Bug 1865987 - Add debugging code for diagnosing crash bug 1856672. r=sfink

Differential Revision: https://phabricator.services.mozilla.com/D194329
2023-11-24 17:44:54 +00:00 · 2023-11-24 17:44:54 +00:00 · d1de3a922c
commit d1de3a922c
parent 18847b7aa0
1 changed files with 54 additions and 2 deletions
--- a/dom/bindings/TypedArray.h
+++ b/dom/bindings/TypedArray.h
@ -26,6 +26,7 @@
 #include "mozilla/dom/BindingDeclarations.h"
 #include "mozilla/dom/ScriptSettings.h"
 #include "mozilla/dom/SpiderMonkeyInterface.h"
+#include "nsIGlobalObject.h"
 #include "nsWrapperCache.h"
 #include "nsWrapperCacheInlines.h"

@ -637,8 +638,59 @@ struct TypedArray_base : public SpiderMonkeyInterfaceObjectStorage,
  [[nodiscard]] ProcessReturnType<Processor> ProcessFixedData(
      Processor&& aProcessor) const {
    mozilla::dom::AutoJSAPI jsapi;
-    if (!jsapi.Init(mImplObj) ||
-        !JS::EnsureNonInlineArrayBufferOrView(jsapi.cx(), mImplObj)) {
+    if (!jsapi.Init(mImplObj)) {
+#if defined(EARLY_BETA_OR_EARLIER)
+      if constexpr (std::is_same_v<ArrayT, JS::ArrayBufferView>) {
+        if (!mImplObj) {
+          MOZ_CRASH("Null mImplObj");
+        }
+        if (!xpc::NativeGlobal(mImplObj)) {
+          MOZ_CRASH("Null xpc::NativeGlobal(mImplObj)");
+        }
+        if (!xpc::NativeGlobal(mImplObj)->GetGlobalJSObject()) {
+          MOZ_CRASH("Null xpc::NativeGlobal(mImplObj)->GetGlobalJSObject()");
+        }
+      }
+#endif
+      MOZ_CRASH("Failed to get JSContext");
+    }
+#if defined(EARLY_BETA_OR_EARLIER)
+    if constexpr (std::is_same_v<ArrayT, JS::ArrayBufferView>) {
+      JS::Rooted<JSObject*> view(jsapi.cx(),
+                                 js::UnwrapArrayBufferView(mImplObj));
+      if (!view) {
+        if (JSObject* unwrapped = js::CheckedUnwrapStatic(mImplObj)) {
+          if (!js::UnwrapArrayBufferView(unwrapped)) {
+            MOZ_CRASH(
+                "Null "
+                "js::UnwrapArrayBufferView(js::CheckedUnwrapStatic(mImplObj))");
+          }
+          view = unwrapped;
+        } else {
+          MOZ_CRASH("Null js::CheckedUnwrapStatic(mImplObj)");
+        }
+      }
+      if (!JS::IsArrayBufferViewShared(view)) {
+        JSAutoRealm ar(jsapi.cx(), view);
+        bool unused;
+        JSObject* buffer =
+            JS_GetArrayBufferViewBuffer(jsapi.cx(), view, &unused);
+        if (!buffer) {
+          MOZ_CRASH(
+              "js::JS_GetArrayBufferViewBuffer failed, maybe calling "
+              "ensureBufferObject?");
+        }
+
+        if (!JS::IsDetachedArrayBufferObject(buffer)) {
+          if (!JS::PinArrayBufferOrViewLength(buffer, true)) {
+            MOZ_CRASH("Length was pinned already!");
+          }
+          JS::PinArrayBufferOrViewLength(buffer, false);
+        }
+      }
+    }
+#endif
+    if (!JS::EnsureNonInlineArrayBufferOrView(jsapi.cx(), mImplObj)) {
      MOZ_CRASH("small oom when moving inline data out-of-line");
    }
    LengthPinner pinner(this);