diff --git a/js/src/js.msg b/js/src/js.msg index de64a720c7a..bf88dffdd93 100644 --- a/js/src/js.msg +++ b/js/src/js.msg @@ -75,6 +75,7 @@ MSG_DEF(JSMSG_UTF8_CHAR_TOO_LARGE, 1, JSEXN_TYPEERR, "UTF-8 character {0} to MSG_DEF(JSMSG_MALFORMED_UTF8_CHAR, 1, JSEXN_TYPEERR, "malformed UTF-8 character sequence at offset {0}") MSG_DEF(JSMSG_WRONG_CONSTRUCTOR, 1, JSEXN_TYPEERR, "wrong constructor called for {0}") MSG_DEF(JSMSG_BUILTIN_CTOR_NO_NEW, 1, JSEXN_NONE, "calling a builtin {0} constructor without new is deprecated and will be forbidden in ES6") +MSG_DEF(JSMSG_BUILTIN_CTOR_NO_NEW_FATAL, 1, JSEXN_TYPEERR, "calling a builtin {0} constructor without new is forbidden") MSG_DEF(JSMSG_PROTO_SETTING_SLOW, 0, JSEXN_NONE, "mutating the [[Prototype]] of an object will cause your code to run very slowly; instead create the object with the correct initial [[Prototype]] value using Object.create") MSG_DEF(JSMSG_BAD_GENERATOR_YIELD, 1, JSEXN_TYPEERR, "yield from closing generator {0}") MSG_DEF(JSMSG_EMPTY_ARRAY_REDUCE, 0, JSEXN_TYPEERR, "reduce of empty array with no initial value") diff --git a/js/src/tests/js1_8_5/extensions/dataview.js b/js/src/tests/js1_8_5/extensions/dataview.js index d0203dfd507..98f7b1b5955 100644 --- a/js/src/tests/js1_8_5/extensions/dataview.js +++ b/js/src/tests/js1_8_5/extensions/dataview.js @@ -1647,12 +1647,10 @@ function test() { assertEq(Object.getPrototypeOf(av), DataView.prototype); // Bug 760904: call another compartment's constructor with an ArrayBuffer - // from this compartment, both as a constructor and as a regular call. (The - // latter is what was broken in that bug.) + // from this compartment. var alien_constructor = alien.DataView; var local_buffer = (new Int8Array(3)).buffer; - var foreign_exchange_student_1 = alien_constructor(local_buffer); - var foreign_exchange_student_2 = new alien_constructor(local_buffer); + var foreign_exchange_student = new alien_constructor(local_buffer); // gc bug 787775 var ab = new ArrayBuffer(4); diff --git a/js/src/vm/NativeObject-inl.h b/js/src/vm/NativeObject-inl.h index b13bdf1facb..cfd88a775f9 100644 --- a/js/src/vm/NativeObject-inl.h +++ b/js/src/vm/NativeObject-inl.h @@ -612,6 +612,15 @@ WarnIfNotConstructing(JSContext* cx, const CallArgs& args, const char* builtinNa JSMSG_BUILTIN_CTOR_NO_NEW, builtinName); } +inline bool +ThrowIfNotConstructing(JSContext *cx, const CallArgs &args, const char *builtinName) +{ + if (args.isConstructing()) + return true; + return JS_ReportErrorFlagsAndNumber(cx, JSREPORT_ERROR, GetErrorMessage, nullptr, + JSMSG_BUILTIN_CTOR_NO_NEW_FATAL, builtinName); +} + } // namespace js #endif /* vm_NativeObject_inl_h */ diff --git a/js/src/vm/TypedArrayObject.cpp b/js/src/vm/TypedArrayObject.cpp index e1817588d73..dc13f0818e7 100644 --- a/js/src/vm/TypedArrayObject.cpp +++ b/js/src/vm/TypedArrayObject.cpp @@ -1094,6 +1094,9 @@ DataViewObject::class_constructor(JSContext* cx, unsigned argc, Value* vp) { CallArgs args = CallArgsFromVp(argc, vp); + if (!ThrowIfNotConstructing(cx, args, "DataView")) + return false; + RootedObject bufobj(cx); if (!GetFirstArgumentAsObject(cx, args, "DataView constructor", &bufobj)) return false; diff --git a/js/src/vm/Xdr.h b/js/src/vm/Xdr.h index 8beaf79828a..b2aea741ee4 100644 --- a/js/src/vm/Xdr.h +++ b/js/src/vm/Xdr.h @@ -29,11 +29,11 @@ namespace js { * * https://developer.mozilla.org/en-US/docs/SpiderMonkey/Internals/Bytecode */ -static const uint32_t XDR_BYTECODE_VERSION_SUBTRAHEND = 282; +static const uint32_t XDR_BYTECODE_VERSION_SUBTRAHEND = 283; static const uint32_t XDR_BYTECODE_VERSION = uint32_t(0xb973c0de - XDR_BYTECODE_VERSION_SUBTRAHEND); -static_assert(JSErr_Limit == 393, +static_assert(JSErr_Limit == 394, "GREETINGS, POTENTIAL SUBTRAHEND INCREMENTER! If you added or " "removed MSG_DEFs from js.msg, you should increment " "XDR_BYTECODE_VERSION_SUBTRAHEND and update this assertion's "