Bug 977234 - jsreflect.cpp out of bounds array access, r=terrence

2025-02-09 00:11:44 +00:00 · 2014-03-04 15:45:47 -08:00 · 2014-03-04 15:45:47 -08:00 · 221ba0ae78
commit 221ba0ae78
parent 026e40d451
1 changed files with 3 additions and 3 deletions
--- a/js/src/jsreflect.cpp
+++ b/js/src/jsreflect.cpp
@ -222,12 +222,12 @@ class NodeBuilder
            if (!newNodeLoc(pos, &loc))
                return false;
            AutoValueArray<1> argv(cx);
-            argv[1].set(loc);
+            argv[0].set(loc);
            return Invoke(cx, userv, fun, argv.length(), argv.begin(), dst);
        }

        AutoValueArray<1> argv(cx);
-        argv[1].setNull(); /* no zero-length arrays allowed! */
+        argv[0].setNull(); /* no zero-length arrays allowed! */
        return Invoke(cx, userv, fun, 0, argv.begin(), dst);
    }

@ -243,7 +243,7 @@ class NodeBuilder
        }

        AutoValueArray<1> argv(cx);
-        argv[1].set(v1);
+        argv[0].set(v1);
        return Invoke(cx, userv, fun, argv.length(), argv.begin(), dst);
    }