JS_SetTrap can create endless circular list

VERIFIED DUPLICATE of bug 213841

Status

()

Core
JavaScript Engine
VERIFIED DUPLICATE of bug 213841
15 years ago
15 years ago

People

(Reporter: pete diemert, Unassigned)

Tracking

Trunk
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Build Identifier: 

First off, this is a SpiderMonkey bug (the JavaScript Engine C interface) but 
there was no category for SpiderMonkey so I selected Rhino.

The problem looks fairly simple.  In jsdbgapi.c@112, you add a trap to the 
list of traps with JS_APPEND_LINK(...).  However, in the case of setting the 
same trap more than once the code above will retrieve an existing trap entry.  
In this case, when the entry is re-linked and an endless list is the result.  
The end result is that function such as JS_ClearScriptTraps() will now loop 
indefinately.

Reproducible: Always

Steps to Reproduce:
1.  Set a trap in a script using JS_SetTrap()
2.  Set the same trap again (can simply JS_SetTrap() with same args again)
3.  Call JS_ClearScriptTraps() for script specified in step #1.


Actual Results:  
Endless loop


Expected Results:  
Traps removed successfully, function returns
(Reporter)

Comment 1

15 years ago
Forgot to mention, this is using the 1.5 SpiderMonkey tree

Updated

15 years ago
Component: Core → JavaScript Engine
Product: Rhino → Browser
Version: other → Trunk

Comment 2

15 years ago
To Pete: to report SM bugs please use Browser as product and JavaScript engine
as componnet.
Assignee: nboyd → general
Please don't file old dups.

/be

*** This bug has been marked as a duplicate of 213841 ***
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE

Updated

15 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.