Closed Bug 936232 Opened 11 years ago Closed 11 years ago

js_InitTypedObjectClass is not APPLICATION_SLOTS-aware, and clobbers the DataView constructor

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla28

People

(Reporter: bholley, Assigned: bholley)

References

Details

(Whiteboard: [qa-])

Attachments

(1 file)

Use setConstructor for TypedObject. v1
1.13 KB, patch
jorendorff
: review+
Details | Diff | Splinter Review 
Currently, it does:

global->setReservedSlot(JSProto_TypedObject, moduleValue);

But this breaks with the work done in bug 923836, where we added 3 slots of padding to the global for use by the embedding.

So currently, it's going to be 3 slots off, and clobber the DataView constructor.

Easy fix. We should uplift to aurora.
Blocks: 933681
js_InitTypedObjectClass doesn't run on Aurora, so uplift ought not to be necessary.

        Attachment #831607 -
        Flags: review?(jorendorff)

        Attachment #831607 -
        Flags: review?(jorendorff) → review+

    
    

    
  
(Green try run in bug 933681)

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/0762c5c2f533
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28

    
  
Whiteboard: [qa-]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: