Closed
Bug 428366
Opened 17 years ago
Closed 17 years ago
Assertion failure after deleting eval 16 times
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: mrbkap, Assigned: mrbkap)
References
Details
(Keywords: regression, testcase)
Attachments
(1 file)
|
3.54 KB,
patch
|
brendan
:
review+
mtschrep
:
approval1.9+
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #416834 +++
this.__proto__.x = eval;
for (i = 0; i < 16; ++i) delete eval;
(function w() { x = 1; })();
In bug 416834, the above testcase was causing unexpected prototype chains of length 16. This is because when we resolve 'eval' in JS_ResolveStandardClass, we call js_InitObjectClass, which is not idempotent. The patch in the other bug fixes the assertion in the property cache, but not the underlying problem. I have a patch to do so.
Attachment #314916 -
Flags: review?(brendan)
|
||
Comment 1•17 years ago
|
||
Comment on attachment 314916 [details] [diff] [review]
Proposed fix
Great!
/be
Attachment #314916 -
Flags: review?(brendan) → review+
|
|
||
Comment 2•17 years ago
|
||
Comment on attachment 314916 [details] [diff] [review]
Proposed fix
This is safe, it's a missing part of the change for bug 352045, so fixes a regression from Firefox 2.
/be
Attachment #314916 -
Flags: approval1.9?
|
|
||
Updated•17 years ago
|
Keywords: regression
|
||
Updated•17 years ago
|
Attachment #314916 -
Flags: approval1.9? → approval1.9+
|
Assignee | |
Updated•17 years ago
|
Keywords: checkin-needed
|
||
Comment 3•17 years ago
|
||
jsapi.c: 3.443
jsobj.c: 3.465
jsobj.h: 3.103
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
||
Updated•17 years ago
|
Assignee: general → mrbkap
Keywords: checkin-needed
|
||
Comment 4•17 years ago
|
||
(In reply to comment #0)
mrbkap: who has the prototype chain of length 16?
|
|
||
Comment 5•16 years ago
|
||
added test http://hg.mozilla.org/mozilla-central/rev/1305b9b2633b and cvs.
Flags: in-testsuite+
Flags: in-litmus-
You need to log in
before you can comment on or make changes to this bug.
Description
•