roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-06-06 08:29:08 +00:00
Code Issues Projects Releases Wiki Activity

Re-land "Be more careful about optimizing sorted arrays".

Browse Source 
Avoids the issue in #966.
Verified not crashing Pentadactyl.
This commit is contained in:
Pale Moon
2017-03-19 10:16:13 +01:00
committed by roytam1
parent 034fc6a4c9
commit a36be1efb4
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
js/src/jsarray.cpp
+7 -1
View File
@@ -1965,7 +1965,9 @@ js::array_sort(JSContext* cx, unsigned argc, Value* vp)
}
/* Here len == n + undefs + number_of_holes. */
bool defaultOrMatch;
if (fval.isNull()) {
defaultOrMatch = true;
/*
* Sort using the default comparator converting all elements to
* strings.
@@ -1989,6 +1991,7 @@ js::array_sort(JSContext* cx, unsigned argc, Value* vp)
if (comp == Match_Failure)
return false;
defaultOrMatch = comp != Match_None;
if (comp != Match_None) {
if (allInts) {
JS_ALWAYS_TRUE(vec.resize(n * 2));
@@ -2009,7 +2012,10 @@ js::array_sort(JSContext* cx, unsigned argc, Value* vp)
}
}
if (!InitArrayElements(cx, obj, 0, uint32_t(n), vec.begin(), DontUpdateTypes))
ShouldUpdateTypes updateTypes = (allStrings || allInts) && defaultOrMatch
? ShouldUpdateTypes::DontUpdateTypes
: ShouldUpdateTypes::UpdateTypes;
if (!InitArrayElements(cx, obj, 0, uint32_t(n), vec.begin(), updateTypes))
return false;
}