Closed Bug 425504 Opened 16 years ago Closed 16 years ago

js_InitFunctionClass doesn't make Function.prototype a JSFunction

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
Other Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: jorendorff, Unassigned)

Details

This was introduced by the patch in bug 424376.

js_InitFunctionClass does this:
    proto = JS_InitClass(cx, obj, NULL, &js_FunctionClass, Function, 1,
                         function_props, function_methods, NULL, NULL);
    ...
    funobj = js_NewScriptedFunction(cx, OBJ_TO_FUNCTION(proto), 0, obj, NULL);

JS_InitClass allocates `sizeof(JSObject)` bytes for `proto`:
    proto = js_NewObject(cx, clasp, parent_proto, obj, 0);

but `OBJ_TO_FUNCTION(proto)` expects `proto` to be a JSFunction, which is a word bigger.
False alarm!

<igor> jorendorff: js_NewObject makes sure that  JSFunction is properly allocated, see http://lxr.mozilla.org/seamonkey/source/js/src/jsobj.c#2469
<jorendorff> thanks
<jorendorff> i must not have merged that properly
<jorendorff> yep

Sorry all.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.