Restore long-lost obj=null setting so null() etc. (calling primitive-type values) fails as expected, instead of crashing (224956, r=shaver).

2024-10-11 04:15:43 +00:00 · 2003-11-09 03:58:48 +00:00 · 2003-11-09 03:58:48 +00:00 · 6ccc5150bf
commit 6ccc5150bf
parent 68b333d710
2 changed files with 14 additions and 2 deletions
--- a/js/src/jsinterp.c
+++ b/js/src/jsinterp.c
@ -606,8 +606,8 @@ ComputeThis(JSContext *cx, JSObject *thisp, JSStackFrame *fp)
         * The alert should display "true".
         */
        JS_ASSERT(!(fp->flags & JSFRAME_CONSTRUCTING));
-        parent = OBJ_GET_PARENT(cx, JSVAL_TO_OBJECT(fp->argv[-2]));
-        if (!parent) {
+        if (JSVAL_IS_PRIMITIVE(fp->argv[-2]) ||
+            !(parent = OBJ_GET_PARENT(cx, JSVAL_TO_OBJECT(fp->argv[-2])))) {
            thisp = cx->globalObject;
        } else {
            /* walk up to find the top-level object */
@ -3053,12 +3053,14 @@ js_Interpret(JSContext *cx, jsval *result)
            i = (jsint) GET_ATOM_INDEX(pc);
            rval = INT_TO_JSVAL(i);
            PUSH_OPND(rval);
+            obj = NULL;
            break;

          case JSOP_NUMBER:
          case JSOP_STRING:
            atom = GET_ATOM(cx, script, pc);
            PUSH_OPND(ATOM_KEY(atom));
+            obj = NULL;
            break;

          case JSOP_OBJECT:
@ -3177,14 +3179,17 @@ js_Interpret(JSContext *cx, jsval *result)

          case JSOP_ZERO:
            PUSH_OPND(JSVAL_ZERO);
+            obj = NULL;
            break;

          case JSOP_ONE:
            PUSH_OPND(JSVAL_ONE);
+            obj = NULL;
            break;

          case JSOP_NULL:
            PUSH_OPND(JSVAL_NULL);
+            obj = NULL;
            break;

          case JSOP_THIS:
@ -3194,10 +3199,12 @@ js_Interpret(JSContext *cx, jsval *result)

          case JSOP_FALSE:
            PUSH_OPND(JSVAL_FALSE);
+            obj = NULL;
            break;

          case JSOP_TRUE:
            PUSH_OPND(JSVAL_TRUE);
+            obj = NULL;
            break;

 #if JS_HAS_SWITCH_STATEMENT
--- a/js/src/jsopcode.c
+++ b/js/src/jsopcode.c
@ -2603,6 +2603,11 @@ js_DecompileValueGenerator(JSContext *cx, intN spindex, jsval v,
    op = (JSOp) *pc;
    if (op == JSOP_TRAP)
        op = JS_GetTrapOpcode(cx, script, pc);
+
+    /* XXX handle null as a special case, to avoid calling null "object" */
+    if (op == JSOP_NULL)
+        return ATOM_TO_STRING(cx->runtime->atomState.nullAtom);
+
    cs = &js_CodeSpec[op];
    format = cs->format;
    mode = (format & JOF_MODEMASK);