From 3dedc86d90ba3e67e7c5a65ce9dadec8c343f657 Mon Sep 17 00:00:00 2001
From: Brian Birtles <birtles@gmail.com>
Date: Fri, 8 Jul 2016 13:17:42 +0900
Subject: [PATCH] Bug 1277908 - Keep visited rule node alive while creating
 non-visited style context; r=dholbert

MozReview-Commit-ID: Eqti28E14Jp

--HG--
extra : rebase_source : b1ab439dd85e87c11dcc5a85b70fcc21a48e328e
---
 layout/style/nsStyleSet.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/layout/style/nsStyleSet.cpp b/layout/style/nsStyleSet.cpp
index 3b068b63ef32..61f04a14df3a 100644
--- a/layout/style/nsStyleSet.cpp
+++ b/layout/style/nsStyleSet.cpp
@@ -908,6 +908,13 @@ nsStyleSet::GetContext(nsStyleContext* aParentContext,
                                                 relevantLinkVisited);
 
   if (!result) {
+    // |aVisitedRuleNode| may have a ref-count of zero since we are yet
+    // to create the style context that will hold an owning reference to it.
+    // As a result, we need to make sure it stays alive until that point
+    // in case something in the first call to NS_NewStyleContext triggers a
+    // GC sweep of rule nodes.
+    RefPtr<nsRuleNode> kungFuDeathGrip{aVisitedRuleNode};
+
     result = NS_NewStyleContext(aParentContext, aPseudoTag, aPseudoType,
                                 aRuleNode,
                                 aFlags & eSkipParentDisplayBasedStyleFixup);