Closed Bug 1399933 Opened 8 years ago Closed 8 years ago

Remove assertion special case that allows for a fake object value

Categories

(Core :: JavaScript: GC, enhancement)

Product:
Core
Component:
JavaScript: GC
Version:
55 Branch
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla57
Tracking Flags:
Tracking Status
firefox57 --- fixed

People

(Reporter: jonco, Assigned: jonco)

Details

Attachments

(1 file)

bug1399933-remove-crash-on-touch
7.31 KB, patch
sfink
: review+
Details | Diff | Splinter Review
The assertion at the start of Value::setObject has a special case to allow you to pass 0x48, since that's used to create a special value in ObjectValueCrashOnTouch(). Let's remove this case and make clients use PoisonedObjectValue() instead.
This patch also moves PoisonedObjectValue() to the 'js' namespace. It's not used outside the engine.
Attachment #8908211 - Flags: review?(sphink)
Attachment #8908211 - Flags: review?(sphink) → review+
Pushed by jcoppeard@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/5c1007b062e3 Replace use of ObjectValueCrashOnTouch with PoisonedObjectValue r=sfink
https://hg.mozilla.org/mozilla-central/rev/5c1007b062e3
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox57: --- → fixed
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: