308394 - recursion crash in JSContext->errorReporter

Status: RESOLVED INVALID

(Core :: JavaScript Engine, defect)

Description

[Celso Aguiar]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6

We get a recursion crash in our errorReporter (stack below).
JS_EvaluateUCScriptForPrincipals calls js_ReportUncaughtException,
which tries to get the exception message via js_ValueToString(cx, exn);
This ends up failing and calling JS_ReportErrorNumber, which calls
our error reporter (iJSErrorReporter), which has a call to
js_ValueToString(cx, exn) and so on. 

Reproducible: Always

Steps to Reproduce:
1. Add the following to my_ErrorReporter in js.c (from project jsshell.exe):
    jsval exn;
    JSString* jss = NULL;
    if (JS_IsExceptionPending(cx)) {
	JS_GetPendingException(cx, &exn);
	jss = JS_ValueToString( cx, exn);
    }

2. From console try something you know will cause an exception to be thrown 
3. When stepping through js_DefaultValue (called from js_ReportUncaughtException
via str = js_ValueToString(cx, exn); make sure v
satisfies the condition !JSVAL_IS_PRIMITIVE(v). If so, you errorReporter will
keep getting called via JS_ReportErrorNumber till crash.

Actual Results:  
Crash due to recursion stack overflow.

Expected Results:  
No crash

This is happening within our application and I've made a tentative to reproduce
it  in the jsshell.exe. I was not able to have v satisfy the
!JSVAL_IS_PRIMITIVE(v) condition in jsshell but that's how it's hapening in our
app. Maybe the Error object has to be a custom Error objectcreated by the SM
client, which is our case.

Comment 1

[Celso Aguiar]

Brendan, this is the max I could come up with in terms of a jsshell.exe
reproducible case. I'll keep trying, but I'm sure you can see how the proposed
code-path would cause the crash.

Comment 2

[Celso Aguiar]

I've filed 309389 in place of this one, on Brendan's request