From e057d51b4ecbd72879f7258f42fd1c228f18186f Mon Sep 17 00:00:00 2001 From: Jon Coppeard Date: Sun, 13 May 2018 14:20:48 +0100 Subject: [PATCH] Bug 1449033 - Set new group unknown flag on placeholder prototypes where necessary r=jandem --- js/src/gc/GC.cpp | 7 ++++--- js/src/vm/GlobalObject.cpp | 6 ++++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/js/src/gc/GC.cpp b/js/src/gc/GC.cpp index 0cb669a3339e..2ae2ebe00626 100644 --- a/js/src/gc/GC.cpp +++ b/js/src/gc/GC.cpp @@ -8042,10 +8042,11 @@ GCRuntime::mergeCompartments(JSCompartment* source, JSCompartment* target) if (GlobalObject::isOffThreadPrototypePlaceholder(obj)) { JSObject* targetProto = global->getPrototypeForOffThreadPlaceholder(obj); MOZ_ASSERT(targetProto->isDelegate()); + MOZ_ASSERT_IF(targetProto->staticPrototypeIsImmutable(), + obj->staticPrototypeIsImmutable()); + MOZ_ASSERT_IF(targetProto->isNewGroupUnknown(), + obj->isNewGroupUnknown()); group->setProtoUnchecked(TaggedProto(targetProto)); - AutoSweepObjectGroup sweep(group); - if (targetProto->isNewGroupUnknown() && !group->unknownProperties(sweep)) - group->markUnknown(sweep, cx); } } diff --git a/js/src/vm/GlobalObject.cpp b/js/src/vm/GlobalObject.cpp index e7f6542a8f35..47fd6008e437 100644 --- a/js/src/vm/GlobalObject.cpp +++ b/js/src/vm/GlobalObject.cpp @@ -343,6 +343,12 @@ GlobalObject::resolveOffThreadConstructor(JSContext* cx, return false; } + if ((key == JSProto_Object || key == JSProto_Function || key == JSProto_Array) && + !JSObject::setNewGroupUnknown(cx, placeholder->getClass(), placeholder)) + { + return false; + } + global->setPrototype(key, ObjectValue(*placeholder)); global->setConstructor(key, MagicValue(JS_OFF_THREAD_CONSTRUCTOR)); return true;