b=555807; typed array native constructor fix; r=jorendorff
--- a/js/src/jstypedarray.cpp
+++ b/js/src/jstypedarray.cpp
@@ -1392,17 +1392,18 @@ js_IsTypedArray(JSObject *obj)
obj->getClass() >= &TypedArray::fastClasses[0] &&
obj->getClass() < &TypedArray::fastClasses[TypedArray::TYPE_MAX];
}
JS_FRIEND_API(JSObject *)
js_CreateArrayBuffer(JSContext *cx, jsuint nbytes)
{
AutoValueRooter tvr(cx);
- js_NewNumberInRootedValue(cx, jsdouble(nbytes), tvr.addr());
+ if (!js_NewNumberInRootedValue(cx, jsdouble(nbytes), tvr.addr()))
+ return NULL;
AutoValueRooter rval(cx);
if (!ArrayBuffer::class_constructor(cx, cx->globalObject,
1, tvr.addr(),
rval.addr()))
return NULL;
return JSVAL_TO_OBJECT(rval.value());
@@ -1479,35 +1480,36 @@ js_CreateTypedArrayWithArray(JSContext *
}
JS_FRIEND_API(JSObject *)
js_CreateTypedArrayWithBuffer(JSContext *cx, jsint atype, JSObject *bufArg,
jsint byteoffset, jsint length)
{
JS_ASSERT(atype >= 0 && atype < TypedArray::TYPE_MAX);
JS_ASSERT(bufArg && ArrayBuffer::fromJSObject(bufArg));
- /* if byteoffset is -1, length must be -1 */
- JS_ASSERT(length < 0 || byteoffset >= 0);
+ JS_ASSERT_IF(byteoffset < 0, length < 0);
jsval vals[4];
AutoArrayRooter tvr(cx, JS_ARRAY_LENGTH(vals), vals);
int argc = 1;
vals[0] = OBJECT_TO_JSVAL(bufArg);
if (byteoffset >= 0) {
- js_NewNumberInRootedValue(cx, jsdouble(byteoffset), &vals[1]);
+ if (!js_NewNumberInRootedValue(cx, jsdouble(byteoffset), &vals[argc]))
+ return NULL;
+
argc++;
}
if (length >= 0) {
- js_NewNumberInRootedValue(cx, jsdouble(length), &vals[1]);
+ if (!js_NewNumberInRootedValue(cx, jsdouble(length), &vals[argc]))
+ return NULL;
+
argc++;
}
- js_NewNumberInRootedValue(cx, jsdouble(byteoffset), &vals[0]);
-
if (!TypedArrayConstruct(cx, atype, argc, &vals[0], &vals[3]))
return NULL;
return JSVAL_TO_OBJECT(vals[3]);
}
