corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1168667 - Immediately convert unboxed objects to natives in PreventExtensions, and convert unboxed arrays as well as unboxed plain objects when required, r=jandem.

Browse Source
This commit is contained in:
Brian Hackett
2015-05-28 19:04:00 -06:00
parent 8975f5070d
commit 81533ba3cc
4 changed files with 34 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
js/src/jsobj.cpp
View File

@@ -663,7 +663,7 @@ js::StandardDefineProperty(JSContext* cx, HandleObject obj, HandleId id,
if (IsAnyTypedArray(obj))
return DefinePropertyOnTypedArray(cx, obj, id, desc, result);
if (obj->is<UnboxedPlainObject>() && !UnboxedPlainObject::convertToNative(cx, obj))
if (!MaybeConvertUnboxedObjectToNative(cx, obj))
return false;
if (obj->getOps()->lookupProperty) {
@@ -2956,7 +2956,7 @@ js::SetPrototype(JSContext* cx, HandleObject obj, HandleObject proto, JS::Object
// Convert unboxed objects to their native representations before changing
// their prototype/group, as they depend on the group for their layout.
if (obj->is<UnboxedPlainObject>() && !UnboxedPlainObject::convertToNative(cx, obj))
if (!MaybeConvertUnboxedObjectToNative(cx, obj))
return false;
Rooted<TaggedProto> taggedProto(cx, TaggedProto(proto));
@@ -2982,6 +2982,9 @@ js::PreventExtensions(JSContext* cx, HandleObject obj, ObjectOpResult& result)
if (!obj->nonProxyIsExtensible())
return result.succeed();
if (!MaybeConvertUnboxedObjectToNative(cx, obj))
return false;
// Force lazy properties to be resolved.
AutoIdVector props(cx);
if (!js::GetPropertyKeys(cx, obj, JSITER_HIDDEN | JSITER_OWNONLY, &props))