The assertion at the start of Value::setObject has a special case to allow you to pass 0x48, since that's used to create a special value in ObjectValueCrashOnTouch(). Let's remove this case and make clients use PoisonedObjectValue() instead.
This patch also moves PoisonedObjectValue() to the 'js' namespace. It's not used outside the engine.
Attachment #8908211 - Flags: review?(sphink)
Attachment #8908211 - Flags: review?(sphink) → review+
Pushed by email@example.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/5c1007b062e3 Replace use of ObjectValueCrashOnTouch with PoisonedObjectValue r=sfink
You need to log in before you can comment on or make changes to this bug.