Bug 1096054 - Uninitialised value use in Interpret(JSContext*, js::RunState&). r=jwalden.
authorJulian Seward <jseward@acm.org>
Fri, 14 Nov 2014 21:55:03 +0100
changeset 216010 bb902590c536f06dde67465e912b71f57d33d778
parent 216009 55957219134c861f213d256592422e3627064d68
child 216011 bd0cf903ee97b7a2e6ebce4ae854d73e12b617ef
push id27836
push userryanvm@gmail.com
push dateMon, 17 Nov 2014 21:19:25 +0000
treeherdermozilla-central@47f88e6ae34c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjwalden
bugs1096054
milestone36.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1096054 - Uninitialised value use in Interpret(JSContext*, js::RunState&). r=jwalden.
dom/plugins/base/nsJSNPRuntime.cpp
js/src/vm/NativeObject.cpp
--- a/dom/plugins/base/nsJSNPRuntime.cpp
+++ b/dom/plugins/base/nsJSNPRuntime.cpp
@@ -1269,18 +1269,17 @@ NPObjWrapper_DelProperty(JSContext *cx, 
       return false;
 
     if (!hasProperty) {
       *succeeded = true;
       return true;
     }
   }
 
-  if (!npobj->_class->removeProperty(npobj, identifier))
-    *succeeded = false;
+  *succeeded = npobj->_class->removeProperty(npobj, identifier);
 
   return ReportExceptionIfPending(cx);
 }
 
 static bool
 NPObjWrapper_SetProperty(JSContext *cx, JS::Handle<JSObject*> obj, JS::Handle<jsid> id, bool strict,
                          JS::MutableHandle<JS::Value> vp)
 {
--- a/js/src/vm/NativeObject.cpp
+++ b/js/src/vm/NativeObject.cpp
@@ -2306,17 +2306,17 @@ baseops::DeleteGeneric(JSContext *cx, Ha
         if (IsAnyTypedArray(obj)) {
             // Don't delete elements from typed arrays.
             *succeeded = false;
             return true;
         }
 
         if (!CallJSDeletePropertyOp(cx, obj->getClass()->delProperty, obj, id, succeeded))
             return false;
-        if (!succeeded)
+        if (!*succeeded)
             return true;
 
         NativeObject *nobj = &obj->as<NativeObject>();
         if (!nobj->maybeCopyElementsForWrite(cx))
             return false;
 
         nobj->setDenseElementHole(cx, JSID_TO_INT(id));
         return SuppressDeletedProperty(cx, obj, id);
@@ -2325,13 +2325,13 @@ baseops::DeleteGeneric(JSContext *cx, Ha
     if (!shape->configurable()) {
         *succeeded = false;
         return true;
     }
 
     RootedId propid(cx, shape->propid());
     if (!CallJSDeletePropertyOp(cx, obj->getClass()->delProperty, obj, propid, succeeded))
         return false;
-    if (!succeeded)
+    if (!*succeeded)
         return true;
 
     return obj->removeProperty(cx, id) && SuppressDeletedProperty(cx, obj, id);
 }