Closed Bug 446136 Opened 16 years ago Closed 16 years ago

js_DateIsValid no longer tests that its argument is a date object

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 444233

People

(Reporter: asuth, Unassigned)

Details

(Keywords: crash)

Attachments

(1 obsolete file)

Prior to the changes in bug 385393, js_DateIsValid's call-chain would use JS_InstanceOf to determine whether the passed-in object was a date before doing anything. Changes to GetUTCTime now only perform the check if vp is non-NULL, but js_DateIsValid always passes in NULL. It appears this was an oversight in the changes made on bug 385393. (Although js_DateIsValid does not provide any guarantees about its behaviour in this instance, GetUTCTime's comment does indicate it should be type-checking.) Without this fix, storage's statement wrapper can/will segfault if you do something silly like try an assign an array to a bound parameter.
Attachment #330334 - Flags: review?(brendan)
Andrew, this is a duplicate of bug 444233, right (feel free to change its summary to something more searchable)?
Whoops, right you are. I must have only checked the statement code in mozilla-central in my research (and cvs for the rest). Thanks for the dupe-check.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Attachment #330334 - Attachment is obsolete: true
Attachment #330334 - Flags: review?(brendan)
Keywords: crash
Severity: normal → critical
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: