wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 576386 - AddPropertyHelper builtin would crash under JS_UNLOCK_SCOPE if js_GetMutableScope fails. r=jorendorff.

Browse Source
This commit is contained in:
timeless@mozdev.org 2010-07-02 09:57:19 -05:00
parent d52d02e814
commit 2445345373
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
js/src/jsbuiltins.cpp
View File

@ -204,13 +204,13 @@ AddPropertyHelper(JSContext* cx, JSObject* obj, JSScopeProperty* sprop, bool isD
uint32 slot = sprop->slot;
JSScope* scope = obj->scope();
if (slot != scope->freeslot)
goto exit_trace;
return false;
JS_ASSERT(sprop->parent == scope->lastProperty());
if (scope->isSharedEmpty()) {
scope = js_GetMutableScope(cx, obj);
if (!scope)
goto exit_trace;
return false;
} else {
JS_ASSERT(!scope->hasProperty(sprop));
}
@ -243,11 +243,11 @@ AddPropertyHelper(JSContext* cx, JSObject* obj, JSScopeProperty* sprop, bool isD
goto exit_trace;
JS_UNLOCK_SCOPE(cx, scope);
return JS_TRUE;
return true;
exit_trace:
JS_UNLOCK_SCOPE(cx, scope);
return JS_FALSE;
return false;
}
JSBool FASTCALL