[jackhill/guix/guix.git] / gnu / packages / patches / icecat-CVE-2016-2807-pt4.patch

Copied from https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/5c312182da90

# HG changeset patch
# User Jan de Mooij <jdemooij@mozilla.com>
# Date 1458828581 -3600
# Node ID 5c312182da9020504103aa329360abaffa7e232d
# Parent  fa4efccde9b7efde8763a178a6cf422b6d37a0e9
Bug 1254622 - Relookup group->newScript in CreateThisForFunctionWithGroup. r=bhackett a=sylvestre

MozReview-Commit-ID: KXd7kB70f1Z

diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -1574,18 +1574,19 @@ CreateThisForFunctionWithGroup(JSContext
         // Not enough objects with this group have been created yet, so make a
         // plain object and register it with the group. Use the maximum number
         // of fixed slots, as is also required by the TypeNewScript.
         gc::AllocKind allocKind = GuessObjectGCKind(NativeObject::MAX_FIXED_SLOTS);
         PlainObject* res = NewObjectWithGroup<PlainObject>(cx, group, parent, allocKind, newKind);
         if (!res)
             return nullptr;
 
-        if (newKind != SingletonObject)
-            newScript->registerNewObject(res);
+        // Make sure group->newScript is still there.
+        if (newKind != SingletonObject && group->newScript())
+            group->newScript()->registerNewObject(res);
 
         return res;
     }
 
     gc::AllocKind allocKind = NewObjectGCKind(&PlainObject::class_);
 
     if (newKind == SingletonObject) {
         Rooted<TaggedProto> protoRoot(cx, group->proto());
Commit	Line	Data
dde2a94c MW	1	Copied from https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/5c312182da90
	2
	3	# HG changeset patch
	4	# User Jan de Mooij <jdemooij@mozilla.com>
	5	# Date 1458828581 -3600
	6	# Node ID 5c312182da9020504103aa329360abaffa7e232d
	7	# Parent fa4efccde9b7efde8763a178a6cf422b6d37a0e9
	8	Bug 1254622 - Relookup group->newScript in CreateThisForFunctionWithGroup. r=bhackett a=sylvestre
	9
	10	MozReview-Commit-ID: KXd7kB70f1Z
	11
	12	diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp
	13	--- a/js/src/jsobj.cpp
	14	+++ b/js/src/jsobj.cpp
	15	@@ -1574,18 +1574,19 @@ CreateThisForFunctionWithGroup(JSContext
	16	// Not enough objects with this group have been created yet, so make a
	17	// plain object and register it with the group. Use the maximum number
	18	// of fixed slots, as is also required by the TypeNewScript.
	19	gc::AllocKind allocKind = GuessObjectGCKind(NativeObject::MAX_FIXED_SLOTS);
	20	PlainObject* res = NewObjectWithGroup<PlainObject>(cx, group, parent, allocKind, newKind);
	21	if (!res)
	22	return nullptr;
	23
	24	- if (newKind != SingletonObject)
	25	- newScript->registerNewObject(res);
	26	+ // Make sure group->newScript is still there.
	27	+ if (newKind != SingletonObject && group->newScript())
	28	+ group->newScript()->registerNewObject(res);
	29
	30	return res;
	31	}
	32
	33	gc::AllocKind allocKind = NewObjectGCKind(&PlainObject::class_);
	34
	35	if (newKind == SingletonObject) {
	36	Rooted<TaggedProto> protoRoot(cx, group->proto());
	37