Closed Bug 325479 Opened 17 years ago Closed 17 years ago

Failure to free a JSScript in obj_eval

Categories

(Core :: JavaScript Engine, defect, P2)

x86
Linux
defect

Tracking

()

RESOLVED FIXED
mozilla1.9alpha1

People

(Reporter: mrbkap, Assigned: mrbkap)

References

Details

(Keywords: fixed1.8.0.2, fixed1.8.1, Whiteboard: [tcn-dl])

Attachments

(1 file)

Michael Daumling pointed this out in a private e-mail to brendan. I've checked in a fix for it on the trunk, but we should fix it on the branch too, since it's such a simple fix.

The code in question is:
    ok = js_CheckPrincipalsAccess(cx, scopeobj, principals, js_eval_str);
    if (!ok)
        goto out;

    ok = js_Execute(cx, scopeobj, script, caller, JSFRAME_EVAL, rval);
    JS_DestroyScript(cx, script);

out:

I'll attach a patch for branch consideration in a second.
Attached patch Branch patchSplinter Review
This is the patch I checked in (backported to the paramaterization changes for js_CheckPrincipalsAccess). Brendan, mind stamping this for posterity?
Assignee: general → mrbkap
Status: NEW → ASSIGNED
Attachment #210375 - Flags: review?(brendan)
Attachment #210375 - Flags: branch-1.8.1?(brendan)
Attachment #210375 - Flags: approval1.8.0.2?
This is already fixed on the trunk, marking it as such.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Priority: -- → P2
Resolution: --- → FIXED
Comment on attachment 210375 [details] [diff] [review]
Branch patch

Another no-braner ;-).

/be
Attachment #210375 - Flags: review?(brendan)
Attachment #210375 - Flags: review+
Attachment #210375 - Flags: branch-1.8.1?(brendan)
Attachment #210375 - Flags: branch-1.8.1+
Attachment #210375 - Flags: approval1.8.0.2?
Attachment #210375 - Flags: approval1.8.0.2+
Flags: testcase-
Fix checked into the 1.8 branches.
Please provide a testcase and/or testing guidance for this fix.
Whiteboard: [tcn-dl]
You need to log in before you can comment on or make changes to this bug.