Closed Bug 350288 Opened 18 years ago Closed 18 years ago

Crash decompiling "let" for "has no properties" message

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 346642

People

(Reporter: jruderman, Unassigned)

Details

(Keywords: crash, testcase)

> javascript:let(x) ({ a : b }) = let (y = 3) null Error: "let (3 = 3) null has no properties" This incorrect error message might be a hint as to why the slightly more complicated statement below causes a crash. "let (3 = 3)" reminds me of bug 349493. > javascript:let (x=3, y=3) ({ a : b }) = let (y = 3) null Crash! Dereferencing 0xddsomething! Thread 0 Crashed: 0 strlen + 8 1 cvt_s + 92 (jsprf.c:390) 2 dosprintf + 3272 (jsprf.c:1008) 3 JS_vsmprintf + 92 (jsprf.c:1156) 4 Sprint + 76 (jsopcode.c:421) 5 Decompile + 19268 (jsopcode.c:2000) 6 js_DecompileCode + 440 (jsopcode.c:3107) 7 js_DecompileValueGenerator + 2044 (jsopcode.c:3459) 8 js_ValueToNonNullObject + 112 (jsobj.c:4478) 9 js_Interpret + 64260 (jsinterp.c:3782) 5 Decompile + 19268 (jsopcode.c:2000) 2000 todo = Sprint(&ss->sprinter, "%s%s = %s", 2001 VarPrefix(sn), lval, rval); (gdb) p lval $1 = 0xddb69b0a <Address 0xddb69b0a out of bounds> (gdb) p rval $2 = 0x2dbc037 "3" (gdb) p VarPrefix(sn) $3 = 0x1130ecc "" (gdb) p sn $4 = (jssrcnote *) 0x0
Beware of dup'ing bug 346642 (which I will fix shortly). Destructuring forms do not decompile, you get crashes and other malfunctions. /be *** This bug has been marked as a duplicate of 346642 ***
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Group: security
A testcase for this bug was already added in the original bug (bug 346642).
Flags: in-testsuite-
You need to log in before you can comment on or make changes to this bug.