The default bug view has changed. See this FAQ.

JSObject::slotsAndStructSize returns incorrect size

RESOLVED FIXED

Status

()

Core
JavaScript Engine
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Craig Topper, Unassigned)

Tracking

Trunk
x86
Mac OS X
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
?: has lower precendence than + and * which causes the return in the following code to calculate size incorrectly. The ?: should be in parentheses.

inline size_t
JSObject::slotsAndStructSize(uint32 nslots) const
{
   bool isFun = isFunction() && this == (JSObject*) getPrivate();

   int ndslots = hasSlotsArray() ? nslots : 0;
   int nfslots = isFun ? 0 : numFixedSlots();

   return sizeof(js::Value) * (ndslots + nfslots)
          + isFun ? sizeof(JSFunction) : sizeof(JSObject);
}
(Reporter)

Comment 1

6 years ago
Created attachment 539737 [details] [diff] [review]
Fix operator precedence issue in JSObject::slotsAndStructSize

Updated

6 years ago
Assignee: nobody → general
Component: JavaScript Debugging/Profiling APIs → JavaScript Engine
QA Contact: jsd → general

Comment 2

6 years ago
Comment on attachment 539737 [details] [diff] [review]
Fix operator precedence issue in JSObject::slotsAndStructSize

Playing spin the r? bottle here.
Attachment #539737 - Flags: review?(jorendorff)
Attachment #539737 - Flags: review?(jorendorff) → review+

Updated

6 years ago
Keywords: checkin-needed
http://hg.mozilla.org/tracemonkey/rev/01f0e75fce22
Status: NEW → ASSIGNED
Keywords: checkin-needed
Whiteboard: fixed-in-tracemonkey
cdleary-bot mozilla-central merge info:
http://hg.mozilla.org/mozilla-central/rev/01f0e75fce22
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.