mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
electron/patches/v8/cherry-pick-f320600cd1f4.patch
Keeley Hammond 96dda274e9
chore: cherry-pick f320600cd1f4 from v8 (#42120)
2024-05-11 14:17:02 -07:00

27 lines
1.2 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Shu-yu Guo <syg@chromium.org>
Date: Thu, 9 May 2024 12:03:28 -0700
Subject: Only normalize JSObject targets in SetOrCopyDataProperties
Bug: 339458194
Change-Id: I4d6eebdd921971fa28d7c474535d978900ba633f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5527397
Reviewed-by: Rezvan Mahdavi Hezaveh <rezvan@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#93811}
diff --git a/src/objects/js-objects.cc b/src/objects/js-objects.cc
index a90f88a638530c565f279e249ff03d3385b01089..9cb671370b9abfd3939e382c33bae8da8491b487 100644
--- a/src/objects/js-objects.cc
+++ b/src/objects/js-objects.cc
@@ -434,9 +434,7 @@ Maybe<bool> JSReceiver::SetOrCopyDataProperties(
Nothing<bool>());
if (!from->HasFastProperties() && target->HasFastProperties() &&
- !IsJSGlobalProxy(*target)) {
- // JSProxy is always in slow-mode.
- DCHECK(!IsJSProxy(*target));
+ IsJSObject(*target) && !IsJSGlobalProxy(*target)) {
// Convert to slow properties if we're guaranteed to overflow the number of
// descriptors.
int source_length;
Reference in a new issue View git blame Copy permalink