Bug 1832284 - Fix rooting hazard in JSObject::swap r=sfink

Reorder blocks to avoid possbile GC while |na| and |nb| are live.

Differential Revision: https://phabricator.services.mozilla.com/D177627

js/src/vm/JSObject.cpp

@@ -1375,6 +1375,16 @@ void JSObject::swap(JSContext* cx, HandleObject a, HandleObject b,
     }
   }
 
+  // Restore original unique IDs.
+  if ((aid || bid) && (na || nb)) {
+    if ((aid && !gc::SetOrUpdateUniqueId(cx, a, aid)) ||
+        (bid && !gc::SetOrUpdateUniqueId(cx, b, bid))) {
+      oomUnsafe.crash("Failed to set unique ID after swap");
+    }
+  }
+  MOZ_ASSERT_IF(aid, gc::GetUniqueIdInfallible(a) == aid);
+  MOZ_ASSERT_IF(bid, gc::GetUniqueIdInfallible(b) == bid);
+
   // Preserve the IsUsedAsPrototype flag on the objects.
   if (aIsUsedAsPrototype) {
     if (!JSObject::setIsUsedAsPrototype(cx, a)) {
@@ -1387,16 +1397,6 @@ void JSObject::swap(JSContext* cx, HandleObject a, HandleObject b,
     }
   }
 
-  // Restore original unique IDs.
-  if ((aid || bid) && (na || nb)) {
-    if ((aid && !gc::SetOrUpdateUniqueId(cx, a, aid)) ||
-        (bid && !gc::SetOrUpdateUniqueId(cx, b, bid))) {
-      oomUnsafe.crash("Failed to set unique ID after swap");
-    }
-  }
-  MOZ_ASSERT_IF(aid, gc::GetUniqueIdInfallible(a) == aid);
-  MOZ_ASSERT_IF(bid, gc::GetUniqueIdInfallible(b) == bid);
-
   /*
    * We need a write barrier here. If |a| was marked and |b| was not, then
    * after the swap, |b|'s guts would never be marked. The write barrier