diff --git a/mozilla/js/src/jsinterp.c b/mozilla/js/src/jsinterp.c index 5e3608eb650..ed9dbcc0f19 100644 --- a/mozilla/js/src/jsinterp.c +++ b/mozilla/js/src/jsinterp.c @@ -4389,13 +4389,14 @@ interrupt: str = JSVAL_TO_STRING(lval); i = JSVAL_TO_INT(rval); if ((size_t)i < JSSTRING_LENGTH(str)) { - str = js_GetUnitString(cx, JSSTRING_CHARS(str)[i]); + str = js_GetUnitString(cx, str, (size_t)i); if (!str) goto error; rval = STRING_TO_JSVAL(str); goto end_getelem; } } + VALUE_TO_OBJECT(cx, -2, lval, obj); if (JSVAL_IS_INT(rval)) { if (OBJ_IS_DENSE_ARRAY(cx, obj)) { @@ -4415,6 +4416,7 @@ interrupt: if (!InternNonIntElementId(cx, obj, rval, &id)) goto error; } + if (!OBJ_GET_PROPERTY(cx, obj, id, &rval)) goto error; end_getelem: diff --git a/mozilla/js/src/jsstr.c b/mozilla/js/src/jsstr.c index 0d9bde4371d..41a8eacb47b 100644 --- a/mozilla/js/src/jsstr.c +++ b/mozilla/js/src/jsstr.c @@ -583,7 +583,7 @@ str_resolve(JSContext *cx, JSObject *obj, jsval id, uintN flags, slot = JSVAL_TO_INT(id); if ((size_t)slot < JSSTRING_LENGTH(str)) { - str1 = js_GetUnitString(cx, JSSTRING_CHARS(str)[slot]); + str1 = js_GetUnitString(cx, str, (size_t)slot); if (!str1) return JS_FALSE; if (!OBJ_DEFINE_PROPERTY(cx, obj, INT_TO_JSID(slot), @@ -849,7 +849,6 @@ str_charAt(JSContext *cx, uintN argc, jsval *vp) jsval t, v; JSString *str; jsint i; - jschar c; jsdouble d; t = vp[1]; @@ -877,10 +876,7 @@ str_charAt(JSContext *cx, uintN argc, jsval *vp) i = (jsint) d; } - c = JSSTRING_CHARS(str)[i]; - str = (c < UNIT_STRING_LIMIT) - ? js_GetUnitString(cx, c) - : js_NewDependentString(cx, str, i, 1); + str = js_GetUnitString(cx, str, (size_t)i); if (!str) return JS_FALSE; *vp = STRING_TO_JSVAL(str); @@ -1961,7 +1957,6 @@ str_slice(JSContext *cx, uintN argc, jsval *vp) { jsval t, v; JSString *str; - jschar c; t = vp[1]; v = vp[2]; @@ -1976,9 +1971,8 @@ str_slice(JSContext *cx, uintN argc, jsval *vp) if (length == 0) { str = cx->runtime->emptyString; } else { - str = (length == 1 && - (c = JSSTRING_CHARS(str)[begin]) < UNIT_STRING_LIMIT) - ? js_GetUnitString(cx, c) + str = (length == 1) + ? js_GetUnitString(cx, str, begin) : js_NewDependentString(cx, str, begin, length); if (!str) return JS_FALSE; @@ -2353,13 +2347,17 @@ js_InitDeflatedStringCache(JSRuntime *rt) IN_UNIT_STRING_SPACE((rt)->unitStrings, cp) JSString * -js_GetUnitString(JSContext *cx, jschar c) +js_GetUnitString(JSContext *cx, JSString *str, size_t index) { + jschar c, *cp, i; JSRuntime *rt; - JSString **sp, *str; - jschar *cp, i; + JSString **sp; + + JS_ASSERT(index < JSSTRING_LENGTH(str)); + c = JSSTRING_CHARS(str)[index]; + if (c >= UNIT_STRING_LIMIT) + return js_NewDependentString(cx, str, index, 1); - JS_ASSERT(c < UNIT_STRING_LIMIT); rt = cx->runtime; if (!rt->unitStrings) { sp = (JSString **) calloc(UNIT_STRING_LIMIT * sizeof(JSString *) + diff --git a/mozilla/js/src/jsstr.h b/mozilla/js/src/jsstr.h index dca86d1bfd3..1add234d3da 100644 --- a/mozilla/js/src/jsstr.h +++ b/mozilla/js/src/jsstr.h @@ -407,14 +407,11 @@ js_InitDeflatedStringCache(JSRuntime *rt); #define UNIT_STRING_LIMIT 256U /* - * Get the independent string containing only character code c (backstopped - * with a NUL as usual for independent strings). - * - * This function must be called only for c < UNIT_STRING_LIMIT. It asserts to - * insist on this requirement in DEBUG builds. + * Get the independent string containing only character code at index in str + * (backstopped with a zero character as usual for independent strings). */ extern JSString * -js_GetUnitString(JSContext *cx, jschar c); +js_GetUnitString(JSContext *cx, JSString *str, size_t index); extern void js_FinishUnitStrings(JSRuntime *rt);