corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[INFER] Don't update initialized length when it's smaller than length, bug 651451

Browse Source
This commit is contained in:
Jan de Mooij
2011-04-20 19:43:30 +02:00
parent b63f63bb7f
commit 88befb317a
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
js/src/jsarray.cpp
View File

@@ -2353,7 +2353,7 @@ array_pop_dense(JSContext *cx, JSObject* obj, Value *vp)
if (!hole && DeleteArrayElement(cx, obj, index, true) < 0)
return JS_FALSE;
if (cx->typeInferenceEnabled())
if (cx->typeInferenceEnabled() && obj->getDenseArrayInitializedLength() > index)
obj->setDenseArrayInitializedLength(index);
obj->setDenseArrayLength(index);
return JS_TRUE;