Closed Bug 355025 Opened 18 years ago Closed 18 years ago

Regression: Iterator() does not work any longer

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: igor, Assigned: igor)

References

Details

(Keywords: verified1.8.1, Whiteboard: [sg:nse] js1.7, regression from security bug)

Attachments

(2 files)

Fix v1
1.85 KB, patch
brendan
: review+
mtschrep
: approval1.8.1+
Details | Diff | Splinter Review
js1_7/iterable/regress-355025.js
2.29 KB, text/plain
Details 
My patch for security-restricted bug 354750 introduced a regression. Now Iterator(obj) would not construct a default iterator but throw an exception about value-is-not-a-function, only new Iterator(obj) would.
The test case is trivial:

js> Iterator([])
Iterator([])
aaaa
typein:1: TypeError: Iterator([]) is not a function
js>
Attached patch Fix v1Splinter Review 
A better solution would be to call js_ValueToIterator when Iterator is called as a function, but that would require to pass JSITER_ENUMERATE from the interpreter to js_ValueToIterator and increase the patch. So the cleanup should wait bug 354982.
Attachment #240814 - Flags: review?(brendan)
Blocks: 354982
Comment on attachment 240814 [details] [diff] [review]
Fix v1

>     id = ATOM_TO_JSID(cx->runtime->atomState.iteratorAtom);
>-    return JS_GetMethodById(cx, obj, id, &obj, &fval) &&
>-           js_InternalCall(cx, obj, fval, argc - 1, argv + 1, rval);
>+    if (!JS_GetMethodById(cx, obj, id, &obj2, &fval))

I made the same mistake in the past, and should have caught this.  FWIW, I'll review one more time, but my record isn't good.

>+        return JS_FALSE;
>+    
>+    if (JSVAL_IS_VOID(fval)) {
>+        /* Fail over to the default enumerating native iterator. */
>+        keyonly = JS_FALSE;
>+        return js_ValueToBoolean(cx, argv[1], &keyonly) &&
>+               js_NewNativeIterator(cx, obj,
>+                                    keyonly ? 0 : JSITER_FOREACH,
>+                                    rval);
>+    }

The lack of Object.prototype.__iterator__ requires this, yeah.  Is it needed anywhere else?

Drivers: this is needed as a < 1-day turnaround regression fix for 1.8.1.

/be
Attachment #240814 - Flags: review?(brendan)
Attachment #240814 - Flags: review+
Attachment #240814 - Flags: approval1.8.1?
Blocks: geniter
(In reply to comment #3)
> The lack of Object.prototype.__iterator__ requires this, yeah.  Is it needed
> anywhere else?

Well, after creating the initial patch for bug 354982 I think this is the only place as there are no other places besides js_NewNativeIterator that create iterator instances. 
I committed the patch from comment 2 to the trunk:

Checking in jsiter.c;
/cvsroot/mozilla/js/src/jsiter.c,v  <--  jsiter.c
new revision: 3.46; previous revision: 3.45
done
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Comment on attachment 240814 [details] [diff] [review]
Fix v1

Approved for RC2.
Attachment #240814 - Flags: approval1.8.1? → approval1.8.1+
I committed the patch from comment 2 to MOZILLA_1_8_BRANCH:

Checking in jsiter.c;
/cvsroot/mozilla/js/src/jsiter.c,v  <--  jsiter.c
new revision: 3.17.2.21; previous revision: 3.17.2.20
done
Keywords: fixed1.8.1
Flags: in-testsuite+
Whiteboard: [sg:nse] regression from security bug
verified fixed 1.8 1.9 20061002 windows/linux 1.8 macppc
Status: RESOLVED → VERIFIED
Keywords: fixed1.8.1verified1.8.1
Whiteboard: [sg:nse] regression from security bug → [sg:nse] js1.7, regression from security bug
Group: security
/cvsroot/mozilla/js/tests/js1_7/iterable/regress-355025.js,v  <--  regress-355025.js
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: