Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-28 20:55:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1184388 - Don't try to reallocate inline elements buffer of unboxed arrays, r=jandem.

Browse Source
This commit is contained in:
Brian Hackett 2015-08-25 08:41:50 -06:00
parent 6073d46e10
commit 9c51bf3b2f
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
js/src/vm/UnboxedObject.cpp
View File

@ -1040,9 +1040,14 @@ UnboxedArrayObject::convertInt32ToDouble(ExclusiveContext* cx, ObjectGroup* grou
for (size_t i = 0; i < initializedLength(); i++)
values.infallibleAppend(getElementSpecific<JSVAL_TYPE_INT32>(i).toInt32());
uint8_t* newElements = ReallocateObjectBuffer<uint8_t>(cx, this, elements(),
uint8_t* newElements;
if (hasInlineElements()) {
newElements = AllocateObjectBuffer<uint8_t>(cx, this, capacity() * sizeof(double));
} else {
newElements = ReallocateObjectBuffer<uint8_t>(cx, this, elements(),
capacity() * sizeof(int32_t),
capacity() * sizeof(double));
}
if (!newElements)
return false;