1032954 - TestingFunctions.cpp's SaveStack can assert on an empty stack

Status: RESOLVED FIXED

(Core :: JavaScript Engine, defect)

Description

[Jim Blandy :jimb]

Calling the 'saveStack' JavaScript function from js/src/buitin/TestingFunctions.cpp will assert if there are no JS frames on the stack.

If there are no JS frames on the stack, then JS::CaptureCurrentStack returns nullptr, which the call to args.rval().setObject in SaveStack will choke on. If that call is changed to setObjectOrNull, it should be fine.

I don't have steps to reproduce this, because the JS shell has no way to invoke functions directly, without the global script's stack frame at the base of the stack. However, in the browser, one can do things like:

  setTimeout(fn, 0)

to call fn with no older frames.

Comment 1

[Nick Fitzgerald [:fitzgen] [⏰PST; UTC-8]]

Attachment: save-stack-no-frames.patch

This should hopefully be a quick and easy review ;)

Try push: https://tbpl.mozilla.org/?tree=Try&rev=81982a7ca2cd

Comment 2

[Jim Blandy :jimb]

Comment on attachment 8449748 [details] [diff] [review]
save-stack-no-frames.patch

Review of attachment 8449748 [details] [diff] [review]:
-----------------------------------------------------------------

Well, the solution seems kind of involved, and it'll be hard to anticipate the repercussions, but I don't see that we have any choice but to see how the impact on Firefox's overall architecture plays out.

Comment 3

[Jim Blandy :jimb]

https://hg.mozilla.org/integration/mozilla-inbound/rev/e5c3ab97e944

Comment 4

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/e5c3ab97e944