Remove assertion special case that allows for a fake object value

RESOLVED FIXED in Firefox 57

Status

()

RESOLVED FIXED
a year ago
a year ago

People

(Reporter: jonco, Assigned: jonco)

Tracking

55 Branch
mozilla57
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(firefox57 fixed)

Details

Attachments

(1 attachment)

(Assignee)

Description

a year ago
The assertion at the start of Value::setObject has a special case to allow you to pass 0x48, since that's used to create a special value in ObjectValueCrashOnTouch().

Let's remove this case and make clients use PoisonedObjectValue() instead.
(Assignee)

Comment 1

a year ago
Created attachment 8908211 [details] [diff] [review]
bug1399933-remove-crash-on-touch

This patch also moves PoisonedObjectValue() to the 'js' namespace.  It's not used outside the engine.
Attachment #8908211 - Flags: review?(sphink)
Attachment #8908211 - Flags: review?(sphink) → review+

Comment 2

a year ago
Pushed by jcoppeard@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/5c1007b062e3
Replace use of ObjectValueCrashOnTouch with PoisonedObjectValue r=sfink

Comment 3

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/5c1007b062e3
Status: NEW → RESOLVED
Last Resolved: a year ago
status-firefox57: --- → fixed
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in before you can comment on or make changes to this bug.