Bug 1131035 - When allocating singletons with 'new', make sure the result is a plain object, r=jandem.

2015-02-13 13:02:01 -07:00
parent 4ebd7db9d9
commit 125c70e74e
2 changed files with 15 additions and 0 deletions
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -1595,6 +1595,12 @@ CreateThisForFunctionWithGroup(JSContext *cx, HandleObjectGroup group, JSObject
    }

    gc::AllocKind allocKind = NewObjectGCKind(&PlainObject::class_);
+
+    if (newKind == SingletonObject) {
+        RootedObject parentRoot(cx, parent);
+        return NewObjectWithGivenProto(cx, &PlainObject::class_, group->proto(), parentRoot,
+                                       allocKind, newKind);
+    }
    return NewObjectWithGroup<PlainObject>(cx, group, parent, allocKind, newKind);
 }