diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-30 03:01:59 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-30 03:01:59 +0000 |
commit | 85310221f0512bf1aeefc49ead8a1e11bda55990 (patch) | |
tree | 70a3efbfee6c7cbeb626185b35166d2c376b4bb8 /js/src | |
parent | Adding upstream version 126.0. (diff) | |
download | firefox-85310221f0512bf1aeefc49ead8a1e11bda55990.tar.xz firefox-85310221f0512bf1aeefc49ead8a1e11bda55990.zip |
Adding upstream version 126.0.1.upstream/126.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'js/src')
-rw-r--r-- | js/src/jit-test/tests/arrays/bug1897150-1.js | 9 | ||||
-rw-r--r-- | js/src/jit-test/tests/arrays/bug1897150-2.js | 9 | ||||
-rw-r--r-- | js/src/jit/TrampolineNatives.cpp | 6 |
3 files changed, 24 insertions, 0 deletions
diff --git a/js/src/jit-test/tests/arrays/bug1897150-1.js b/js/src/jit-test/tests/arrays/bug1897150-1.js new file mode 100644 index 0000000000..d7a26fb41a --- /dev/null +++ b/js/src/jit-test/tests/arrays/bug1897150-1.js @@ -0,0 +1,9 @@ +var arr = [1,2,3,4] +var global = 1; + +var comparator = function(a, b) { + assertEq(this.global, 1); + return b - a; +} + +arr.sort(comparator); diff --git a/js/src/jit-test/tests/arrays/bug1897150-2.js b/js/src/jit-test/tests/arrays/bug1897150-2.js new file mode 100644 index 0000000000..53f78a8a45 --- /dev/null +++ b/js/src/jit-test/tests/arrays/bug1897150-2.js @@ -0,0 +1,9 @@ +var typedArr = Uint8Array.from([1,2,3,4]) +var global = 1; + +var comparator = function(a, b) { + assertEq(this.global, 1); + return b - a; +} + +typedArr.sort(comparator); diff --git a/js/src/jit/TrampolineNatives.cpp b/js/src/jit/TrampolineNatives.cpp index 0bde6d9985..e22023f8dd 100644 --- a/js/src/jit/TrampolineNatives.cpp +++ b/js/src/jit/TrampolineNatives.cpp @@ -86,6 +86,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm) { -int32_t(FrameSize) + ArraySortData::offsetOfComparatorReturnValue(); constexpr int32_t DescriptorOffset = -int32_t(FrameSize) + ArraySortData::offsetOfDescriptor(); + constexpr int32_t ComparatorThisOffset = + -int32_t(FrameSize) + ArraySortData::offsetOfComparatorThis(); #ifdef JS_USE_LINK_REGISTER masm.pushReturnAddress(); @@ -146,6 +148,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm) { Label callDone, jitCallFast, jitCallSlow; masm.bind(&jitCallFast); { + masm.storeValue(UndefinedValue(), + Address(FramePointer, ComparatorThisOffset)); masm.storePtr(ImmWord(jitCallDescriptor), Address(FramePointer, DescriptorOffset)); masm.loadPtr(Address(FramePointer, ComparatorOffset), temp0); @@ -155,6 +159,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm) { } masm.bind(&jitCallSlow); { + masm.storeValue(UndefinedValue(), + Address(FramePointer, ComparatorThisOffset)); masm.storePtr(ImmWord(jitCallDescriptor), Address(FramePointer, DescriptorOffset)); masm.loadPtr(Address(FramePointer, ComparatorOffset), temp0); |