Closed Bug 227261 Opened 21 years ago Closed 21 years ago

JS_SetTrap can create endless circular list

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 213841

People

(Reporter: pete.diemert, Unassigned)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Build Identifier: 

First off, this is a SpiderMonkey bug (the JavaScript Engine C interface) but 
there was no category for SpiderMonkey so I selected Rhino.

The problem looks fairly simple.  In jsdbgapi.c@112, you add a trap to the 
list of traps with JS_APPEND_LINK(...).  However, in the case of setting the 
same trap more than once the code above will retrieve an existing trap entry.  
In this case, when the entry is re-linked and an endless list is the result.  
The end result is that function such as JS_ClearScriptTraps() will now loop 
indefinately.

Reproducible: Always

Steps to Reproduce:
1.  Set a trap in a script using JS_SetTrap()
2.  Set the same trap again (can simply JS_SetTrap() with same args again)
3.  Call JS_ClearScriptTraps() for script specified in step #1.


Actual Results:  
Endless loop


Expected Results:  
Traps removed successfully, function returns
Forgot to mention, this is using the 1.5 SpiderMonkey tree
Component: Core → JavaScript Engine
Product: Rhino → Browser
Version: other → Trunk
To Pete: to report SM bugs please use Browser as product and JavaScript engine
as componnet.
Assignee: nboyd → general
Please don't file old dups.

/be

*** This bug has been marked as a duplicate of 213841 ***
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.