Bug 842482 - Don't try to guess typedarray initializer type with missing script; r=bhackett
authorTerrence Cole <terrence@mozilla.com>
Mon, 25 Feb 2013 22:26:37 -0800
changeset 122974 5bb4e4ea6977a2cf3e85773c6945997318d8108b
parent 122973 27d6dbe76c5f64cb98f624cda8f58b22d7e2af08
child 122975 6ea0dbf2b63bc9bc7be7baf708c60700549667ae
push id24367
push userryanvm@gmail.com
push dateTue, 26 Feb 2013 15:44:35 +0000
treeherdermozilla-central@a4f834dd884f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbhackett
bugs842482
milestone22.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 842482 - Don't try to guess typedarray initializer type with missing script; r=bhackett
js/src/jit-test/tests/basic/bug842482.js
js/src/jstypedarrayinlines.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug842482.js
@@ -0,0 +1,2 @@
+var g = newGlobal();
+new g.DataView(new g.ArrayBuffer());
--- a/js/src/jstypedarrayinlines.h
+++ b/js/src/jstypedarrayinlines.h
@@ -208,20 +208,22 @@ InitTypedArrayDataPointer(JSObject *obj,
     if (obj->runtime()->gcNursery.isInside(buffer))
         obj->runtime()->gcStoreBuffer.putGeneric(TypedArrayPrivateRef(obj, buffer, byteOffset));
 #endif
 }
 
 static NewObjectKind
 DataViewNewObjectKind(JSContext *cx, uint32_t byteLength, JSObject *proto)
 {
+    if (!proto && byteLength >= TypedArray::SINGLETON_TYPE_BYTE_LENGTH)
+        return SingletonObject;
     jsbytecode *pc;
     JSScript *script = cx->stack.currentScript(&pc);
-    if (!proto && byteLength >= TypedArray::SINGLETON_TYPE_BYTE_LENGTH)
-        return SingletonObject;
+    if (!script)
+        return GenericObject;
     return types::UseNewTypeForInitializer(cx, script, pc, &DataViewClass);
 }
 
 inline DataViewObject *
 DataViewObject::create(JSContext *cx, uint32_t byteOffset, uint32_t byteLength,
                        Handle<ArrayBufferObject*> arrayBuffer, JSObject *protoArg)
 {
     JS_ASSERT(byteOffset <= INT32_MAX);