In js::jit::DoCompareFallback we have the following code: > ICStub *doubleStub = compiler.getStub(compiler.getStubSpace(script)); > if (!stub) > return false; I think this is either a typo or some tasty copy-pasta. I changed stub to doubleStub and it fixed another OOM crasher for me. Jandem, can you review the attached patch since it's your code?

Christian: should this OOM fix be uplifted to Aurora 28 and Beta 27?

This one can safely be uplifted to Aurora at least.

Comment on attachment 8345050 [details] [diff] [review] js-setNext-oom.patch [Approval Request Comment] Bug caused by (feature/regressing bug #): N/A User impact if declined: Crashes with OOM conditions Testing completed (on m-c, etc.): A few days on mozilla-central Risk to taking this patch (and alternatives if risky): Not risky, patch is just fixing a null check (fixing a typo). String or IDL/UUID changes made by this patch: None

I don't think this needs QA verification. If anyone thinks that's a mistake please remove the [qa-] whiteboard tag and add the verifyme keyword.