wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1170216 - When using the slow-and-standard path in js::SetIntegrityLevel, don't manually call setNonwritableArrayLength afterwards. r=Waldo.

Browse Source
This commit is contained in:
Jason Orendorff 2015-06-01 12:01:02 -05:00
parent c24b082a71
commit eb58453301
1 changed files with 13 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
js/src/jsobj.cpp
View File

@ -548,6 +548,19 @@ js::SetIntegrityLevel(JSContext* cx, HandleObject obj, IntegrityLevel level)
MOZ_ASSERT(nobj->lastProperty()->slotSpan() == last->slotSpan());
JS_ALWAYS_TRUE(nobj->setLastProperty(cx, last));
// Ordinarily ArraySetLength handles this, but we're going behind its back
// right now, so we must do this manually.
//
// ArraySetLength also implements the capacity <= length invariant for
// arrays with non-writable length. We don't need to do anything special
// for that, because capacity was zeroed out by preventExtensions. (See
// the assertion about getDenseCapacity above.)
if (level == IntegrityLevel::Frozen && obj->is<ArrayObject>()) {
if (!obj->as<ArrayObject>().maybeCopyElementsForWrite(cx))
return false;
obj->as<ArrayObject>().getElementsHeader()->setNonwritableArrayLength();
}
} else {
RootedId id(cx);
Rooted<PropertyDescriptor> desc(cx);
@ -586,21 +599,6 @@ js::SetIntegrityLevel(JSContext* cx, HandleObject obj, IntegrityLevel level)
}
}
// Ordinarily ArraySetLength handles this, but we're going behind its back
// right now, so we must do this manually. Neither the custom property
// tree mutations nor the DefineProperty call in the above code will do
// this for us.
//
// ArraySetLength also implements the capacity <= length invariant for
// arrays with non-writable length. We don't need to do anything special
// for that, because capacity was zeroed out by preventExtensions. (See
// the assertion before the if-else above.)
if (level == IntegrityLevel::Frozen && obj->is<ArrayObject>()) {
if (!obj->as<ArrayObject>().maybeCopyElementsForWrite(cx))
return false;
obj->as<ArrayObject>().getElementsHeader()->setNonwritableArrayLength();
}
return true;
}