Closed Bug 461158 Opened 16 years ago Closed 16 years ago

js1_6/extensions/regress-456826.js: (Math|Date) is not defined

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: bc, Assigned: igor)

References

Details

(4 keywords, Whiteboard: [sg:investigate] post 1.8-branch)

Attachments

(2 files, 1 obsolete file)

fix v1 (mq patch)
(deleted), patch
igor
: review+
Details | Diff | Splinter Review
Patch for the 1.9.0 branch
(deleted), patch
mrbkap
: review+
samuel.sidler+old
: approval1.9.0.9+
Details | Diff | Splinter Review
from bug 456826 comment 36. ./js1_6/extensions/regress-456826.js:93: Math is not defined ./js1_6/extensions/regress-456826.js:127: Date is not defined either of these errors may occur depending on the build and shell options. this regressed in http://hg.mozilla.org/mozilla-central/rev/62b8f8cd8b69 Igor@mir2.org date: Wed Apr 02 00:46:12 2008 -0700 summary: [Bug 423874] Allocating functions together with JSObject. r=brendan
Flags: in-testsuite+
Flags: in-litmus-
Assignee: general → igor
Flags: blocking1.9.1+
The regression is from bug 365851 and comes from the fact that js_FindPropertyHelper, http://hg.mozilla.org/mozilla-central/file/0d837275baca/js/src/jsobj.cpp#l3533 , does not propagate the error condition from js_LookupPropertyWithFlags . The latter returns -1 on errors and the code ignores that. The reason the failure is associated with the bug 423874 is that bug altered the memory usage for the function objects. Given the restriction gcparam("maxBytes", 22000); from the test, that triggered the failure on the code path with errors.
Blocks: js-propcache
No longer blocks: 423874
Attached patch fix v1 (obsolete) (deleted) — Splinter Review
The patch just adds the missing error check.
Attachment #350229 - Flags: review?(brendan)
Note on ./js1_6/extensions/regress-456826.js test: on 64-bit platform it fails with OOM and that should be OK. Alternatively, changing 22000 in gcparam("maxBytes", 22000); to 60000 on 64 bit should make it work.
Attachment #350229 - Flags: review?(brendan)
Attachment #350229 - Flags: review+
Attachment #350229 - Flags: approval1.9.1?
Attachment #350229 - Flags: approval1.9.0.6?
Comment on attachment 350229 [details] [diff] [review] fix v1 Whoops -- thanks for fixing. /be
Comment on attachment 350229 [details] [diff] [review] fix v1 a=sayrer, but it's already blocking
Attachment #350229 - Flags: approval1.9.1? → approval1.9.1+
Attached patch fix v1 (mq patch) (deleted) — Splinter Review
Attachment #350229 - Attachment is obsolete: true
Attachment #350244 - Flags: review+
Attachment #350229 - Flags: approval1.9.0.6?
Group: core-security
I marked the bug as restricted as it is not clear if there any hazards due to it.
Pushed http://hg.mozilla.org/mozilla-central/rev/4c6331befc51
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
verified fixed mozilla-central but not tracemonkey
Status: RESOLVED → VERIFIED
v 1.9.1, 1.9.2
Keywords: fixed1.9.1verified1.9.1
Not needed for 1.8, wanted for 1.9.0 which contains the patch from bug 365851 that caused this. Don't know the potential security impacts of this.
Flags: wanted1.9.0.x+
Flags: wanted1.8.1.x-
Whiteboard: [sg:investigate] post 1.8-branch
Flags: blocking1.9.0.8?
Flags: blocking1.9.0.8? → blocking1.9.0.8+
Flags: blocking1.9.0.8+ → blocking1.9.0.8?
Flags: blocking1.9.0.8? → blocking1.9.0.8+
Igor: Can you please work up a 1.9.0-branch patch for this? Our code freeze for 1.9.0.8 is tomorrow and this blocks the release.
Attached patch Patch for the 1.9.0 branch (deleted) — Splinter Review
Attachment #367870 - Flags: review+
Attachment #367870 - Flags: approval1.9.0.8?
Attachment #367870 - Flags: approval1.9.0.8? → approval1.9.0.8+
Comment on attachment 367870 [details] [diff] [review] Patch for the 1.9.0 branch Approved for 1.9.0.8. a=ss for release-drivers
Fixed on the 1.9.0 branch.
Keywords: fixed1.9.0.8
v 1.9.0
Keywords: fixed1.9.0.8verified1.9.0.8
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: