Closed
Bug 204210
Opened 22 years ago
Closed 22 years ago
new eval() triggers ArrayIndexOutOfBoundsException in interpreted mode
Categories
(Rhino Graveyard :: Core, defect)
Rhino Graveyard
Core
Tracking
(Not tracked)
VERIFIED
FIXED
1.5R5
People
(Reporter: igor, Assigned: norrisboyd)
Details
(Whiteboard: QA note: verify the fix for this bug interactively)
Attachments
(1 file)
|
15.96 KB,
patch
|
Details | Diff | Splinter Review |
The following one line script causes ArrayIndexOutOfBoundsException in
interpreted mode:
new eval();
~> java -jar ~/.../js.jar -opt -1 -e 'new eval()'
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException
at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:2117)
at org.mozilla.javascript.InterpretedScript.call(InterpretedScript.java:62)
at org.mozilla.javascript.InterpretedScript.exec(InterpretedScript.java:5
...
For the test case it may be necessary to use code like:
function f()
{
new eval();
}
f();
since the bug corrupts interpreter stack and it may not be visible if new eval()
is not a single statement in function/script.
|
||
Comment 1•22 years ago
|
||
Testcase added to JS testsuite:
mozilla/js/tests/js1_5/Regress/regress-204210.js
The testcase puts |new eval();| inside |try...catch| blocks, since in Rhino
this construct is supposed to produce a run-time error due to bug 203909,
"Behavior of built-in functions called as constructors should follow standard."
However: the Rhino interpreted-mode crash on |new eval();|, i.e. the
current bug, isn't occurring when |new eval();| is inside |try...catch|!
So it looks like I'll have to verify the fix for this bug manually -
Whiteboard: QA note: verify the fix for this bug interactively
|
Reporter | |
Comment 2•22 years ago
|
||
The patch merges ScriptRuntime.callSpecial and ScriptRuntime.newObjectSpecial
into single ScriptRuntime.callSpecial which takes a boolean flag to indicate if
this is a call from new and a special call type id as parameter for better
error reporting so new eval() prints:
js: "<stdin>", line 1: uncaught JavaScript exception: TypeError: "eval" is not
a constructor. (<stdin>; line 1)
|
|
Reporter | |
Comment 3•22 years ago
|
||
I committed the fix
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
|
|
||
Comment 4•22 years ago
|
||
Verified FIXED interactively in the Rhino shell:
------------------------- BEFORE THE FIX -------------------------
js> new eval();
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -1
at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:2115)
at org.mozilla.javascript.InterpretedScript.call(InterpretedScript.java:62)
at org.mozilla.javascript.InterpretedScript.exec(InterpretedScript.java:55)
at org.mozilla.javascript.Context.evaluateReader(Context.java:806)
at org.mozilla.javascript.tools.shell.Main.evaluateReader(Main.java:363)
at org.mozilla.javascript.tools.shell.Main.processSource(Main.java:260)
at org.mozilla.javascript.tools.shell.Main.exec(Main.java:103)
at org.mozilla.javascript.tools.shell.Main.main(Main.java:76)
-------------------------- AFTER THE FIX -------------------------
js> new eval();
js: "<stdin>", line 1: uncaught JavaScript exception:
TypeError: "eval" is not a constructor. (<stdin>; line 1)
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•