From f1d686be980a8f525644ef11d6384f3aa85e08c2 Mon Sep 17 00:00:00 2001 From: Jon Coppeard Date: Fri, 20 Sep 2013 10:22:58 +0100 Subject: [PATCH] Bug 917757 - Don't trigger Heap post barriers in XPConnect shutdown r=bholley --- js/xpconnect/src/XPCWrappedJS.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/js/xpconnect/src/XPCWrappedJS.cpp b/js/xpconnect/src/XPCWrappedJS.cpp index 5bc8262ad88..b0c6844bbed 100644 --- a/js/xpconnect/src/XPCWrappedJS.cpp +++ b/js/xpconnect/src/XPCWrappedJS.cpp @@ -610,7 +610,11 @@ nsXPCWrappedJS::SystemIsBeingShutDown() // NOTE: that mClass is retained so that GetInterfaceInfo can continue to // work (and avoid crashing some platforms). - mJSObj = nullptr; + + // Use of unsafeGet() is to avoid triggering post barriers in shutdown, as + // this will access the chunk containing mJSObj, which may have been freed + // at this point. + *mJSObj.unsafeGet() = nullptr; // Notify other wrappers in the chain. if (mNext)