Bug 1401146 - Avoid rooting for native prototypes in js::NativeHasProperty. r=jandem
authorAndré Bargull <andre.bargull@gmail.com>
Tue, 19 Sep 2017 13:37:00 +0200
changeset 382636 e986a5b71a67eb21817560df77c3def5db3da103
parent 382635 05438478048521aaf9f2f874660c8f9b16819140
child 382637 8473d94208f572fd09337af93b1e4cd3f978eee9
push id95374
push userryanvm@gmail.com
push dateSun, 24 Sep 2017 20:58:00 +0000
treeherdermozilla-inbound@e986a5b71a67 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1401146
milestone58.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1401146 - Avoid rooting for native prototypes in js::NativeHasProperty. r=jandem
js/src/vm/NativeObject.cpp
--- a/js/src/vm/NativeObject.cpp
+++ b/js/src/vm/NativeObject.cpp
@@ -2020,31 +2020,33 @@ js::NativeHasProperty(JSContext* cx, Han
         // done can be true in exactly these unlikely-sounding cases:
         // - We're looking up an element, and pobj is a TypedArray that
         //   doesn't have that many elements.
         // - We're being called from a resolve hook to assign to the property
         //   being resolved.
         // What they all have in common is we do not want to keep walking
         // the prototype chain, and always claim that the property
         // doesn't exist.
-        RootedObject proto(cx, done ? nullptr : pobj->staticPrototype());
+        JSObject* proto = done ? nullptr : pobj->staticPrototype();
 
         // Step 8.
         if (!proto) {
             *foundp = false;
             return true;
         }
 
         // Step 7.a. If the prototype is also native, this step is a
         // recursive tail call, and we don't need to go through all the
         // plumbing of HasProperty; the top of the loop is where
         // we're going to end up anyway. But if pobj is non-native,
         // that optimization would be incorrect.
-        if (!proto->isNative())
-            return HasProperty(cx, proto, id, foundp);
+        if (!proto->isNative()) {
+            RootedObject protoRoot(cx, proto);
+            return HasProperty(cx, protoRoot, id, foundp);
+        }
 
         pobj = &proto->as<NativeObject>();
     }
 }
 
 
 /*** [[GetOwnPropertyDescriptor]] ****************************************************************/