Closed
Bug 315797
Opened 19 years ago
Closed 19 years ago
js_Interpret uses undefined variables on recursion error
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: daumling, Assigned: mrbkap)
References
Details
(Keywords: js1.6, verified1.8.0.1, verified1.8.1, Whiteboard: [need testcase])
Attachments
(1 file)
|
(deleted),
patch
|
brendan
:
review+
benjamin
:
approval1.8.0.1+
benjamin
:
approval1.8.1+
|
Details | Diff | Splinter Review |
When I ran the test js1_5/Regress/96128-n.js, the test hit a recursion error as expected. In jsinterp.c, line 1832, the code jumped to out2. Here (line 5428), VC++ reported the usage of uninitialized variables mark and sp.
Could be with my test setup, but could also be a potential crasher. Please investigate.
|
Assignee | |
Comment 1•19 years ago
|
||
It looks like the only two uses of out2 are before mark, fp->sp, or fp->spbase are set.
|
||
Comment 2•19 years ago
|
||
Comment on attachment 202461 [details] [diff] [review]
Don't use variables before they're assigned to
Good grief.
/be
Attachment #202461 -
Flags: review?(brendan) → review+
|
|
||
Comment 3•19 years ago
|
||
Bob, please get this on the 1.6 mini-branch when it's cut. Thanks,
/be
Keywords: js1.6
|
|
Assignee | |
Comment 4•19 years ago
|
||
Checked into trunk.
Thanks for the heads up, Mike.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
|
||
Updated•19 years ago
|
Flags: blocking1.8.0.1+
|
||
Updated•19 years ago
|
Flags: testcase-
|
|
||
Comment 5•19 years ago
|
||
Comment on attachment 202461 [details] [diff] [review]
Don't use variables before they're assigned to
This is another patch that should go into the branches ASAP. It should not be subject to any quota on fixes. It's zero risk.
/be
Attachment #202461 -
Flags: approval1.8.1?
Attachment #202461 -
Flags: approval1.8.0.1?
|
||
Comment 6•19 years ago
|
||
Comment on attachment 202461 [details] [diff] [review]
Don't use variables before they're assigned to
a=drivers, mark fixed1.* flags when checked in
Attachment #202461 -
Flags: approval1.8.1?
Attachment #202461 -
Flags: approval1.8.1+
Attachment #202461 -
Flags: approval1.8.0.1?
Attachment #202461 -
Flags: approval1.8.0.1+
|
||
Comment 8•19 years ago
|
||
Any quick way to verify this fix? Anyone have a testcase to use?
Whiteboard: [need testcase]
|
|
Assignee | |
Comment 9•19 years ago
|
||
The easiest way to verify a bug like this would be to look at the source code and visually verify that the obj2 label is placed after all uses of mark, fp->sp and fp->spbase; it would be nice if compilers would do this sort of checking at compile time well enough to verify that way.
|
||
Comment 11•19 years ago
|
||
Adding the verified keyword per Brendan's Comment 10.
Keywords: fixed1.8.0.1 → verified1.8.0.1
|
|
||
Comment 12•19 years ago
|
||
v by bonsai:
2006-01-06 14:58 mrbkap%gmail.com mozilla/js/src/jsinterp.c 3.181.2.17.2.1 MOZILLA_1_8_0_BRANCH 2/1 bug 315797: Fix a misplaced labels. r=brendan a=dveditz
2006-01-06 14:57 mrbkap%gmail.com mozilla/js/src/jsinterp.c 3.181.2.18 MOZILLA_1_8_BRANCH 2/1
Keywords: fixed1.8.1 → verified1.8.1
You need to log in
before you can comment on or make changes to this bug.
Description
•