summaryrefslogtreecommitdiffstats
path: root/js/src
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--js/src/jit-test/tests/arrays/bug1897150-1.js9
-rw-r--r--js/src/jit-test/tests/arrays/bug1897150-2.js9
-rw-r--r--js/src/jit/TrampolineNatives.cpp6
3 files changed, 24 insertions, 0 deletions
diff --git a/js/src/jit-test/tests/arrays/bug1897150-1.js b/js/src/jit-test/tests/arrays/bug1897150-1.js
new file mode 100644
index 0000000000..d7a26fb41a
--- /dev/null
+++ b/js/src/jit-test/tests/arrays/bug1897150-1.js
@@ -0,0 +1,9 @@
+var arr = [1,2,3,4]
+var global = 1;
+
+var comparator = function(a, b) {
+ assertEq(this.global, 1);
+ return b - a;
+}
+
+arr.sort(comparator);
diff --git a/js/src/jit-test/tests/arrays/bug1897150-2.js b/js/src/jit-test/tests/arrays/bug1897150-2.js
new file mode 100644
index 0000000000..53f78a8a45
--- /dev/null
+++ b/js/src/jit-test/tests/arrays/bug1897150-2.js
@@ -0,0 +1,9 @@
+var typedArr = Uint8Array.from([1,2,3,4])
+var global = 1;
+
+var comparator = function(a, b) {
+ assertEq(this.global, 1);
+ return b - a;
+}
+
+typedArr.sort(comparator);
diff --git a/js/src/jit/TrampolineNatives.cpp b/js/src/jit/TrampolineNatives.cpp
index 0bde6d9985..e22023f8dd 100644
--- a/js/src/jit/TrampolineNatives.cpp
+++ b/js/src/jit/TrampolineNatives.cpp
@@ -86,6 +86,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm) {
-int32_t(FrameSize) + ArraySortData::offsetOfComparatorReturnValue();
constexpr int32_t DescriptorOffset =
-int32_t(FrameSize) + ArraySortData::offsetOfDescriptor();
+ constexpr int32_t ComparatorThisOffset =
+ -int32_t(FrameSize) + ArraySortData::offsetOfComparatorThis();
#ifdef JS_USE_LINK_REGISTER
masm.pushReturnAddress();
@@ -146,6 +148,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm) {
Label callDone, jitCallFast, jitCallSlow;
masm.bind(&jitCallFast);
{
+ masm.storeValue(UndefinedValue(),
+ Address(FramePointer, ComparatorThisOffset));
masm.storePtr(ImmWord(jitCallDescriptor),
Address(FramePointer, DescriptorOffset));
masm.loadPtr(Address(FramePointer, ComparatorOffset), temp0);
@@ -155,6 +159,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm) {
}
masm.bind(&jitCallSlow);
{
+ masm.storeValue(UndefinedValue(),
+ Address(FramePointer, ComparatorThisOffset));
masm.storePtr(ImmWord(jitCallDescriptor),
Address(FramePointer, DescriptorOffset));
masm.loadPtr(Address(FramePointer, ComparatorOffset), temp0);