Bug 719841 - Do not innerize an object assigned to __proto__. r=mrbkap
☠☠ backed out by 13b29452a036 ☠ ☠
authorJason Orendorff <jorendorff@mozilla.com>
Fri, 20 Jan 2012 13:32:44 -0800
changeset 86250 86da174de8df17eaaf1d8d2103f70d56376ddda5
parent 86249 cf45def338fac6e606fad2b529b6e246a46117e9
child 86251 febc999231e431bc8bb79568ae8a27dfb6adf9de
push id805
push userakeybl@mozilla.com
push dateWed, 01 Feb 2012 18:17:35 +0000
treeherdermozilla-aurora@6fb3bf232436 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmrbkap
bugs719841
milestone12.0a1
Bug 719841 - Do not innerize an object assigned to __proto__. r=mrbkap
js/src/jsobj.cpp
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -183,36 +183,25 @@ obj_setProto(JSContext *cx, JSObject *ob
 
     /* ECMAScript 5 8.6.2 forbids changing [[Prototype]] if not [[Extensible]]. */
     if (!obj->isExtensible()) {
         obj->reportNotExtensible(cx);
         return false;
     }
 
     if (!vp->isObjectOrNull())
-        return JS_TRUE;
+        return true;
 
     JSObject *pobj = vp->toObjectOrNull();
-    if (pobj) {
-        /*
-         * Innerize pobj here to avoid sticking unwanted properties on the
-         * outer object. This ensures that any with statements only grant
-         * access to the inner object.
-         */
-        OBJ_TO_INNER_OBJECT(cx, pobj);
-        if (!pobj)
-            return JS_FALSE;
-    }
-
     uintN attrs;
     id = ATOM_TO_JSID(cx->runtime->atomState.protoAtom);
     if (!CheckAccess(cx, obj, id, JSAccessMode(JSACC_PROTO|JSACC_WRITE), vp, &attrs))
-        return JS_FALSE;
-
-    return SetProto(cx, obj, pobj, JS_TRUE);
+        return false;
+
+    return SetProto(cx, obj, pobj, true);
 }
 
 #else  /* !JS_HAS_OBJ_PROTO_PROP */
 
 #define object_props NULL
 
 #endif /* !JS_HAS_OBJ_PROTO_PROP */