From f0cb96d19768e509f28fcf511521d104a9601f3f Mon Sep 17 00:00:00 2001
From: Benjamin Bouvier <benj@benj.me>
Date: Tue, 12 Jul 2016 12:24:40 +0200
Subject: [PATCH] Bug 1285927: Set wasm objects prototype only in the success
 path; r=luke

MozReview-Commit-ID: Il8v0XPLgoL

--HG--
extra : rebase_source : 6375ff77109c3a36665cbb55f6b86862baf961ab
extra : histedit_source : 2306ce63646ac60e26c57893d8d534aab3b3ca01
---
 js/src/asmjs/WasmJS.cpp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/js/src/asmjs/WasmJS.cpp b/js/src/asmjs/WasmJS.cpp
index 09b74b36e644..eb6175342405 100644
--- a/js/src/asmjs/WasmJS.cpp
+++ b/js/src/asmjs/WasmJS.cpp
@@ -643,9 +643,6 @@ InitConstructor(JSContext* cx, HandleObject global, HandleObject wasm, const cha
     if (!JS_DefineProperties(cx, proto, Class::properties))
         return false;
 
-    MOZ_ASSERT(global->as<GlobalObject>().getPrototype(Class::KEY).isUndefined());
-    global->as<GlobalObject>().setPrototype(Class::KEY, ObjectValue(*proto));
-
     RootedAtom className(cx, Atomize(cx, name, strlen(name)));
     if (!className)
         return false;
@@ -659,7 +656,12 @@ InitConstructor(JSContext* cx, HandleObject global, HandleObject wasm, const cha
 
     RootedId id(cx, AtomToId(className));
     RootedValue ctorValue(cx, ObjectValue(*ctor));
-    return DefineProperty(cx, wasm, id, ctorValue, nullptr, nullptr, 0);
+    if (!DefineProperty(cx, wasm, id, ctorValue, nullptr, nullptr, 0))
+        return false;
+
+    MOZ_ASSERT(global->as<GlobalObject>().getPrototype(Class::KEY).isUndefined());
+    global->as<GlobalObject>().setPrototype(Class::KEY, ObjectValue(*proto));
+    return true;
 }
 
 JSObject*