Bug 2035907 - wasm: Align WasmTableObject::growImpl with Instance::tableGrow. r=bvisness (31e8a76a) · Commits · The Tor Project / Applications / Tor Browser

js/src/jit-test/tests/wasm/regress/bug2035907.js

0 → 100644

+12 −0

Original line number	Diff line number	Diff line
		let {t} = wasmEvalText(`
		(module
		(global (import "" "g") (ref extern))
		(table (export "t") 5 100 (ref extern) (global.get 0))
		)
		`, {"": {g: "init"}}).exports;

		oomTest(() => {
		t.grow(1);
		assertEq(t.length, 6);
		assertEq(t.get(5), "init");
		});

+5 −5

Original line number	Diff line number	Diff line
		@@ -3072,7 +3072,8 @@ bool WasmTableObject::growImpl(JSContext* cx, const CallArgs& args) {

		RootedValue fillValue(
		cx, args.length() < 2 ? RefTypeDefaultValue(table.elemType()) : args[1]);
		if (!CheckRefType(cx, table.elemType(), fillValue)) {
		Rooted<wasm::AnyRef> fillRef(cx);
		if (!CheckRefType(cx, table.elemType(), fillValue, &fillRef)) {
		return false;
		}

		@@ -3086,13 +3087,12 @@ bool WasmTableObject::growImpl(JSContext* cx, const CallArgs& args) {

		// Skip filling the grown range of the table if the fill value is null, as
		// that is the default value.
		if (!fillValue.isNull() &&
		!tableObj->fillRange(cx, oldLength, delta, fillValue)) {
		return false;
		if (!fillRef.isNull()) {
		table.fillUninitialized(oldLength, delta, fillRef, cx);
		}
		#ifdef DEBUG
		// Assert that null is the default value of the grown range.
		if (fillValue.isNull()) {
		if (fillRef.isNull()) {
		table.assertRangeNull(oldLength, delta);
		}
		if (!table.elemType().isNullable()) {