Closed Bug 53037 Opened 25 years ago Closed 25 years ago

Call object not censored for Array.prototype.sort comparison function

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: brendan, Assigned: brendan)

Details

(Keywords: js1.5)

Attachments

(1 file)

proposed fix
640 bytes, patch
Details | Diff | Splinter Review
Thanks to rogerc@geocast.com for finding this. var a = [2,1]; function C(m) { this.m=m; this.cmp=function (a,b) {print(this);return a-b}} var c = new C; a.sort(c.cmp); prints [object Call] twice. It should print [object global], I believe (ECMA buddies, double-check me please). /be
Status: NEW → ASSIGNED
Target Milestone: --- → M18
The spec. doesn't say how the compare function is called other than 'call comparefn'. I think the implication would have to be that there was an implicit NULL this, hence the global object as you say. The call object doesn't seem useful in any case.
The spec does say that activation objects should never be exposed. I think the patch is a virtual "one-liner". See next attachment, someone give me an r= so we can get this in for js1.5 and ECMA purity of essence. /be
Keywords: js1.5, nsbeta3
Attached patch proposed fixSplinter Review
Why was there a check for GetPrivate on thisp?
Norris wrote that code, and IIRC he was trying to hide only those Call objects representing active JSStackFrames (which are LIFO allocated and which are the private data of their Call object, if they represent heavyweight function calls, only while active). But I think ECMA mandates activation censoring everywhere. /be
r=, anyone? /be
ok, i'll buy that r=rogerl
Fix was checked in on 9/18, but I forgot to close this one. Thanks to pschwartau for reminding me. /be
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: