Bug 1245048: Check call to GetPrototype; r=till
authorBenjamin Bouvier <benj@benj.me>
Tue, 02 Feb 2016 11:07:12 +0100
changeset 282899 113fc521664e72b6c2fbf92152551e7e3920c4d0
parent 282898 61fa62d120b699b31c1ee84876ee40a0e52e5a5f
child 282900 44ab9df0cd789bfac19f9d466b03c75ac9a61705
push id19510
push usergwagner@mozilla.com
push dateMon, 08 Feb 2016 15:56:48 +0000
treeherderb2g-inbound@a3d54e32dee1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstill
bugs1245048
milestone47.0a1
Bug 1245048: Check call to GetPrototype; r=till
js/src/vm/SelfHosting.cpp
--- a/js/src/vm/SelfHosting.cpp
+++ b/js/src/vm/SelfHosting.cpp
@@ -360,17 +360,19 @@ intrinsic_FinishBoundFunctionInit(JSCont
     bound->setIsBoundFunction();
     RootedObject targetObj(cx, &args[1].toObject());
     MOZ_ASSERT(bound->getBoundFunctionTarget() == targetObj);
     if (targetObj->isConstructor())
         bound->setIsConstructor();
 
     // 9.4.1.3 BoundFunctionCreate, steps 2-3,8.
     RootedObject proto(cx);
-    GetPrototype(cx, targetObj, &proto);
+    if (!GetPrototype(cx, targetObj, &proto))
+        return false;
+
     if (bound->getProto() != proto) {
         if (!SetPrototype(cx, bound, proto))
             return false;
     }
 
     bound->setExtendedSlot(BOUND_FUN_LENGTH_SLOT, args[2]);
     MOZ_ASSERT(!bound->hasGuessedAtom());
     RootedAtom name(cx, AtomizeString(cx, args[3].toString()));