When using the slow-and-standard path in js::SetIntegrityLevel, don't manually call setNonwritableArrayLength afterwards
RESOLVED
FIXED
in Firefox 42
Status
()
People
(Reporter: jorendorff, Assigned: jorendorff)
Tracking
(Blocks 1 bug)
Firefox Tracking Flags
(firefox42 fixed)
Details
Attachments
(1 attachment)
We have this hack:
// Ordinarily ArraySetLength handles this, but we're going behind its back
// right now, so we must do this manually. Neither the custom property
// tree mutations nor the DefineProperty call in the above code will do
// this for us.
//
// ArraySetLength also implements the capacity <= length invariant for
// arrays with non-writable length. We don't need to do anything special
// for that, because capacity was zeroed out by preventExtensions. (See
// the assertion before the if-else above.)
if (level == IntegrityLevel::Frozen && obj->is<ArrayObject>()) {
if (!obj->as<ArrayObject>().maybeCopyElementsForWrite(cx))
return false;
obj->as<ArrayObject>().getElementsHeader()->setNonwritableArrayLength();
}
This is no longer necessary in the case where we go through DefineProperty, because with bug 1125624, DefineProperty now has standard behavior. That is: the part of the comment quoted above that refers to DefineProperty is now wrong.
|
Assignee | |
Comment 1•4 years ago
|
||
Attachment #8613593 -
Flags: review?(jwalden+bmo)
|
|
Assignee | |
Updated•4 years ago
|
Assignee: nobody → jorendorff
Status: NEW → ASSIGNED
|
||
Updated•4 years ago
|
Attachment #8613593 -
Flags: review?(jwalden+bmo) → review+
|
|
Assignee | |
Comment 2•4 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/822901f56c1f
|
||
Comment 4•4 years ago
|
||
sorry had to back this out in https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&revision=65e6e21a4725 i think that something in this push caused test failures like https://treeherder.mozilla.org/logviewer.html#?job_id=10872015&repo=mozilla-inbound
|
|
Assignee | |
Comment 5•4 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/81cc971ff1d1
|
||
Comment 6•4 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/81cc971ff1d1
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox42:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
You need to log in
before you can comment on or make changes to this bug.
Description
•