Closed Bug 599651 Opened 14 years ago Closed 6 years ago

JS_ConstructObject, clasp=NULL

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: otaylor, Unassigned)

Details

With the change from bug 579471 to special case 'new Object()' JS_ConstructObject is now behaving in an odd fashion when clasp = NULL

What happens is that an object allocated using NewObject, then the constructor (js_Object) is looked up and called.

With the change:

===
-        JS_ASSERT(!argc || argv[0].isNull() || argv[0].isUndefined());
-        if (JS_IsConstructing(cx))
-            return JS_TRUE;
+        /* Make an object whether this was called with 'new' or not. */
+        JS_ASSERT(!argc || vp[2].isNull() || vp[2].isUndefined());
         obj = NewBuiltinClassInstance(cx, &js_ObjectClass);
         if (!obj)
             return JS_FALSE;
===

js_Object ignores the passed in this, allocates another new object, and that is returned back.

So effects are:

 - Double allocation if a blank 'new Object()' was intended
 - A misconstructed object if the parent or proto arguments are passed into JS_NewObject, since they will be set on the first object, not the new object

(https://bugzilla.mozilla.org/show_bug.cgi?id=581263#c27 points out related issues, but this particular one doesn't seem to have been addressed.)
Assignee: general → nobody
This can probably be closed, as JS_ConstructObject is obsolete.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.