Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-25 03:05:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1270977 - Mini-followup: JS::detail::ComputeThis must overwrite vp[1] with the boxed |this| object, because various downstream code assumes it's been overwritten (particularly in error cases). r=colors

Browse Source
This commit is contained in:
Jeff Walden 2016-05-28 22:52:07 -07:00
parent 70329fa4a6
commit f20341eae2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
js/src/jsapi.cpp
View File

@ -1310,8 +1310,8 @@ JS::detail::ComputeThis(JSContext* cx, Value* vp)
AssertHeapIsIdle(cx); AssertHeapIsIdle(cx);
assertSameCompartment(cx, JSValueArray(vp, 2)); assertSameCompartment(cx, JSValueArray(vp, 2));
RootedValue thisv(cx, vp[1]); MutableHandleValue thisv = MutableHandleValue::fromMarkedLocation(&vp[1]);
if (!BoxNonStrictThis(cx, thisv, &thisv)) if (!BoxNonStrictThis(cx, thisv, thisv))
return NullValue(); return NullValue();
return thisv; return thisv;