Closed
Bug 485502
Opened 15 years ago
Closed 15 years ago
Pointer target goes out of scope.
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jbramley, Unassigned)
References
Details
Note: This is a bug that was introduced as a result of the patches for bug #480796. However, as that bug has already checked in, I wasn't sure whether I should add a comment there or create a new bug. The LIR file (nanojit/LIR.cpp) creates an array for soft float arguments and then redirects the old "args" pointer to point to it. This worked fine when the preprocessor was used to conditionally include this code. However, now that this check is done at run-time, the new array is allocated on the stack inside an "if" statement. Of course, after the block, the array is out of scope. The offending change is linked here: https://bugzilla.mozilla.org/attachment.cgi?id=368150&action=diff#a/js/src/nanojit/LIR.cpp_sec1
Comment 1•15 years ago
|
||
Regressor blocks regressee, so anyone cherry-picking the latter knows they need to take the former. /be
This is fixed by bug 484606 -- the code goes away entirely.
Depends on: 484606
Should be fixed by bug 484606 checkin.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•