mozilla-1.9.1: changeset 27107:059a056b8e882ea7685d7efb9aba1dd1904b57f0

--- a/js/src/jsdbgapi.cpp
+++ b/js/src/jsdbgapi.cpp
@@ -746,22 +746,24 @@ JS_SetWatchPoint(JSContext *cx, JSObject
     JSPropertyOp watcher;
 
     if (!OBJ_IS_NATIVE(obj)) {
         JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_CANT_WATCH,
                              OBJ_GET_CLASS(cx, obj)->name);
         return JS_FALSE;
     }
 
+    JSAutoTempValueRooter idroot(cx);
     if (JSVAL_IS_INT(idval)) {
         propid = INT_JSVAL_TO_JSID(idval);
     } else {
         if (!js_ValueToStringId(cx, idval, &propid))
             return JS_FALSE;
         CHECK_FOR_STRING_INDEX(propid);
+        idroot.set(ID_TO_VALUE(propid));
     }
 
     if (!js_LookupProperty(cx, obj, propid, &pobj, &prop))
         return JS_FALSE;
     sprop = (JSScopeProperty *) prop;
     rt = cx->runtime;
     if (!sprop) {
         /* Check for a deleted symbol watchpoint, which holds its property. */
@@ -772,45 +774,47 @@ JS_SetWatchPoint(JSContext *cx, JSObject
                                    NULL, NULL, JSPROP_ENUMERATE,
                                    &prop)) {
                 return JS_FALSE;
             }
             sprop = (JSScopeProperty *) prop;
         }
     } else if (pobj != obj) {
         /* Clone the prototype property so we can watch the right object. */
-        jsval value;
+        JSAutoTempValueRooter valroot(cx);
         JSPropertyOp getter, setter;
         uintN attrs, flags;
         intN shortid;
 
         if (OBJ_IS_NATIVE(pobj)) {
-            value = SPROP_HAS_VALID_SLOT(sprop, OBJ_SCOPE(pobj))
-                    ? LOCKED_OBJ_GET_SLOT(pobj, sprop->slot)
-                    : JSVAL_VOID;
+            valroot.set(SPROP_HAS_VALID_SLOT(sprop, OBJ_SCOPE(pobj))
+                        ? LOCKED_OBJ_GET_SLOT(pobj, sprop->slot)
+                        : JSVAL_VOID);
             getter = sprop->getter;
             setter = sprop->setter;
             attrs = sprop->attrs;
             flags = sprop->flags;
             shortid = sprop->shortid;
+            JS_UNLOCK_OBJ(cx, pobj);
         } else {
-            if (!OBJ_GET_PROPERTY(cx, pobj, propid, &value) ||
-                !OBJ_GET_ATTRIBUTES(cx, pobj, propid, prop, &attrs)) {
-                OBJ_DROP_PROPERTY(cx, pobj, prop);
+            OBJ_DROP_PROPERTY(cx, pobj, prop);
+
+            if (!OBJ_GET_PROPERTY(cx, pobj, propid, valroot.addr()) ||
+                !OBJ_GET_ATTRIBUTES(cx, pobj, propid, NULL, &attrs)) {
                 return JS_FALSE;
             }
             getter = setter = NULL;
             flags = 0;
             shortid = 0;
         }
-        OBJ_DROP_PROPERTY(cx, pobj, prop);
 
         /* Recall that obj is native, whether or not pobj is native. */
-        if (!js_DefineNativeProperty(cx, obj, propid, value, getter, setter,
-                                     attrs, flags, shortid, &prop)) {
+        if (!js_DefineNativeProperty(cx, obj, propid, valroot.value(),
+                                     getter, setter, attrs, flags,
+                                     shortid, &prop)) {
             return JS_FALSE;
         }
         sprop = (JSScopeProperty *) prop;
     }
 
     /*
      * At this point, prop/sprop exists in obj, obj is locked, and we must
      * OBJ_DROP_PROPERTY(cx, obj, prop) before returning.

author	Igor Bukanov <igor@mir2.org>
	Fri, 24 Sep 2010 21:43:23 +0200
changeset 27107	059a056b8e882ea7685d7efb9aba1dd1904b57f0
parent 27106	e68c015fafa02656f9aa6c058b7b8d096447ebbb
child 27108	68d3084c0bcbb3ca011d075a87ff95fe00f8a3db
push id	2500
push user	ibukanov@mozilla.com
push date	Fri, 24 Sep 2010 19:43:45 +0000
reviewers	brendan
bugs	568303
milestone	1.9.1.14pre