blob: 5eff4fe99cbd221458efefe8974aa12885b41835 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
Copied from https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/5c312182da90
# HG changeset patch
# User Jan de Mooij <jdemooij@mozilla.com>
# Date 1458828581 -3600
# Node ID 5c312182da9020504103aa329360abaffa7e232d
# Parent fa4efccde9b7efde8763a178a6cf422b6d37a0e9
Bug 1254622 - Relookup group->newScript in CreateThisForFunctionWithGroup. r=bhackett a=sylvestre
MozReview-Commit-ID: KXd7kB70f1Z
diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -1574,18 +1574,19 @@ CreateThisForFunctionWithGroup(JSContext
// Not enough objects with this group have been created yet, so make a
// plain object and register it with the group. Use the maximum number
// of fixed slots, as is also required by the TypeNewScript.
gc::AllocKind allocKind = GuessObjectGCKind(NativeObject::MAX_FIXED_SLOTS);
PlainObject* res = NewObjectWithGroup<PlainObject>(cx, group, parent, allocKind, newKind);
if (!res)
return nullptr;
- if (newKind != SingletonObject)
- newScript->registerNewObject(res);
+ // Make sure group->newScript is still there.
+ if (newKind != SingletonObject && group->newScript())
+ group->newScript()->registerNewObject(res);
return res;
}
gc::AllocKind allocKind = NewObjectGCKind(&PlainObject::class_);
if (newKind == SingletonObject) {
Rooted<TaggedProto> protoRoot(cx, group->proto());
|