зеркало из https://github.com/mozilla/gecko-dev.git
Bug 449657 - JS_SealObject fails on Array objects (r=mrbkap, a=sayrer).
This commit is contained in:
Brendan Eich
Родитель
431f817f99
Коммит
25f99f0b34
|
|
@ -819,7 +819,7 @@ JS_DestroyRuntime(JSRuntime *rt)
|
||||||
while ((cx = js_ContextIterator(rt, JS_TRUE, &iter)) != NULL) {
|
while ((cx = js_ContextIterator(rt, JS_TRUE, &iter)) != NULL) {
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"JS API usage error: found live context at %p\n",
|
"JS API usage error: found live context at %p\n",
|
||||||
cx);
|
(void *) cx);
|
||||||
cxcount++;
|
cxcount++;
|
||||||
}
|
}
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
|
|
@ -3043,6 +3043,9 @@ JS_SealObject(JSContext *cx, JSObject *obj, JSBool deep)
|
||||||
uint32 nslots, i;
|
uint32 nslots, i;
|
||||||
jsval v;
|
jsval v;
|
||||||
|
|
||||||
|
if (OBJ_IS_DENSE_ARRAY(cx, obj) && !js_MakeArraySlow(cx, obj))
|
||||||
|
return JS_FALSE;
|
||||||
|
|
||||||
if (!OBJ_IS_NATIVE(obj)) {
|
if (!OBJ_IS_NATIVE(obj)) {
|
||||||
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
|
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
|
||||||
JSMSG_CANT_SEAL_OBJECT,
|
JSMSG_CANT_SEAL_OBJECT,
|
||||||
|
|
|
||||||
|
|
@ -3849,6 +3849,15 @@ js_SetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
|
||||||
CHECK_FOR_STRING_INDEX(id);
|
CHECK_FOR_STRING_INDEX(id);
|
||||||
JS_COUNT_OPERATION(cx, JSOW_SET_PROPERTY);
|
JS_COUNT_OPERATION(cx, JSOW_SET_PROPERTY);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We peek at OBJ_SCOPE(obj) without locking obj. Any race means a failure
|
||||||
|
* to seal before sharing, which is inherently ambiguous.
|
||||||
|
*/
|
||||||
|
if (SCOPE_IS_SEALED(OBJ_SCOPE(obj)) && OBJ_SCOPE(obj)->object == obj) {
|
||||||
|
flags = JSREPORT_ERROR;
|
||||||
|
goto read_only_error;
|
||||||
|
}
|
||||||
|
|
||||||
shape = OBJ_SHAPE(obj);
|
shape = OBJ_SHAPE(obj);
|
||||||
protoIndex = js_LookupPropertyWithFlags(cx, obj, id, cx->resolveFlags,
|
protoIndex = js_LookupPropertyWithFlags(cx, obj, id, cx->resolveFlags,
|
||||||
&pobj, &prop);
|
&pobj, &prop);
|
||||||
|
|
@ -3886,7 +3895,7 @@ js_SetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
|
||||||
|
|
||||||
attrs = sprop->attrs;
|
attrs = sprop->attrs;
|
||||||
if ((attrs & JSPROP_READONLY) ||
|
if ((attrs & JSPROP_READONLY) ||
|
||||||
(SCOPE_IS_SEALED(scope) && pobj == obj)) {
|
(SCOPE_IS_SEALED(scope) && (attrs & JSPROP_SHARED))) {
|
||||||
JS_UNLOCK_SCOPE(cx, scope);
|
JS_UNLOCK_SCOPE(cx, scope);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -3973,11 +3982,6 @@ js_SetPropertyHelper(JSContext *cx, JSObject *obj, jsid id, jsval *vp,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!sprop) {
|
if (!sprop) {
|
||||||
if (SCOPE_IS_SEALED(OBJ_SCOPE(obj)) && OBJ_SCOPE(obj)->object == obj) {
|
|
||||||
flags = JSREPORT_ERROR;
|
|
||||||
goto read_only_error;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Purge the property cache of now-shadowed id in obj's scope chain.
|
* Purge the property cache of now-shadowed id in obj's scope chain.
|
||||||
* Do this early, before locking obj to avoid nesting locks.
|
* Do this early, before locking obj to avoid nesting locks.
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче