Closed
Bug 509143
Opened 14 years ago
Closed 14 years ago
js_CloneRegExp is missing a call to js_SetLastIndex
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | beta1-fixed |
People
(Reporter: Waldo, Assigned: igor)
References
Details
(Whiteboard: fixed-in-tracemonkey)
Attachments
(2 files, 4 obsolete files)
|
3.82 KB,
text/plain
|
Details | |
|
10.57 KB,
patch
|
igor
:
review+
|
Details | Diff | Splinter Review |
Fallout from bug 493457.
|
Assignee | |
Comment 1•14 years ago
|
||
Besides adding the missed SetLastIndex call the patch cleanups lastIndex access to access fixed slots directly.
Attachment #393632 -
Flags: review?(jwalden+bmo)
|
|
Assignee | |
Comment 2•14 years ago
|
||
The updated patch inlines js_ClearRegExpLastIndex.
Attachment #393632 -
Attachment is obsolete: true
Attachment #394301 -
Flags: review?(jwalden+bmo)
Attachment #393632 -
Flags: review?(jwalden+bmo)
|
|
Assignee | |
Updated•14 years ago
|
Attachment #394301 -
Flags: review?(jwalden+bmo) → review?(mrbkap)
|
||
Comment 3•14 years ago
|
||
Comment on attachment 394301 [details] [diff] [review] v2 >@@ -5323,17 +5352,17 @@ js_XDRRegExpObject(JSXDRState *xdr, JSOb > if (!obj) > return JS_FALSE; > STOBJ_CLEAR_PARENT(obj); > STOBJ_CLEAR_PROTO(obj); > re = js_NewRegExp(xdr->cx, NULL, source, (uint8)flagsword, JS_FALSE); > if (!re) > return JS_FALSE; > obj->setPrivate(re); >- if (!js_SetLastIndex(xdr->cx, obj, 0)) >+ js_ClearRegExpLastIndex(0); > return JS_FALSE; You need to nuke the return here. r=mrbkap with that.
Attachment #394301 -
Flags: review?(mrbkap) → review+
|
|
Assignee | |
Comment 4•14 years ago
|
||
The new patch fixes the issue from the comment 3.
Attachment #394301 -
Attachment is obsolete: true
Attachment #394856 -
Flags: review+
|
|
Assignee | |
Comment 5•14 years ago
|
||
The previous attachment has a wrong patch.
Attachment #394856 -
Attachment is obsolete: true
Attachment #394865 -
Flags: review+
|
|
Assignee | |
Comment 6•14 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/5819b38a8686 I may not be available for longer today, so if any troubles, please backout this from Tracemonkey.
Whiteboard: fixed-in-tracemonkey
|
||
Comment 7•14 years ago
|
||
backed out, crash attached
|
|
||
Updated•14 years ago
|
Whiteboard: fixed-in-tracemonkey
|
|
Assignee | |
Comment 8•14 years ago
|
||
The one-liner fix for the crash above. In the patch I have used js_ClearRegExpLastIndex(0), not js_ClearRegExpLastIndex(obj). Sorry for wasted time with the backout.
Attachment #394865 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•14 years ago
|
Attachment #395624 -
Flags: review+
|
|
Assignee | |
Comment 9•14 years ago
|
||
relanded - http://hg.mozilla.org/tracemonkey/rev/8e8a71e91c81
Whiteboard: fixed-in-tracemonkey
|
|
||
Comment 10•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/8e8a71e91c81
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
||
Comment 11•14 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/2422dbfafa27
status1.9.2:
--- → beta1-fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•