] Clear XPCWrappedNativeScope fields to avoid accessing freed
 arenas during destruction, no bug. r=billm

---
 js/xpconnect/src/XPCWrappedNativeScope.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/js/xpconnect/src/XPCWrappedNativeScope.cpp b/js/xpconnect/src/XPCWrappedNativeScope.cpp
index 646f259e45c..c046d5fa8f7 100644
--- a/js/xpconnect/src/XPCWrappedNativeScope.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeScope.cpp
@@ -431,6 +431,9 @@ XPCWrappedNativeScope::FinishedMarkPhaseOfGC(JSContext* cx, XPCJSRuntime* rt)
         if (cur->mGlobalJSObject &&
             JS_IsAboutToBeFinalized(cx, cur->mGlobalJSObject)) {
             cur->mGlobalJSObject = nsnull;
+            cur->mPrototypeJSObject = nsnull;
+            cur->mPrototypeJSFunction = nsnull;
+            cur->mPrototypeNoHelper = nsnull;
             cur->mScriptObjectPrincipal = nsnull;
             if (cur->GetCachedDOMPrototypes().IsInitialized())
                  cur->GetCachedDOMPrototypes().Clear();