With the change from bug 579471 to special case 'new Object()' JS_ConstructObject is now behaving in an odd fashion when clasp = NULL What happens is that an object allocated using NewObject, then the constructor (js_Object) is looked up and called. With the change: === - JS_ASSERT(!argc || argv.isNull() || argv.isUndefined()); - if (JS_IsConstructing(cx)) - return JS_TRUE; + /* Make an object whether this was called with 'new' or not. */ + JS_ASSERT(!argc || vp.isNull() || vp.isUndefined()); obj = NewBuiltinClassInstance(cx, &js_ObjectClass); if (!obj) return JS_FALSE; === js_Object ignores the passed in this, allocates another new object, and that is returned back. So effects are: - Double allocation if a blank 'new Object()' was intended - A misconstructed object if the parent or proto arguments are passed into JS_NewObject, since they will be set on the first object, not the new object (https://bugzilla.mozilla.org/show_bug.cgi?id=581263#c27 points out related issues, but this particular one doesn't seem to have been addressed.)
This can probably be closed, as JS_ConstructObject is obsolete.
Status: NEW → RESOLVED
Last Resolved: 5 months ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.