[INFER] Check type->newScriptCleared before calling clearNewScript, bug 658803.
authorBrian Hackett <bhackett1024@gmail.com>
Sat, 21 May 2011 22:07:14 -0700
changeset 75095 9e085d869d9b2f1e5cc839cbd523465ec8298217
parent 75094 02e57161e17ebed7e0a5753bcaeb660b26f2a198
child 75096 d37ec0c318d605cc6e86d6aaa72a91723f4e069a
push id2
push userbsmedberg@mozilla.com
push dateFri, 19 Aug 2011 14:38:13 +0000
bugs658803
milestone6.0a1
[INFER] Check type->newScriptCleared before calling clearNewScript, bug 658803.
js/src/jsinfer.cpp
--- a/js/src/jsinfer.cpp
+++ b/js/src/jsinfer.cpp
@@ -3980,17 +3980,17 @@ public:
     void newType(JSContext *cx, TypeSet *source, jstype type) {
         if (!object->newScript)
             return;
         /*
          * Clear out the newScript shape and definite property information from
          * an object if the source type set could be a setter (its type set
          * becomes unknown).
          */
-        if (type == TYPE_UNKNOWN)
+        if (!object->newScriptCleared && type == TYPE_UNKNOWN)
             object->clearNewScript(cx);
     }
 
     TypeObject * persistentObject() { return object; }
 };
 
 /*
  * Constraint which clears definite properties on an object should a type set