From 40a355a42d4a9444dc753c04c6608dade2f06a23 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 03:13:27 +0200
Subject: Adding upstream version 125.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 js/src/vm/NativeObject.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'js/src/vm/NativeObject.cpp')

diff --git a/js/src/vm/NativeObject.cpp b/js/src/vm/NativeObject.cpp
index c952e1b40a..640a185981 100644
--- a/js/src/vm/NativeObject.cpp
+++ b/js/src/vm/NativeObject.cpp
@@ -943,8 +943,8 @@ bool NativeObject::growElements(JSContext* cx, uint32_t reqCapacity) {
     // For arrays with writable length, and all non-Array objects, call
     // `NativeObject::goodElementsAllocationAmount()` to determine the
     // amount to allocate from the the requested capacity and existing length.
-    if (!goodElementsAllocationAmount(cx, reqCapacity + numShifted,
-                                      getElementsHeader()->length,
+    uint32_t length = is<ArrayObject>() ? as<ArrayObject>().length() : 0;
+    if (!goodElementsAllocationAmount(cx, reqCapacity + numShifted, length,
                                       &newAllocated)) {
       return false;
     }
-- 
cgit v1.2.3