Bug 842482 - Don't try to guess typedarray initializer type with missing script; r=bhackett
authorTerrence Cole <terrence@mozilla.com>
Mon, 25 Feb 2013 22:26:37 -0800
changeset 122990 5bb4e4ea6977a2cf3e85773c6945997318d8108b
parent 122989 27d6dbe76c5f64cb98f624cda8f58b22d7e2af08
child 122991 6ea0dbf2b63bc9bc7be7baf708c60700549667ae
push id1387
push userphilringnalda@gmail.com
push dateTue, 26 Feb 2013 22:32:56 +0000
treeherderfx-team@ad4cc4e97774 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbhackett
bugs842482
milestone22.0a1
Bug 842482 - Don't try to guess typedarray initializer type with missing script; r=bhackett
js/src/jit-test/tests/basic/bug842482.js
js/src/jstypedarrayinlines.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug842482.js
@@ -0,0 +1,2 @@
+var g = newGlobal();
+new g.DataView(new g.ArrayBuffer());
--- a/js/src/jstypedarrayinlines.h
+++ b/js/src/jstypedarrayinlines.h
@@ -208,20 +208,22 @@ InitTypedArrayDataPointer(JSObject *obj,
     if (obj->runtime()->gcNursery.isInside(buffer))
         obj->runtime()->gcStoreBuffer.putGeneric(TypedArrayPrivateRef(obj, buffer, byteOffset));
 #endif
 }
 
 static NewObjectKind
 DataViewNewObjectKind(JSContext *cx, uint32_t byteLength, JSObject *proto)
 {
+    if (!proto && byteLength >= TypedArray::SINGLETON_TYPE_BYTE_LENGTH)
+        return SingletonObject;
     jsbytecode *pc;
     JSScript *script = cx->stack.currentScript(&pc);
-    if (!proto && byteLength >= TypedArray::SINGLETON_TYPE_BYTE_LENGTH)
-        return SingletonObject;
+    if (!script)
+        return GenericObject;
     return types::UseNewTypeForInitializer(cx, script, pc, &DataViewClass);
 }
 
 inline DataViewObject *
 DataViewObject::create(JSContext *cx, uint32_t byteOffset, uint32_t byteLength,
                        Handle<ArrayBufferObject*> arrayBuffer, JSObject *protoArg)
 {
     JS_ASSERT(byteOffset <= INT32_MAX);