or just var r3="-1"; r3++;
backing out bug 316885 stops the crash Apparently I can't make the dependency because I'm not in the security group.
Created attachment 204148 [details] [diff] [review] fix I'm about to check this in. /be
Comment on attachment 204148 [details] [diff] [review] fix r=shaver. (This looks like code I misreviewed before, alas.)
Created attachment 204149 [details] [diff] [review] the right fix We need that extra stack slot for all post-increment operator forms except name ops (which consume no stack slots, and produce one slot, so we can "pre-use" that result slot for the pre-increment result). /be
Comment on attachment 204149 [details] [diff] [review] the right fix r=shaver, makes sense. (Though after my review history on this bug, one wonders what value I'm adding here!)
*** Bug 317697 has been marked as a duplicate of this bug. ***
*** Bug 318066 has been marked as a duplicate of this bug. ***
/cvsroot/mozilla/js/tests/js1_5/Regress/regress-317714-01.js,v <-- regress-317714-01.js initial revision: 1.1 /cvsroot/mozilla/js/tests/js1_5/Regress/regress-317714-02.js,v <-- regress-317714-02.js initial revision: 1.1
This is required for nominated blocker bug 316885 -- I assume the first patch is obsolete? Please put approval requests on the right patch
It looks like only the second patch landed on the trunk.
Comment on attachment 204149 [details] [diff] [review] the right fix a=dveditz for drivers
v 2006-01-11 184.108.40.206, 1.8.1, trunk windows/linux/mac
Not needed on aviary101/moz17 branches per caillon in bug 316885
No crash on Firefox 1.0.x/Mozilla 1.7.x from 2006-02-02 on winxp or linux.