corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1558604 - Defer initializaton of JSFunction::nargs until after function parsing is done. r=jorendorff

Browse Source 
The args count needs to be set before the LazyScript takes hold of the
functionbox, or else some code that references lazy functions can get the wrong
number of arguments (ie, CloneFunctionObjectIfNotSingleton on a lazy function)

Differential Revision: https://phabricator.services.mozilla.com/D34586
This commit is contained in:
Matthew Gaudet
2019-06-12 23:49:04 +00:00
parent 155017dd19
commit 23a6561745
5 changed files with 21 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
js/src/frontend/BinASTParserPerTokenizer.cpp
View File

@@ -335,7 +335,7 @@ JS::Result<FunctionNode*> BinASTParserPerTokenizer<Tok>::buildFunction(
// handled by setting the appropriate funbox field during argument parsing.
if (!lazyScript_ ||
lazyScript_->functionNonDelazifying() != funbox->function()) {
funbox->function()->setArgCount(params ? uint16_t(params->count()) : 0);
funbox->setArgCount(params ? uint16_t(params->count()) : 0);
}
// ParseNode represents the body as concatenated after the params.