Closed Bug 315797 Opened 19 years ago Closed 19 years ago

js_Interpret uses undefined variables on recursion error

Categories

(Core :: JavaScript Engine, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

VERIFIED FIXED

People

(Reporter: daumling, Assigned: mrbkap)

References

Details

(Keywords: js1.6, verified1.8.0.1, verified1.8.1, Whiteboard: [need testcase])

Attachments

(1 file)

When I ran the test js1_5/Regress/96128-n.js, the test hit a recursion error as expected. In jsinterp.c, line 1832, the code jumped to out2. Here (line 5428), VC++ reported the usage of uninitialized variables mark and sp.

Could be with my test setup, but could also be a potential crasher. Please investigate.
It looks like the only two uses of out2 are before mark, fp->sp, or fp->spbase are set.
Assignee: general → mrbkap
Status: NEW → ASSIGNED
Attachment #202461 - Flags: review?(brendan)
Comment on attachment 202461 [details] [diff] [review]
Don't use variables before they're assigned to

Good grief.

/be
Attachment #202461 - Flags: review?(brendan) → review+
Bob, please get this on the 1.6 mini-branch when it's cut.  Thanks,

/be
Keywords: js1.6
Checked into trunk.

Thanks for the heads up, Mike.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Flags: blocking1.8.0.1+
Flags: testcase-
Comment on attachment 202461 [details] [diff] [review]
Don't use variables before they're assigned to

This is another patch that should go into the branches ASAP.  It should not be subject to any quota on fixes.  It's zero risk.

/be
Attachment #202461 - Flags: approval1.8.1?
Attachment #202461 - Flags: approval1.8.0.1?
Comment on attachment 202461 [details] [diff] [review]
Don't use variables before they're assigned to

a=drivers, mark fixed1.* flags when checked in
Attachment #202461 - Flags: approval1.8.1?
Attachment #202461 - Flags: approval1.8.1+
Attachment #202461 - Flags: approval1.8.0.1?
Attachment #202461 - Flags: approval1.8.0.1+
Fix checked into branches.
Any quick way to verify this fix?  Anyone have a testcase to use?
Whiteboard: [need testcase]
The easiest way to verify a bug like this would be to look at the source code and visually verify that the obj2 label is placed after all uses of mark, fp->sp and fp->spbase; it would be nice if compilers would do this sort of checking at compile time well enough to verify that way.
v. by inspection.

/be
Status: RESOLVED → VERIFIED
Adding the verified keyword per Brendan's Comment 10.
v by bonsai:
2006-01-06 14:58	mrbkap%gmail.com 	mozilla/js/src/jsinterp.c 	3.181.2.17.2.1 	MOZILLA_1_8_0_BRANCH  	2/1  	bug 315797: Fix a misplaced labels. r=brendan a=dveditz
2006-01-06 14:57	mrbkap%gmail.com 	mozilla/js/src/jsinterp.c 	3.181.2.18 	MOZILLA_1_8_BRANCH  	2/1 
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: