Closed
Bug 494954
Opened 15 years ago
Closed 15 years ago
JS_GetScriptLineExtent() does not returns the right value
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla1.9.1
People
(Reporter: soubok, Assigned: brendan)
References
Details
(Keywords: fixed1.9.1, Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
|
1.21 KB,
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Build Identifier: trunk
The following script:
function foo( obj ) {
obj = 1;
obj = 1;
}
Triggers NewScriptHook with:
New debug.js:1 extent:1 - foo - lvl:1 - ptr:00A7CF68
New debug.js:1 extent:5 - - lvl:0 - ptr:00A7D170
(printf( "New %s:%d extent:%d - %s - lvl:%d - ptr:%p\n", filename, lineno, JS_GetScriptLineExtent(cx, script), fun ? JS_GetFunctionName(fun):"", script->staticLevel, script );)
Reproducible: Always
|
||
Updated•15 years ago
|
Group: core-security
Flags: blocking1.9.1?
|
|
||
Comment 1•15 years ago
|
||
We have a spurious SRC_SETLINE note at the end of the function. js> dis(foo) flags: NULL_CLOSURE main: 00000: one 00001: setarg 0 00004: pop 00005: one 00006: setarg 0 00009: pop 00010: stop Source notes: 0: 0 [ 0] setline lineno 3 2: 5 [ 5] newline 3: 10 [ 5] setline lineno 1
Assignee: general → jorendorff
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
||
Comment 2•15 years ago
|
||
(gdb) f 2
#2 0x08099b61 in js_EmitTree (cx=0x86441d8, cg=0x865dc20, pn=0x865d920) at ../jsemit.cpp:6783
6783 if (!UpdateLineNumberNotes(cx, cg, pn->pn_pos.end.lineno))
(gdb) p pn->pn_pos
$1 = {begin = {index = 14, lineno = 1}, end = {index = 17, lineno = 1}}
with the stack shown below.
#0 js_NewSrcNote2 (cx=0x86441d8, cg=0x865dc20, type=SRC_SETLINE, offset=1) at ../jsemit.cpp:6906
#1 0x0808d67f in UpdateLineNumberNotes (cx=0x86441d8, cg=0x865dc20, line=1) at ../jsemit.cpp:3535
#2 0x08099b61 in js_EmitTree (cx=0x86441d8, cg=0x865dc20, pn=0x865d920) at ../jsemit.cpp:6783
#3 0x08099c56 in js_EmitFunctionScript (cx=0x86441d8, cg=0x865dc20, body=0x865d920) at ../jsemit.cpp:3498
#4 0x08091a0e in js_EmitTree (cx=0x86441d8, cg=0xbfef4ee8, pn=0x865d880) at ../jsemit.cpp:4297
#5 0x080feadd in JSCompiler::compileScript (cx=0x86441d8, scopeChain=0x8647000, callerFrame=0x0, principals=0x0, tcflags=24576,
chars=0x0, length=0, file=0x865d268, filename=0x8655fd0 "crasher.js", lineno=1, source=0x0) at ../jsparse.cpp:896
#6 0x0805673f in JS_CompileFile (cx=0x86441d8, obj=0x8647000, filename=0x8655fd0 "crasher.js") at ../jsapi.cpp:4784
#7 0x08051109 in Load (cx=0x86441d8, obj=0x8647000, argc=1, argv=0x865b270, rval=0xbfef51a0) at ../../shell/js.cpp:890
...|
|
||
Updated•15 years ago
|
Group: core-security
|
Assignee | |
Comment 3•15 years ago
|
||
Assignee: jorendorff → brendan
Attachment #380021 -
Flags: review?(mrbkap)
|
|
Assignee | |
Comment 4•15 years ago
|
||
This should block. /be
Blocks: 462704
OS: Windows XP → All
Priority: -- → P1
Hardware: x86 → All
Target Milestone: --- → mozilla1.9.1
|
||
Updated•15 years ago
|
Attachment #380021 -
Flags: review?(mrbkap) → review+
|
|
Assignee | |
Comment 6•15 years ago
|
||
Fixed in tm: http://hg.mozilla.org/tracemonkey/rev/e7a08f46b514 /be
Whiteboard: fixed-in-tracemonkey
|
||
Comment 7•15 years ago
|
||
How would I succeed at getting more of the line number bugs fixed? For example, 488730
|
|
Assignee | |
Comment 8•15 years ago
|
||
(In reply to comment #7) > How would I succeed at getting more of the line number bugs fixed? For example, > 488730 Get bugs like that in the right component, and cc: peers and owner, for a start. :-/ /be
|
||
Comment 10•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/e7a08f46b514
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
|
||
Comment 11•15 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/1e46b279b508
Keywords: fixed1.9.1
You need to log in
before you can comment on or make changes to this bug.
Description
•