roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-06-06 00:19:08 +00:00
Code Issues Projects Releases Wiki Activity

Crash fix: Fix array splice implementation.

Browse Source
This commit is contained in:
wolfbeast
2016-08-10 15:46:30 +02:00
committed by roytam1
parent 985f804645
commit 3d3acb549a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
js/src/jsarray.cpp
+1 -1
View File
@@ -2542,7 +2542,7 @@ js::array_splice_impl(JSContext* cx, unsigned argc, Value* vp, bool returnValueI
Rooted<ArrayObject*> arr(cx, &obj->as<ArrayObject>());
if (arr->lengthIsWritable()) {
NativeObject::EnsureDenseResult res =
arr->ensureDenseElements(cx, arr->length(), itemCount - actualDeleteCount);
arr->ensureDenseElements(cx, len, itemCount - actualDeleteCount);
if (res == NativeObject::ED_FAILED)
return false;
}