Bug 1064346 - JSFunction's extended attributes expect POD-style initialization. r=billm, a=2.0+
authorTerrence Cole <terrence@mozilla.com>
Wed, 10 Sep 2014 15:42:36 -0700
changeset 203997 41046048a8f7592fd374c2f43a4cdb334b6056bd
parent 203996 2485d149745cde1dd33683be603adccda5da52bc
child 203998 44f813760b884bd72148c3f0c425b1baec1a05a9
push id359
push userryanvm@gmail.com
push dateFri, 26 Sep 2014 21:28:31 +0000
treeherdermozilla-b2g32_v2_0@41046048a8f7 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbillm, 2
bugs1064346
milestone32.0
Bug 1064346 - JSFunction's extended attributes expect POD-style initialization. r=billm, a=2.0+
js/public/Class.h
js/src/jsobjinlines.h
--- a/js/public/Class.h
+++ b/js/public/Class.h
@@ -465,18 +465,22 @@ struct Class
     bool hasPrivate() const {
         return !!(flags & JSCLASS_HAS_PRIVATE);
     }
 
     bool emulatesUndefined() const {
         return flags & JSCLASS_EMULATES_UNDEFINED;
     }
 
+    bool isJSFunction() const {
+        return this == js::FunctionClassPtr;
+    }
+
     bool isCallable() const {
-        return this == js::FunctionClassPtr || call;
+        return isJSFunction() || call;
     }
 
     bool isProxy() const {
         return flags & JSCLASS_IS_PROXY;
     }
 
     bool isDOMClass() const {
         return flags & JSCLASS_IS_DOMJSCLASS;
--- a/js/src/jsobjinlines.h
+++ b/js/src/jsobjinlines.h
@@ -507,16 +507,20 @@ JSObject::create(js::ExclusiveContext *c
 
     if (clasp->hasPrivate())
         obj->privateRef(shape->numFixedSlots()) = nullptr;
 
     size_t span = shape->slotSpan();
     if (span)
         obj->initializeSlotRange(0, span);
 
+    // JSFunction's fixed slots expect POD-style initialization.
+    if (type->clasp()->isJSFunction())
+        memset(obj->fixedSlots(), 0, sizeof(js::HeapSlot) * GetGCKindSlots(kind));
+
     return obj;
 }
 
 /* static */ inline js::ArrayObject *
 JSObject::createArray(js::ExclusiveContext *cx, js::gc::AllocKind kind, js::gc::InitialHeap heap,
                       js::HandleShape shape, js::HandleTypeObject type,
                       uint32_t length)
 {