Closed Bug 485502 Opened 15 years ago Closed 15 years ago

Pointer target goes out of scope.

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
ARM
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jbramley, Unassigned)

References

Details

Note: This is a bug that was introduced as a result of the patches for bug #480796. However, as that bug has already checked in, I wasn't sure whether I should add a comment there or create a new bug.

The LIR file (nanojit/LIR.cpp) creates an array for soft float arguments and then redirects the old "args" pointer to point to it. This worked fine when the preprocessor was used to conditionally include this code. However, now that this check is done at run-time, the new array is allocated on the stack inside an "if" statement. Of course, after the block, the array is out of scope.

The offending change is linked here: https://bugzilla.mozilla.org/attachment.cgi?id=368150&action=diff#a/js/src/nanojit/LIR.cpp_sec1
Regressor blocks regressee, so anyone cherry-picking the latter knows they need to take the former.

/be
Blocks: 480796
No longer depends on: 480796
This is fixed by bug 484606 -- the code goes away entirely.
Depends on: 484606
Should be fixed by bug 484606 checkin.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.