Closed
Bug 333398
Opened 18 years ago
Closed 18 years ago
Heisencode in js_GetAnyName
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: bzbarsky, Assigned: brendan)
References
Details
(Keywords: fixed1.8.1, Whiteboard: [patch])
Attachments
(1 file, 1 obsolete file)
1.02 KB,
patch
|
brendan
:
review+
brendan
:
approval-branch-1.8.1+
|
Details | Diff | Splinter Review |
The checkin for bug 331782 and bug 325526 (revision 3.101 of jsxml.c) introduced the following bug: Valgrind says: ==14871== Conditional jump or move depends on uninitialised value(s) ==14871== at 0x417DE55: js_GetAnyName (jsxml.c:7804) ==14871== by 0x417D011: js_InitAnyNameClass (jsxml.c:7417) ==14871== by 0x417D370: js_InitXMLClasses (jsxml.c:7511) ==14871== by 0x40E54EA: JS_InitStandardClasses (jsapi.c:1172) And indeed, |ok| is declared on line 7752 without being initialized, then in the do/while loop we only set it to false in error cases, and in line 7804 we test it. If it happens to be false then, we'll fail out of parts of standard class init, looks like. I wouldn't be surprised if this caused that drop in Tp and Tdhtml on luna around when those patches went in.
Comment 1•18 years ago
|
||
We only need to set ok before we test it, and we only test it if we break from the loop (and we set ok before each break) or we reach the end of the loop.
Updated•18 years ago
|
Priority: -- → P1
Whiteboard: [patch]
Target Milestone: --- → mozilla1.9alpha
Assignee | ||
Comment 2•18 years ago
|
||
Checking in now -- Blake, can you do the 1.8 branch update? Thanks, and sorry for the trouble (I thought I wrote this early ok assignment already!). /be
Assignee: mrbkap → brendan
Attachment #217805 -
Attachment is obsolete: true
Attachment #217814 -
Flags: review+
Attachment #217814 -
Flags: approval-branch-1.8.1+
Attachment #217805 -
Flags: review?(brendan)
Assignee | ||
Comment 3•18 years ago
|
||
Heading out to ECMA TC39 meeting soon, handing off to Blake (thanks!). The whole of js_GetAnyName, pretty much, along with js_GetFunctionNamespace and the changes for js_LeaveLocalRootScopeWithResult, need to be merged to the 1.8 branch. /be
Assignee: brendan → mrbkap
Status: ASSIGNED → NEW
Flags: blocking1.8.1+
Updated•18 years ago
|
Assignee: mrbkap → brendan
Comment 4•18 years ago
|
||
This is now fixed on the trunk and MOZILLA_1_8_BRANCH.
Updated•18 years ago
|
Flags: in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•