From c3f9348a5940293aed46a81b81145682f47f98d2 Mon Sep 17 00:00:00 2001
From: JW Wang <jwwang@mozilla.com>
Date: Thu, 10 Jul 2014 11:23:02 -0400
Subject: [PATCH] Bug 1033121 - Release |mTimer| in nsTimerEvent::Run() instead
 of ~nsTimerEvent() to avoid race. r=bz

---
 xpcom/threads/nsTimerImpl.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/xpcom/threads/nsTimerImpl.cpp b/xpcom/threads/nsTimerImpl.cpp
index 9b394a70bb6..fd54a856069 100644
--- a/xpcom/threads/nsTimerImpl.cpp
+++ b/xpcom/threads/nsTimerImpl.cpp
@@ -709,6 +709,11 @@ nsTimerEvent::Run()
 #endif
 
   mTimer->Fire();
+  // Since nsTimerImpl is not thread-safe, we should release |mTimer|
+  // here in the target thread to avoid race condition. Otherwise,
+  // ~nsTimerEvent() which calls nsTimerImpl::Release() could run in the
+  // timer thread and result in race condition.
+  mTimer = nullptr;
 
   return NS_OK;
 }