Bug 1369994 - Ensure template objects for typed arrays are initialized properly before exposing them to GC. r=sfink

js/src/vm/TypedArrayObject.cpp

@@ -578,11 +578,6 @@ class TypedArrayObjectTemplate : public TypedArrayObject
         RootedObject tmp(cx, NewBuiltinClassInstance(cx, clasp, allocKind, newKind));
         if (!tmp)
             return nullptr;
-        if (script && !ObjectGroup::setAllocationSiteObjectGroup(cx, script, pc, tmp,
-                                                                 newKind == SingletonObject))
-        {
-            return nullptr;
-        }
 
         TypedArrayObject* tarray = &tmp->as<TypedArrayObject>();
         initTypedArraySlots(cx, tarray, len);
@@ -592,6 +587,12 @@ class TypedArrayObjectTemplate : public TypedArrayObject
         // nullptr and avoid allocating memory that will never be used.
         tarray->initPrivate(nullptr);
 
+        if (script && !ObjectGroup::setAllocationSiteObjectGroup(cx, script, pc, tmp,
+                                                                 newKind == SingletonObject))
+        {
+            return nullptr;
+        }
+
         return tarray;
     }