Closed
Bug 411702
Opened 18 years ago
Closed 18 years ago
Bogus OOM handling in js_InitTokenStream
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: crowderbt, Assigned: crowderbt)
Details
Attachments
(1 file)
|
875 bytes,
patch
|
brendan
:
review+
brendan
:
approval1.9+
|
Details | Diff | Splinter Review |
Following a JS_ARENA_ALLOCATE_CAST, this routine checks one of its input parameters for null, rather than the pointer returned by the allocation (found this while coding a buggy change for arena allocations):
JS_ARENA_ALLOCATE_CAST(buf, jschar *, &cx->tempPool, nb);
if (!ts) {
js_ReportOutOfScriptQuota(cx);
return JS_FALSE;
}
I think the comparison here should be |if (!buf)|
I'll look for other instances of this and submit a patch.
|
Assignee | |
Comment 1•18 years ago
|
||
cc:ing igor since this is near code he's changed recently
|
|
Assignee | |
Comment 2•18 years ago
|
||
This was the only instance of this I could find. Either the code is unclear or there is a bug here.
|
|
Assignee | |
Comment 3•18 years ago
|
||
I r?d brendan because the code doesn't seem to be Igor's, really. The conditional here seems actually to have existed since the lizard was released.
|
||
Comment 4•18 years ago
|
||
Comment on attachment 296400 [details] [diff] [review]
Typo fix?
Oldest bug I've seen in a while -- thanks!
/be
Attachment #296400 -
Flags: review?(brendan)
Attachment #296400 -
Flags: review+
Attachment #296400 -
Flags: approval1.9+
|
|
Assignee | |
Comment 5•18 years ago
|
||
jsscan.c: 3.145
Didn't see any other obvious examples of bugs like this, btw.
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
|
||
Updated•18 years ago
|
Flags: in-testsuite-
Flags: in-litmus-
You need to log in
before you can comment on or make changes to this bug.
Description
•