Closed
Bug 312351
Opened 20 years ago
Closed 20 years ago
The statement RegExp(null) crashes Firefox
Categories
(Core :: JavaScript Engine, defect, P1)
Tracking
()
VERIFIED
FIXED
mozilla1.8rc1
People
(Reporter: drimbk, Assigned: mrbkap)
Details
(Keywords: crash, verified1.8)
Attachments
(1 file)
|
1.15 KB,
patch
|
shaver
:
review+
brendan
:
approval1.8rc1+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1
When passing null to RegExp constructor, the browser crashes.
Reproducible: Always
Steps to Reproduce:
1. Evaluate RegExp(null) in the JavaScript console
or put it in <script> node in a HTML page.
Actual Results:
crash
Expected Results:
Perhaps construct the regexp /^$/ ? so it'll match only empty strings.
Tested on Ff 1.0.7 and 1.5b2, Tb 1.0.7.
The module is js3250.dll
|
Assignee | |
Comment 1•20 years ago
|
||
Yeah, dereferencing NULL is a quick way do that. Safe patch upcoming.
Assignee: general → mrbkap
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.8rc1?
Keywords: crash
Priority: -- → P1
Target Milestone: --- → mozilla1.8rc1
|
|
Assignee | |
Updated•20 years ago
|
Status: NEW → ASSIGNED
Whiteboard: [patch]
|
|
Assignee | |
Comment 2•20 years ago
|
||
Attachment #199451 -
Flags: review?(brendan)
|
||
Comment 3•20 years ago
|
||
Comment on attachment 199451 [details] [diff] [review]
No dereferencing null, please!
r=shaver
Attachment #199451 -
Flags: review?(brendan) → review+
|
|
Assignee | |
Comment 4•20 years ago
|
||
Fix checked into trunk.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Whiteboard: [patch]
|
|
Assignee | |
Comment 5•20 years ago
|
||
Comment on attachment 199451 [details] [diff] [review]
No dereferencing null, please!
This is a very trivial fix for an easy-to-hit crasher. It is a simple
null-check. The fix only affects callers of the RegExp constructor as a
function with only one argument, which is null.
Attachment #199451 -
Flags: approval1.8rc1?
|
||
Updated•20 years ago
|
Attachment #199451 -
Flags: approval1.8rc1? → approval1.8rc1+
|
||
Comment 6•20 years ago
|
||
Checking in regress-312351.js;
/cvsroot/mozilla/js/tests/ecma_3/RegExp/regress-312351.js,v <-- regress-312351.js
initial revision: 1.1
done
Flags: testcase+
|
||
Comment 7•20 years ago
|
||
since brendan already approved the patch, fixing up the blocker flag.
Flags: blocking1.8rc1? → blocking1.8rc1+
|
|
||
Comment 10•19 years ago
|
||
v 1.8.0.1, 1.8, 1.9a1 20060217 win/linux/mac nightlies
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•