From 1e700e18f082c81b68452c805d1805e2a3dcfae2 Mon Sep 17 00:00:00 2001
From: Gaming4JC <g4jc@hyperbola.info>
Date: Sat, 13 Jul 2019 23:10:10 -0400
Subject: Bug 1364573 - Don't relazify class default constructors.

Because of the wacko way we handle toString offsets for class default constructors, those offsets cannot be recovered if we relazify the functions.
Luckily there's no reason to relazify them, their JSScripts are very small: either a single 'retrval' for non-derived, and still fairly small for derived.
---
 js/src/jsscript.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'js')

diff --git a/js/src/jsscript.h b/js/src/jsscript.h
index 23ad447180..85eb2938d3 100644
--- a/js/src/jsscript.h
+++ b/js/src/jsscript.h
@@ -1494,6 +1494,7 @@ class JSScript : public js::gc::TenuredCell
     bool isRelazifiable() const {
         return (selfHosted() || lazyScript) && !hasInnerFunctions_ && !types_ &&
                !isGenerator() && !hasBaselineScript() && !hasAnyIonScript() &&
+               !isDefaultClassConstructor() &&
                !doNotRelazify_;
     }
     void setLazyScript(js::LazyScript* lazy) {
-- 
cgit v1.2.3