Fix from Igor Bukanov <igor.bukanov@gmail.com> to reorder allocations to avoid pigeon-hole problem (322045, r=me).

2006-01-03 01:41:46 +00:00 · 2006-01-03 01:41:46 +00:00 · 5341e7479c
--- a/js/src/jsfun.c
+++ b/js/src/jsfun.c
@ -2003,11 +2003,6 @@ js_NewFunction(JSContext *cx, JSObject *funobj, JSNative native, uintN nargs,
 {
    JSFunction *fun;

-    /* Allocate a function struct. */
-    fun = (JSFunction *) js_NewGCThing(cx, GCX_PRIVATE, sizeof(JSFunction));
-    if (!fun)
-        return NULL;
-
    /* If funobj is null, allocate an object for it. */
    if (funobj) {
        OBJ_SET_PARENT(cx, funobj, parent);
@ -2017,6 +2012,14 @@ js_NewFunction(JSContext *cx, JSObject *funobj, JSNative native, uintN nargs,
            return NULL;
    }

+    /*
+     * Allocate fun after allocating funobj so slot allocation in js_NewObject
+     * does not wipe out fun from cx->newborn[GCX_PRIVATE].
+     */
+    fun = (JSFunction *) js_NewGCThing(cx, GCX_PRIVATE, sizeof(JSFunction));
+    if (!fun)
+        return NULL;
+
    /* Initialize all function members. */
    fun->nrefs = 0;
    fun->object = NULL;