large sharp variable numbers are silently rounded down

VERIFIED FIXED

Status

()

Core
JavaScript Engine
VERIFIED FIXED
11 years ago
11 years ago

People

(Reporter: shutdown, Assigned: shutdown)

Tracking

({verified1.8.0.12, verified1.8.1.4})

Trunk
verified1.8.0.12, verified1.8.1.4
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

11 years ago
Created attachment 253494 [details] [diff] [review]
use the appropriate limit

Without the patch:

$ dbg.obj/js -e "print(function(){ return #65535#, #65536#; });"
function () {
    return #65535#, #0#;
}

With the patch:

$ dbg.obj/js -e "print(function(){ return #65535#, #65536#; });"
-e:1: SyntaxError: overlarge sharp variable number:
-e:1: print(function(){ return #65535#, #65536#; });
-e:1: ..................................^
Attachment #253494 - Flags: review?(brendan)
Comment on attachment 253494 [details] [diff] [review]
use the appropriate limit

Yikes! Why'd I couple to the wrong limit (no atom index [JOF_CONST format] ops for sharp var numbers, they're 16-bit [JOF_UINT16]).

Thanks for patching this, I will check it in now.

/be
Attachment #253494 - Flags: review?(brendan)
Attachment #253494 - Flags: review+
Attachment #253494 - Flags: approval1.8.1.3?
Attachment #253494 - Flags: approval1.8.0.11?
Safe rider for patch releases.

js/src/jsscan.c 3.119

Patch I landed in a sec, for posterity.

/be
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Created attachment 255286 [details] [diff] [review]
use UINT16_LIMIT from jsopcode.h

Pedantic, but I figured it might help future opcode format readers and revisers.

/be
Comment on attachment 255286 [details] [diff] [review]
use UINT16_LIMIT from jsopcode.h

This is the one that should ride along.

/be
Attachment #255286 - Flags: review+
Attachment #255286 - Flags: approval1.8.1.3?
Attachment #255286 - Flags: approval1.8.0.11?

Updated

11 years ago
Attachment #253494 - Attachment is obsolete: true
Attachment #253494 - Flags: review+
Attachment #253494 - Flags: approval1.8.1.3?
Attachment #253494 - Flags: approval1.8.0.11?

Comment 5

11 years ago
/cvsroot/mozilla/js/tests/js1_5/extensions/regress-368859.js,v  <--  regress-368859.js
Flags: in-testsuite+

Comment 6

11 years ago
verified fixed 20070217 1.9.0 windows/mac*/linux
Status: RESOLVED → VERIFIED
Comment on attachment 255286 [details] [diff] [review]
use UINT16_LIMIT from jsopcode.h

approved for 1.8/1.8.0 branches, a=dveditz for drivers
Attachment #255286 - Flags: approval1.8.1.4?
Attachment #255286 - Flags: approval1.8.1.4+
Attachment #255286 - Flags: approval1.8.0.12?
Attachment #255286 - Flags: approval1.8.0.12+
Whiteboard: needs branch landing
Whiteboard: needs branch landing → needs branch landing (brendan did trunk)

Comment 8

11 years ago
Landed on branches:

1.8   - jsscan.c: 3.81.2.28
1.8.0 - jsscan.c: 3.81.2.7.2.10
Keywords: fixed1.8.0.12, fixed1.8.1.4

Comment 9

11 years ago
For 1.8.0, we don't have the UINT16_LIMIT define, so I am just using ((uintN)1 << 16) directly.

jsscan.c: 3.81.2.7.2.11

Comment 10

11 years ago
verified fixed windows, macppc, linux 1.8.0, 1.8.1 20070420 shell.
Keywords: fixed1.8.0.12, fixed1.8.1.4 → verified1.8.0.12, verified1.8.1.4
Whiteboard: needs branch landing (brendan did trunk)
You need to log in before you can comment on or make changes to this bug.