Closed
Bug 779215
Opened 12 years ago
Closed 12 years ago
CallJS(Native|PropertyOp|PropertyOpSetter) should JS_CHECK_RECURSION
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
mozilla17
People
(Reporter: luke, Assigned: luke)
Details
Attachments
(1 file)
4.58 KB,
patch
|
dmandelin
:
review+
|
Details | Diff | Splinter Review |
There are currently 7 open bugs that crash from C stack overflow. They all involve paths through native functions/propertyops that skip the RunScript JS_CHECK_RECURSION pinchpoint. Adding a recursion check to these three pinchpoints cover them all. Hot code should be unaffected since jit code calls into natives directly.
Attachment #647596 -
Flags: review?(dmandelin)
Updated•12 years ago
|
Attachment #647596 -
Flags: review?(dmandelin) → review+
Comment 1•12 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/3ab53aa58514 This should fix a bunch of js too-much-recursion crash fuzzblockers. Thanks Luke! \o/
Target Milestone: --- → mozilla17
Comment 2•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/3ab53aa58514
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Comment 3•12 years ago
|
||
Setting VERIFIED since tests have landed in the repository as well as in-testsuite+.
Status: RESOLVED → VERIFIED
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•