From 486e1c85710c45cefa6c055bb981e42e8d97dcaf Mon Sep 17 00:00:00 2001
From: Julian Seward <jseward@acm.org>
Date: Fri, 14 Nov 2014 21:55:03 +0100
Subject: [PATCH] Bug 1096054 - Uninitialised value use in
 Interpret(JSContext*, js::RunState&).  r=jwalden.

--HG--
extra : rebase_source : 49b1ebd5750bf45cf59479c5f8aae06468b223a0
---
 dom/plugins/base/nsJSNPRuntime.cpp | 3 +--
 js/src/vm/NativeObject.cpp         | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/dom/plugins/base/nsJSNPRuntime.cpp b/dom/plugins/base/nsJSNPRuntime.cpp
index 6ed236c969cb..cea5cbc61931 100644
--- a/dom/plugins/base/nsJSNPRuntime.cpp
+++ b/dom/plugins/base/nsJSNPRuntime.cpp
@@ -1274,8 +1274,7 @@ NPObjWrapper_DelProperty(JSContext *cx, JS::Handle<JSObject*> obj, JS::Handle<js
     }
   }
 
-  if (!npobj->_class->removeProperty(npobj, identifier))
-    *succeeded = false;
+  *succeeded = npobj->_class->removeProperty(npobj, identifier);
 
   return ReportExceptionIfPending(cx);
 }
diff --git a/js/src/vm/NativeObject.cpp b/js/src/vm/NativeObject.cpp
index 64ffdd88aa18..b4dd7fefb8e6 100644
--- a/js/src/vm/NativeObject.cpp
+++ b/js/src/vm/NativeObject.cpp
@@ -2311,7 +2311,7 @@ baseops::DeleteGeneric(JSContext *cx, HandleNativeObject obj, HandleId id, bool
 
         if (!CallJSDeletePropertyOp(cx, obj->getClass()->delProperty, obj, id, succeeded))
             return false;
-        if (!succeeded)
+        if (!*succeeded)
             return true;
 
         NativeObject *nobj = &obj->as<NativeObject>();
@@ -2330,7 +2330,7 @@ baseops::DeleteGeneric(JSContext *cx, HandleNativeObject obj, HandleId id, bool
     RootedId propid(cx, shape->propid());
     if (!CallJSDeletePropertyOp(cx, obj->getClass()->delProperty, obj, propid, succeeded))
         return false;
-    if (!succeeded)
+    if (!*succeeded)
         return true;
 
     return obj->removeProperty(cx, id) && SuppressDeletedProperty(cx, obj, id);