Closed
Bug 428366
Opened 16 years ago
Closed 16 years ago
Assertion failure after deleting eval 16 times
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: mrbkap, Assigned: mrbkap)
References
Details
(Keywords: regression, testcase)
Attachments
(1 file)
|
3.54 KB,
patch
|
brendan
:
review+
mtschrep
:
approval1.9+
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #416834 +++ this.__proto__.x = eval; for (i = 0; i < 16; ++i) delete eval; (function w() { x = 1; })(); In bug 416834, the above testcase was causing unexpected prototype chains of length 16. This is because when we resolve 'eval' in JS_ResolveStandardClass, we call js_InitObjectClass, which is not idempotent. The patch in the other bug fixes the assertion in the property cache, but not the underlying problem. I have a patch to do so.
Attachment #314916 -
Flags: review?(brendan)
|
||
Comment 1•16 years ago
|
||
Comment on attachment 314916 [details] [diff] [review] Proposed fix Great! /be
Attachment #314916 -
Flags: review?(brendan) → review+
|
|
||
Comment 2•16 years ago
|
||
Comment on attachment 314916 [details] [diff] [review] Proposed fix This is safe, it's a missing part of the change for bug 352045, so fixes a regression from Firefox 2. /be
Attachment #314916 -
Flags: approval1.9?
|
|
||
Updated•16 years ago
|
Keywords: regression
|
||
Updated•16 years ago
|
Attachment #314916 -
Flags: approval1.9? → approval1.9+
|
Assignee | |
Updated•16 years ago
|
Keywords: checkin-needed
|
||
Comment 3•16 years ago
|
||
jsapi.c: 3.443 jsobj.c: 3.465 jsobj.h: 3.103
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
||
Updated•16 years ago
|
Assignee: general → mrbkap
Keywords: checkin-needed
|
||
Comment 4•16 years ago
|
||
(In reply to comment #0) mrbkap: who has the prototype chain of length 16?
|
|
||
Comment 5•16 years ago
|
||
added test http://hg.mozilla.org/mozilla-central/rev/1305b9b2633b and cvs.
Flags: in-testsuite+
Flags: in-litmus-
You need to log in
before you can comment on or make changes to this bug.
Description
•