Closed
Bug 807458
Opened 13 years ago
Closed 13 years ago
Eliminate a SkipRoot from NewDenseCopiedArray
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla19
People
(Reporter: sfink, Assigned: sfink)
Details
Attachments
(1 file)
|
10.45 KB,
patch
|
terrence
:
review+
sfink
:
checkin+
|
Details | Diff | Splinter Review |
The values being copied need to be rooted.
|
Assignee | |
Comment 1•13 years ago
|
||
The parameter ordering is pretty wonky, but fixing that is a much larger patch. If you think I should do it, that's fine -- I had to generate that patch first to verify that all callers of the already-rooted version really are already rooted.
Attachment #677151 -
Flags: review?(terrence)
|
||
Comment 2•13 years ago
|
||
Comment on attachment 677151 [details] [diff] [review]
Eliminate a SkipRoot from NewDenseCopiedArray
Review of attachment 677151 [details] [diff] [review]:
-----------------------------------------------------------------
Nice!
::: js/src/jsapi.cpp
@@ +4707,5 @@
>
> JS_PUBLIC_API(JSObject *)
> JS_NewArrayObject(JSContext *cx, int length, jsval *vector)
> {
> + AutoArrayRooter tvr(cx, length, vector);
Effectively we just moved the SkipRoot forward to here. :-) Still a win though.
::: js/src/jsstr.cpp
@@ +2757,5 @@
>
> /* Step 10. */
> if (!sepDefined) {
> + RootedValue v(cx, StringValue(str));
> + JSObject *aobj = NewDenseCopiedArray(cx, 1, v.address());
That's going to fix one of our fuzz bugs as well.
Attachment #677151 -
Flags: review?(terrence) → review+
|
|
Assignee | |
Updated•13 years ago
|
Attachment #677151 -
Flags: checkin+
|
|
Assignee | |
Comment 3•13 years ago
|
||
|
||
Comment 4•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla19
You need to log in
before you can comment on or make changes to this bug.
Description
•