js_DumpObject can't handle objects that share proto's scope

RESOLVED FIXED

Status

()

Core
JavaScript Engine
RESOLVED FIXED
10 years ago
10 years ago

People

(Reporter: jorendorff, Assigned: jorendorff)

Tracking

Trunk
Points:
---
Bug Flags:
in-testsuite -
in-litmus -

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

10 years ago
Created attachment 341314 [details] [diff] [review]
fix

Objects with no 'own properties' share their proto's scope; calling js_DumpObject on such an object can crash because the object doesn't have the slots that the scope describes.

With the patch, it'll print "no own properties - see proto".

(trivial) The patch also adds a newline that was missing before.
Attachment #341314 - Flags: review?(crowder)

Updated

10 years ago
Attachment #341314 - Flags: review?(crowder) → review+
Comment on attachment 341314 [details] [diff] [review]
fix

>diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp
>+        sharesScope = (proto && scope == OBJ_SCOPE(proto));

Drive-by question: this could also be written as 'sharesScope = scope->obj == obj;' right?
(In reply to comment #1)
> (From update of attachment 341314 [details] [diff] [review])
> >diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp
> >+        sharesScope = (proto && scope == OBJ_SCOPE(proto));
> 
> Drive-by question: this could also be written as 'sharesScope = scope->obj ==
> obj;' right?

That's the faster way (and clearer, maybe) way to test.

/be
(Assignee)

Comment 3

10 years ago
I changed that line to say
  sharesScope = (scope->obj != obj);

http://hg.mozilla.org/mozilla-central/rev/765855ec09b0
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED

Updated

10 years ago
Flags: in-testsuite-
Flags: in-litmus-
You need to log in before you can comment on or make changes to this bug.