Bug 896126 - Don't wrap pending exceptions into the atoms compartment. r=luke
authorBobby Holley <bobbyholley@gmail.com>
Mon, 22 Jul 2013 16:40:01 -0700
changeset 151812 de1042bf3026ab46afa24e59887dbc90436806aa
parent 151811 bb21d96a3274a0d18f961100daedb1c4415237b9
child 151813 ac9174e8ed0639cc5fb573efebee6aa0106178b7
push id2859
push userakeybl@mozilla.com
push dateMon, 16 Sep 2013 19:14:59 +0000
treeherdermozilla-beta@87d3c51cd2bf [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersluke
bugs896126
milestone25.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 896126 - Don't wrap pending exceptions into the atoms compartment. r=luke
js/src/jit-test/tests/parser/bug-896126.js
js/src/jscntxt.cpp
js/src/jscompartment.cpp
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/parser/bug-896126.js
@@ -0,0 +1,11 @@
+// |jit-test| error: SyntaxError
+({
+    r: function() {
+        function f() {
+            w[0xe56241c6 >> 3]
+        }
+    },
+    s: function() {
+        "use asm"
+        return (1 for
+
--- a/js/src/jscntxt.cpp
+++ b/js/src/jscntxt.cpp
@@ -1097,17 +1097,17 @@ JSContext::~JSContext()
  * the caller must subsequently take an error path. If wrapping fails, it will
  * set a new (uncatchable) exception to be used in place of the original.
  */
 void
 JSContext::wrapPendingException()
 {
     RootedValue value(this, getPendingException());
     clearPendingException();
-    if (compartment()->wrap(this, &value))
+    if (!IsAtomsCompartment(compartment()) && compartment()->wrap(this, &value))
         setPendingException(value);
 }
 
 
 void
 JSContext::enterGenerator(JSGenerator *gen)
 {
     JS_ASSERT(!gen->prevGenerator);
--- a/js/src/jscompartment.cpp
+++ b/js/src/jscompartment.cpp
@@ -189,16 +189,17 @@ JSCompartment::putWrapper(const CrossCom
     JS_ASSERT_IF(wrapped.kind != CrossCompartmentKey::StringWrapper, wrapper.isObject());
     return crossCompartmentWrappers.put(wrapped, wrapper);
 }
 
 bool
 JSCompartment::wrap(JSContext *cx, MutableHandleValue vp, HandleObject existingArg)
 {
     JS_ASSERT(cx->compartment() == this);
+    JS_ASSERT(this != rt->atomsCompartment);
     JS_ASSERT_IF(existingArg, existingArg->compartment() == cx->compartment());
     JS_ASSERT_IF(existingArg, vp.isObject());
     JS_ASSERT_IF(existingArg, IsDeadProxyObject(existingArg));
 
     unsigned flags = 0;
 
     JS_CHECK_CHROME_RECURSION(cx, return false);