Bug 963077 - ensure function is non-lazy before getting its arguments in js_fun_apply. r=jandem
authorTill Schneidereit <till@tillschneidereit.net>
Fri, 24 Jan 2014 17:05:25 +0100
changeset 165087 9a565e0bd8478af8f0bc1af34387026cd26f29f6
parent 165086 14a1340ab2ff7289a6ba37ec09dd869e7680afdc
child 165088 ccbec5ed3ce7cd7429c4e0210dc474938e9bb064
push id26074
push userryanvm@gmail.com
push dateFri, 24 Jan 2014 21:51:09 +0000
treeherdermozilla-central@fdc82b2c5584 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs963077
milestone29.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 963077 - ensure function is non-lazy before getting its arguments in js_fun_apply. r=jandem
js/src/jsfun.cpp
--- a/js/src/jsfun.cpp
+++ b/js/src/jsfun.cpp
@@ -1051,16 +1051,19 @@ js_fun_apply(JSContext *cx, unsigned arg
         if (!args.init(length))
             return false;
 
         /* Push fval, obj, and aobj's elements as args. */
         args.setCallee(fval);
         args.setThis(vp[2]);
 
         /* Steps 7-8. */
+        JSFunction *fun = &args.callee().as<JSFunction>();
+        if (fun->isInterpreted() && !fun->getOrCreateScript(cx))
+            return false;
         if (!GetElements(cx, aobj, length, args.array()))
             return false;
     }
 
     /* Step 9. */
     if (!Invoke(cx, args))
         return false;