From d551aa37b696434d9dc92f67ae3943e6820d338f Mon Sep 17 00:00:00 2001 From: Jeff Walden Date: Thu, 24 Sep 2015 12:51:55 -0700 Subject: [PATCH] Bug 1101561 - Fix %StringIteratorPrototype% initialization to be OOM-safe. r=jandem --HG-- extra : rebase_source : 345fa7073d8fcbabcbd98bff8c5c7452f81ffa09 --- js/src/jsiter.cpp | 28 +++++++++++++++++++--------- js/src/vm/GlobalObject.h | 5 ++--- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/js/src/jsiter.cpp b/js/src/jsiter.cpp index e3dbb7da8a60..6cc52d87936f 100644 --- a/js/src/jsiter.cpp +++ b/js/src/jsiter.cpp @@ -1391,6 +1391,25 @@ GlobalObject::initArrayIteratorProto(JSContext* cx, Handle global return true; } +/* static */ bool +GlobalObject::initStringIteratorProto(JSContext* cx, Handle global) +{ + if (global->getReservedSlot(STRING_ITERATOR_PROTO).isObject()) + return true; + + RootedObject iteratorProto(cx, GlobalObject::getOrCreateIteratorPrototype(cx, global)); + if (!iteratorProto) + return false; + + const Class* cls = &StringIteratorPrototypeClass; + RootedObject proto(cx, global->createBlankPrototypeInheriting(cx, cls, iteratorProto)); + if (!proto || !DefinePropertiesAndFunctions(cx, proto, nullptr, string_iterator_methods)) + return false; + + global->setReservedSlot(STRING_ITERATOR_PROTO, ObjectValue(*proto)); + return true; +} + /* static */ bool GlobalObject::initIteratorClasses(JSContext* cx, Handle global) { @@ -1426,15 +1445,6 @@ GlobalObject::initIteratorClasses(JSContext* cx, Handle global) } } - RootedObject proto(cx); - if (global->getSlot(STRING_ITERATOR_PROTO).isUndefined()) { - const Class* cls = &StringIteratorPrototypeClass; - proto = global->createBlankPrototype(cx, cls); - if (!proto || !DefinePropertiesAndFunctions(cx, proto, nullptr, string_iterator_methods)) - return false; - global->setReservedSlot(STRING_ITERATOR_PROTO, ObjectValue(*proto)); - } - return true; } diff --git a/js/src/vm/GlobalObject.h b/js/src/vm/GlobalObject.h index 089b06b1ce06..1eaab50c03e4 100644 --- a/js/src/vm/GlobalObject.h +++ b/js/src/vm/GlobalObject.h @@ -542,9 +542,7 @@ class GlobalObject : public NativeObject static NativeObject* getOrCreateStringIteratorPrototype(JSContext* cx, Handle global) { - if (!ensureConstructor(cx, global, JSProto_Iterator)) - return nullptr; - return &global->getSlot(STRING_ITERATOR_PROTO).toObject().as(); + return MaybeNativeObject(global->getOrCreateObject(cx, STRING_ITERATOR_PROTO, initStringIteratorProto)); } static NativeObject* getOrCreateLegacyGeneratorObjectPrototype(JSContext* cx, @@ -705,6 +703,7 @@ class GlobalObject : public NativeObject // Implemented in jsiter.cpp. static bool initArrayIteratorProto(JSContext* cx, Handle global); + static bool initStringIteratorProto(JSContext* cx, Handle global); static bool initIteratorClasses(JSContext* cx, Handle global); // Implemented in vm/GeneratorObject.cpp.