Closed
Bug 575024
Opened 14 years ago
Closed 14 years ago
JSObject::resizeDenseArrayElements comparison is always false due to limited range of data type
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: dveditz)
References
Details
Attachments
(2 files)
569 bytes,
patch
|
dvander
:
review+
christian
:
approval1.9.2.13+
dveditz
:
approval1.9.1.16-
|
Details | Diff | Splinter Review |
1.55 KB,
patch
|
dveditz
:
review+
dveditz
:
approval1.9.1.17+
|
Details | Diff | Splinter Review |
js/src/jsarray.cpp: In member function ‘bool JSObject::resizeDenseArrayElements(JSContext*, uint32, uint32, bool)’:
340: warning: comparison is always false due to limited range of data type
Attachment #454320 -
Flags: review?(dvander)
Updated•14 years ago
|
Attachment #454320 -
Flags: review?(dvander) → review+
Updated•14 years ago
|
blocking2.0: --- → ?
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Updated•14 years ago
|
blocking2.0: ? → betaN+
Assignee | ||
Updated•14 years ago
|
Blocks: CVE-2010-3777
Assignee | ||
Comment 3•14 years ago
|
||
Comment on attachment 454320 [details] [diff] [review]
patch
Nice safe stability win for branches.
Attachment #454320 -
Flags: approval1.9.2.12?
Attachment #454320 -
Flags: approval1.9.1.15?
Attachment #454320 -
Flags: approval1.9.2.12?
Attachment #454320 -
Flags: approval1.9.2.12+
Attachment #454320 -
Flags: approval1.9.1.15?
Attachment #454320 -
Flags: approval1.9.1.15+
Assignee | ||
Updated•14 years ago
|
Whiteboard: [needs branch check-in]
Assignee | ||
Comment 4•14 years ago
|
||
Comment on attachment 454320 [details] [diff] [review]
patch
patch doesn't apply on 1.9.1 because, trivially, the param was called "size" rather than "newlen", but also there is no MAX_DSLOTS_LENGTH32. Also the function patched is static ResizeSlots() rather than JSObject::resizeDesnseArrayElements() but that probably doesn't matter.
Attachment #454320 -
Flags: approval1.9.1.16+ → approval1.9.1.16-
Comment 5•14 years ago
|
||
status1.9.2:
--- → .13-fixed
Whiteboard: [needs branch check-in]
Assignee | ||
Comment 6•14 years ago
|
||
Attachment #494601 -
Flags: review?
Assignee | ||
Updated•14 years ago
|
Attachment #494601 -
Flags: review? → review?(dvander)
Assignee | ||
Updated•14 years ago
|
Attachment #494601 -
Flags: approval1.9.1.17?
Assignee | ||
Updated•14 years ago
|
Attachment #494601 -
Flags: approval1.9.1.16?
Assignee | ||
Comment 7•14 years ago
|
||
Comment on attachment 494601 [details] [diff] [review]
1.9.1 port
Got verbal r+ from dvander
Attachment #494601 -
Flags: review?(dvander) → review+
Assignee | ||
Comment 8•14 years ago
|
||
Comment on attachment 494601 [details] [diff] [review]
1.9.1 port
Not going to respin 1.9.1.16 so .17 it is.
Attachment #494601 -
Flags: approval1.9.1.17?
Attachment #494601 -
Flags: approval1.9.1.17+
Attachment #494601 -
Flags: approval1.9.1.16?
Assignee | ||
Updated•14 years ago
|
status1.9.1:
--- → wanted
Assignee | ||
Updated•14 years ago
|
Assignee: timeless → dveditz
Assignee | ||
Comment 9•14 years ago
|
||
reassigning to myself so i remember to land it this time.
Assignee | ||
Comment 10•14 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•