Bug 842482 - Don't try to guess typedarray initializer type with missing script. r=bhackett, a=bajaj
authorTerrence Cole <terrence@mozilla.com>
Mon, 25 Feb 2013 22:26:37 -0800
changeset 132252 e162659d1a9335054f4a4a4a842fe2726b925423
parent 132251 c15b6ac9ec656f10e8a8562ac18cf6b0e1a458e0
child 132253 7f4f81cc28ed5bc8d1fade670102888ad24f4334
push id2323
push userbbajaj@mozilla.com
push dateMon, 01 Apr 2013 19:47:02 +0000
treeherdermozilla-beta@7712be144d91 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbhackett, bajaj
bugs842482
milestone21.0a2
Bug 842482 - Don't try to guess typedarray initializer type with missing script. r=bhackett, a=bajaj
js/src/jit-test/tests/basic/bug842482.js
js/src/jstypedarrayinlines.h
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug842482.js
@@ -0,0 +1,2 @@
+var g = newGlobal();
+new g.DataView(new g.ArrayBuffer());
--- a/js/src/jstypedarrayinlines.h
+++ b/js/src/jstypedarrayinlines.h
@@ -208,20 +208,22 @@ InitTypedArrayDataPointer(JSObject *obj,
     if (obj->runtime()->gcNursery.isInside(buffer))
         obj->runtime()->gcStoreBuffer.putGeneric(TypedArrayPrivateRef(obj, buffer, byteOffset));
 #endif
 }
 
 static NewObjectKind
 DataViewNewObjectKind(JSContext *cx, uint32_t byteLength, JSObject *proto)
 {
+    if (!proto && byteLength >= TypedArray::SINGLETON_TYPE_BYTE_LENGTH)
+        return SingletonObject;
     jsbytecode *pc;
     JSScript *script = cx->stack.currentScript(&pc);
-    if (!proto && byteLength >= TypedArray::SINGLETON_TYPE_BYTE_LENGTH)
-        return SingletonObject;
+    if (!script)
+        return GenericObject;
     return types::UseNewTypeForInitializer(cx, script, pc, &DataViewClass);
 }
 
 inline DataViewObject *
 DataViewObject::create(JSContext *cx, uint32_t byteOffset, uint32_t byteLength,
                        Handle<ArrayBufferObject*> arrayBuffer, JSObject *protoArg)
 {
     JS_ASSERT(byteOffset <= INT32_MAX);