corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge mozilla-central into tracemonkey, specifically to pick up bug 467579.

Browse Source
This commit is contained in:
Benjamin Smedberg
2008-12-09 21:37:35 -05:00
parent 7b7356c341 cd54fbd097
commit d912ac0702
449 changed files with 48338 additions and 35628 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
js/src/jsobj.cpp
View File

@@ -3871,6 +3871,15 @@ js_SetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
CHECK_FOR_STRING_INDEX(id);
JS_COUNT_OPERATION(cx, JSOW_SET_PROPERTY);
/*
* We peek at OBJ_SCOPE(obj) without locking obj. Any race means a failure
* to seal before sharing, which is inherently ambiguous.
*/
if (SCOPE_IS_SEALED(OBJ_SCOPE(obj)) && OBJ_SCOPE(obj)->object == obj) {
flags = JSREPORT_ERROR;
goto read_only_error;
}
shape = OBJ_SHAPE(obj);
protoIndex = js_LookupPropertyWithFlags(cx, obj, id, cx->resolveFlags,
&pobj, &prop);
@@ -3908,7 +3917,7 @@ js_SetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
attrs = sprop->attrs;
if ((attrs & JSPROP_READONLY) ||
(SCOPE_IS_SEALED(scope) && pobj == obj)) {
(SCOPE_IS_SEALED(scope) && (attrs & JSPROP_SHARED))) {
JS_UNLOCK_SCOPE(cx, scope);
/*
@@ -3995,11 +4004,6 @@ js_SetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
}
if (!sprop) {
if (SCOPE_IS_SEALED(OBJ_SCOPE(obj)) && OBJ_SCOPE(obj)->object == obj) {
flags = JSREPORT_ERROR;
goto read_only_error;
}
/*
* Purge the property cache of now-shadowed id in obj's scope chain.
* Do this early, before locking obj to avoid nesting locks.