Bug 864748 - Avoid accessing uninitialized data when calling a getter r=bholley
authorJon Coppeard <jcoppeard@mozilla.com>
Wed, 24 Apr 2013 10:45:40 +0100
changeset 140679 dff116662296a26dfdd9ac2ef49f7476ad85d899
parent 140678 cc71d4d9955538c85c791f664c183fd4b93d736a
child 140680 233f42abf005885675622decfd19712ff71f957c
push id2579
push userakeybl@mozilla.com
push dateMon, 24 Jun 2013 18:52:47 +0000
treeherdermozilla-beta@b69b7de8a05a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs864748
milestone23.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 864748 - Avoid accessing uninitialized data when calling a getter r=bholley
js/xpconnect/src/XPCWrappedJSClass.cpp
--- a/js/xpconnect/src/XPCWrappedJSClass.cpp
+++ b/js/xpconnect/src/XPCWrappedJSClass.cpp
@@ -1427,18 +1427,17 @@ pre_call_clean_up:
         return retval;
 
     // do the deed - note exceptions
 
     JS_ClearPendingException(cx);
 
     RootedValue rval(cx);
     if (XPT_MD_IS_GETTER(info->flags)) {
-        success = JS_GetProperty(cx, obj, name, argv);
-        rval = *argv;
+        success = JS_GetProperty(cx, obj, name, rval.address());
     } else if (XPT_MD_IS_SETTER(info->flags)) {
         success = JS_SetProperty(cx, obj, name, argv);
         rval = *argv;
     } else {
         if (!JSVAL_IS_PRIMITIVE(fval)) {
             uint32_t oldOpts = JS_GetOptions(cx);
             JS_SetOptions(cx, oldOpts | JSOPTION_DONT_REPORT_UNCAUGHT);