JS_ConstructObject, clasp=NULL

RESOLVED INVALID

Status

()

Core
JavaScript Engine
RESOLVED INVALID
8 years ago
5 months ago

People

(Reporter: otaylor, Unassigned)

Tracking

Trunk
x86_64
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 years ago
With the change from bug 579471 to special case 'new Object()' JS_ConstructObject is now behaving in an odd fashion when clasp = NULL

What happens is that an object allocated using NewObject, then the constructor (js_Object) is looked up and called.

With the change:

===
-        JS_ASSERT(!argc || argv[0].isNull() || argv[0].isUndefined());
-        if (JS_IsConstructing(cx))
-            return JS_TRUE;
+        /* Make an object whether this was called with 'new' or not. */
+        JS_ASSERT(!argc || vp[2].isNull() || vp[2].isUndefined());
         obj = NewBuiltinClassInstance(cx, &js_ObjectClass);
         if (!obj)
             return JS_FALSE;
===

js_Object ignores the passed in this, allocates another new object, and that is returned back.

So effects are:

 - Double allocation if a blank 'new Object()' was intended
 - A misconstructed object if the parent or proto arguments are passed into JS_NewObject, since they will be set on the first object, not the new object

(https://bugzilla.mozilla.org/show_bug.cgi?id=581263#c27 points out related issues, but this particular one doesn't seem to have been addressed.)
(Assignee)

Updated

4 years ago
Assignee: general → nobody
This can probably be closed, as JS_ConstructObject is obsolete.
Status: NEW → RESOLVED
Last Resolved: 5 months ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.