Closed
Bug 575024
Opened 14 years ago
Closed 14 years ago
JSObject::resizeDenseArrayElements comparison is always false due to limited range of data type
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: dveditz)
References
Details
Attachments
(2 files)
569 bytes,
patch
|
dvander
:
review+
christian
:
approval1.9.2.13+
dveditz
:
approval1.9.1.16-
|
Details | Diff | Splinter Review |
1.55 KB,
patch
|
dveditz
:
review+
dveditz
:
approval1.9.1.17+
|
Details | Diff | Splinter Review |
js/src/jsarray.cpp: In member function ‘bool JSObject::resizeDenseArrayElements(JSContext*, uint32, uint32, bool)’: 340: warning: comparison is always false due to limited range of data type
Attachment #454320 -
Flags: review?(dvander)
Updated•14 years ago
|
Attachment #454320 -
Flags: review?(dvander) → review+
Updated•14 years ago
|
blocking2.0: --- → ?
http://hg.mozilla.org/mozilla-central/rev/eece34b864ed
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Updated•14 years ago
|
blocking2.0: ? → betaN+
Assignee | ||
Updated•14 years ago
|
Blocks: CVE-2010-3777
Assignee | ||
Comment 3•14 years ago
|
||
Comment on attachment 454320 [details] [diff] [review] patch Nice safe stability win for branches.
Attachment #454320 -
Flags: approval1.9.2.12?
Attachment #454320 -
Flags: approval1.9.1.15?
Attachment #454320 -
Flags: approval1.9.2.12?
Attachment #454320 -
Flags: approval1.9.2.12+
Attachment #454320 -
Flags: approval1.9.1.15?
Attachment #454320 -
Flags: approval1.9.1.15+
Assignee | ||
Updated•14 years ago
|
Whiteboard: [needs branch check-in]
Assignee | ||
Comment 4•14 years ago
|
||
Comment on attachment 454320 [details] [diff] [review] patch patch doesn't apply on 1.9.1 because, trivially, the param was called "size" rather than "newlen", but also there is no MAX_DSLOTS_LENGTH32. Also the function patched is static ResizeSlots() rather than JSObject::resizeDesnseArrayElements() but that probably doesn't matter.
Attachment #454320 -
Flags: approval1.9.1.16+ → approval1.9.1.16-
Comment 5•14 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/1207bf8fed24
status1.9.2:
--- → .13-fixed
Whiteboard: [needs branch check-in]
Assignee | ||
Comment 6•14 years ago
|
||
Attachment #494601 -
Flags: review?
Assignee | ||
Updated•14 years ago
|
Attachment #494601 -
Flags: review? → review?(dvander)
Assignee | ||
Updated•14 years ago
|
Attachment #494601 -
Flags: approval1.9.1.17?
Assignee | ||
Updated•14 years ago
|
Attachment #494601 -
Flags: approval1.9.1.16?
Assignee | ||
Comment 7•14 years ago
|
||
Comment on attachment 494601 [details] [diff] [review] 1.9.1 port Got verbal r+ from dvander
Attachment #494601 -
Flags: review?(dvander) → review+
Assignee | ||
Comment 8•14 years ago
|
||
Comment on attachment 494601 [details] [diff] [review] 1.9.1 port Not going to respin 1.9.1.16 so .17 it is.
Attachment #494601 -
Flags: approval1.9.1.17?
Attachment #494601 -
Flags: approval1.9.1.17+
Attachment #494601 -
Flags: approval1.9.1.16?
Assignee | ||
Updated•14 years ago
|
status1.9.1:
--- → wanted
Assignee | ||
Updated•14 years ago
|
Assignee: timeless → dveditz
Assignee | ||
Comment 9•14 years ago
|
||
reassigning to myself so i remember to land it this time.
Assignee | ||
Comment 10•14 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/ed88e6a66ef9
You need to log in
before you can comment on or make changes to this bug.
Description
•