Closed
Bug 456494
Opened 16 years ago
Closed 16 years ago
TM: crash on JSOP_CALL with apply and argc > nargs
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla1.9.1b1
People
(Reporter: dvander, Assigned: gal)
References
Details
(Keywords: testcase)
Attachments
(2 files)
|
116 bytes,
application/x-javascript
|
Details | |
|
921 bytes,
patch
|
brendan
:
review+
|
Details | Diff | Splinter Review |
Originally from bug 455784, hunk from patch got backed out. apply() with arguments when argc > nargs tries to import invalid args.
|
||
Updated•16 years ago
|
Assignee: general → danderson
OS: Linux → All
Hardware: PC → All
Target Milestone: --- → mozilla1.9.1b1
|
Assignee | |
Comment 1•16 years ago
|
||
Assignee: danderson → gal
Attachment #340249 -
Flags: review?(brendan)
|
|
Assignee | |
Updated•16 years ago
|
Attachment #340249 -
Attachment is patch: true
Attachment #340249 -
Attachment mime type: application/octet-stream → text/plain
|
|
||
Updated•16 years ago
|
Attachment #340249 -
Flags: review?(brendan) → review+
|
|
||
Comment 2•16 years ago
|
||
Comment on attachment 340249 [details] [diff] [review] Abort if arguments.length is unequal to nargs of the function we try to use apply on. r=me with one-line comment about how we import only up to fp->fun->nargs. /be
|
|
Assignee | |
Comment 3•16 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/487cb5edf3c8
|
|
Assignee | |
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
||
Comment 4•16 years ago
|
||
/cvsroot/mozilla/js/tests/js1_5/Regress/regress-456494.js,v <-- regress-456494.js initial revision: 1.1 http://hg.mozilla.org/mozilla-central/rev/f0e9fd501e63
Flags: in-testsuite+
Flags: in-litmus-
You need to log in
before you can comment on or make changes to this bug.
Description
•