Closed Bug 547483 Opened 14 years ago Closed 14 years ago

calculating 'this' fails if the object has no parent

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: gal, Assigned: gal)

References

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file, 1 obsolete file)

patch
874 bytes, patch
brendan
: review+
mrbkap
: review+
Details | Diff | Splinter Review 
(gdb) bt
#0  0x00000001039a820c in JSObject::getParent (this=0x0) at jsobj.h:293
#1  0x0000000103918932 in js_ComputeGlobalThis (cx=0x10492da00, lazy=0, argv=0x104bfc840) at jsinterp.cpp:942
#2  0x0000000103918ae9 in js_ComputeThis (cx=0x10492da00, lazy=0, argv=0x104bfc840) at jsinterp.cpp:974
#3  0x000000010391a8ee in js_Invoke (cx=0x10492da00, argc=0, vp=0x104bfc830, flags=0) at jsinterp.cpp:1217
#4  0x0000000103905ff0 in js_Interpret (cx=0x10492da00) at jsops.cpp:2303
#5  0x000000010391a05a in js_Execute () at jsinterp.cpp:1665

(this is a XOW here, window)
Attached patch patchSplinter Review 
Assignee: general → gal

    
  
Blocks: 546886

    
  

        Attachment #427981 -
        Flags: review?(mrbkap)

    
    

    
  
Comment on attachment 427981 [details] [diff] [review]
patch

>diff --git a/js/src/jsinterp.cpp b/js/src/jsinterp.cpp
>--- a/js/src/jsinterp.cpp
>+++ b/js/src/jsinterp.cpp
>@@ -931,21 +931,23 @@ js_ComputeGlobalThis(JSContext *cx, JSBo
>         if (lazy) {
>             fp->down = cx->fp;
>             cx->fp = fp;
>             cx->popGCReachableFrame();
>         }
>         if (!ok)
>             return NULL;
> 
>-        thisp = JSVAL_IS_VOID(v)
>+        if (v != JSVAL_NULL) {

Probably want !JSVAL_IS_PRIMITIVE(v).

>+            thisp = JSVAL_IS_VOID(v)
>                 ? OBJ_GET_PARENT(cx, thisp)
>                 : JSVAL_TO_OBJECT(v);

Indent these to match.

r=me with these changes if they work, pending mrbkap better r+.

Really need to get rid of thisObject...

/be

        Attachment #427981 -
        Flags: review?(mrbkap) → review+

    
    

    
  
!JSVAL_IS_PRIMITIVE doesn't make sense. There is a JSVAL_IS_VOID(v) inside the condition.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch (obsolete)
        — Splinter Review
      

    


  

        Attachment #427981 -
        Attachment is obsolete: true

    
  

        Attachment #427993 -
        Attachment is obsolete: true

    
  

        Attachment #427981 -
        Attachment is obsolete: false

    
    

    
  
http://hg.mozilla.org/tracemonkey/rev/2e5e3ae20ddc
Whiteboard: fixed-in-tracemonkey

    
    

    
  
(In reply to comment #3)
> !JSVAL_IS_PRIMITIVE doesn't make sense. There is a JSVAL_IS_VOID(v) inside the
> condition.

Oops, you're right.

What was v in the bad case?

/be

    
    

    
  
null

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/2e5e3ae20ddc
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: