Closed Bug 779215 Opened 12 years ago Closed 12 years ago

CallJS(Native|PropertyOp|PropertyOpSetter) should JS_CHECK_RECURSION

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla17

People

(Reporter: luke, Assigned: luke)

Details

Attachments

(1 file)

fix and all the tests that were failing
4.58 KB, patch
dmandelin
: review+
Details | Diff | Splinter Review 
There are currently 7 open bugs that crash from C stack overflow.  They all involve paths through native functions/propertyops that skip the RunScript JS_CHECK_RECURSION pinchpoint.  Adding a recursion check to these three pinchpoints cover them all.  Hot code should be unaffected since jit code calls into natives directly.
Attachment #647596 - Flags: review?(dmandelin)
Attachment #647596 - Flags: review?(dmandelin) → review+
http://hg.mozilla.org/integration/mozilla-inbound/rev/3ab53aa58514

This should fix a bunch of js too-much-recursion crash fuzzblockers. Thanks Luke! \o/
Target Milestone: --- → mozilla17
https://hg.mozilla.org/mozilla-central/rev/3ab53aa58514
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Setting VERIFIED since tests have landed in the repository as well as in-testsuite+.
Status: RESOLVED → VERIFIED
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: