Closed
Bug 936232
Opened 11 years ago
Closed 11 years ago
js_InitTypedObjectClass is not APPLICATION_SLOTS-aware, and clobbers the DataView constructor
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla28
People
(Reporter: bholley, Assigned: bholley)
References
Details
(Whiteboard: [qa-])
Attachments
(1 file)
|
1.13 KB,
patch
|
jorendorff
:
review+
|
Details | Diff | Splinter Review |
Currently, it does:
global->setReservedSlot(JSProto_TypedObject, moduleValue);
But this breaks with the work done in bug 923836, where we added 3 slots of padding to the global for use by the embedding.
So currently, it's going to be 3 slots off, and clobber the DataView constructor.
Easy fix. We should uplift to aurora.
|
||
Comment 1•11 years ago
|
||
js_InitTypedObjectClass doesn't run on Aurora, so uplift ought not to be necessary.
|
Assignee | |
Comment 2•11 years ago
|
||
Attachment #831607 -
Flags: review?(jorendorff)
|
||
Updated•11 years ago
|
Attachment #831607 -
Flags: review?(jorendorff) → review+
|
|
Assignee | |
Comment 3•11 years ago
|
||
|
|
Assignee | |
Comment 4•11 years ago
|
||
(Green try run in bug 933681)
|
||
Comment 5•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
|
||
Updated•11 years ago
|
Whiteboard: [qa-]
You need to log in
before you can comment on or make changes to this bug.
Description
•