Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-01-12 06:52:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 568007 - js_GetReservedSlot is too friendly to api abusers r=jorendorff

Browse Source
This commit is contained in:
timeless 2010-06-28 12:00:07 +02:00
parent 31fbb862b1
commit 4ab4321776
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
js/src/jsobj.cpp
View File

@ -6233,8 +6233,7 @@ js_GetReservedSlot(JSContext *cx, JSObject *obj, uint32 index, jsval *vp)
uint32 limit = JSCLASS_RESERVED_SLOTS(clasp);
JS_LOCK_OBJ(cx, obj);
if (index >= limit && !ReservedSlotIndexOK(cx, obj, clasp, index, limit))
return false;
JS_ASSERT(index < limit || ReservedSlotIndexOK(cx, obj, clasp, index, limit));
uint32 slot = JSSLOT_START(clasp) + index;
*vp = (slot < obj->numSlots()) ? obj->getSlot(slot) : JSVAL_VOID;