Closed
Bug 1595260
Opened 5 years ago
Closed 5 years ago
Too-large shift amount possible at OrderedHashTable.h:623, e.g. with basic/bug1236476.js
Categories
(Core :: JavaScript Engine, defect, P3)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla72
| Tracking | Status | |
|---|---|---|
| firefox72 | --- | fixed |
People
(Reporter: Waldo, Assigned: Waldo)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
For example,
[jwalden@find-waldo-now src]$ python jit-test/jit_test.py dbg/js/src/js basic/bug1236476.js
/home/jwalden/moz/after/js/src/ds/OrderedHashTable.h:623:14: runtime error: shift exponent 32 is too large for 32-bit type 'int'
This is a 1 << (...) expression that's the return value from a function that returns uint32_t. Simply changing the 1 to be uint32_t isn't an adequate fix, interestingly, if the exponent-of-32 is accurate. So this could be more interesting than these bad-shift-amount sorts of bugs tend to be...
|
||
Updated•5 years ago
|
Priority: -- → P3
|
Assignee | |
Comment 1•5 years ago
|
||
Pushed by jwalden@mit.edu: https://hg.mozilla.org/integration/autoland/rev/f18d343c7f9d Allow OrderedHash{Map,Set} to be safely destroyed in cases where it was never successfully initialized. r=sfink
|
||
Comment 3•5 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox72:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in
before you can comment on or make changes to this bug.
Description
•