Bug 1096054 - Uninitialised value use in Interpret(JSContext*, js::RunState&). r=jwalden.
authorJulian Seward <jseward@acm.org>
Fri, 14 Nov 2014 21:55:03 +0100
changeset 240324 bb902590c536f06dde67465e912b71f57d33d778
parent 240323 55957219134c861f213d256592422e3627064d68
child 240325 bd0cf903ee97b7a2e6ebce4ae854d73e12b617ef
push id4311
push userraliiev@mozilla.com
push dateMon, 12 Jan 2015 19:37:41 +0000
treeherdermozilla-beta@150c9fed433b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjwalden
bugs1096054
milestone36.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1096054 - Uninitialised value use in Interpret(JSContext*, js::RunState&). r=jwalden.
dom/plugins/base/nsJSNPRuntime.cpp
js/src/vm/NativeObject.cpp
--- a/dom/plugins/base/nsJSNPRuntime.cpp
+++ b/dom/plugins/base/nsJSNPRuntime.cpp
@@ -1269,18 +1269,17 @@ NPObjWrapper_DelProperty(JSContext *cx, 
       return false;
 
     if (!hasProperty) {
       *succeeded = true;
       return true;
     }
   }
 
-  if (!npobj->_class->removeProperty(npobj, identifier))
-    *succeeded = false;
+  *succeeded = npobj->_class->removeProperty(npobj, identifier);
 
   return ReportExceptionIfPending(cx);
 }
 
 static bool
 NPObjWrapper_SetProperty(JSContext *cx, JS::Handle<JSObject*> obj, JS::Handle<jsid> id, bool strict,
                          JS::MutableHandle<JS::Value> vp)
 {
--- a/js/src/vm/NativeObject.cpp
+++ b/js/src/vm/NativeObject.cpp
@@ -2306,17 +2306,17 @@ baseops::DeleteGeneric(JSContext *cx, Ha
         if (IsAnyTypedArray(obj)) {
             // Don't delete elements from typed arrays.
             *succeeded = false;
             return true;
         }
 
         if (!CallJSDeletePropertyOp(cx, obj->getClass()->delProperty, obj, id, succeeded))
             return false;
-        if (!succeeded)
+        if (!*succeeded)
             return true;
 
         NativeObject *nobj = &obj->as<NativeObject>();
         if (!nobj->maybeCopyElementsForWrite(cx))
             return false;
 
         nobj->setDenseElementHole(cx, JSID_TO_INT(id));
         return SuppressDeletedProperty(cx, obj, id);
@@ -2325,13 +2325,13 @@ baseops::DeleteGeneric(JSContext *cx, Ha
     if (!shape->configurable()) {
         *succeeded = false;
         return true;
     }
 
     RootedId propid(cx, shape->propid());
     if (!CallJSDeletePropertyOp(cx, obj->getClass()->delProperty, obj, propid, succeeded))
         return false;
-    if (!succeeded)
+    if (!*succeeded)
         return true;
 
     return obj->removeProperty(cx, id) && SuppressDeletedProperty(cx, obj, id);
 }