(Note: I don't know what the current preferred term for the Firefox JS engine is, so I use "Spidermonkey" below; feel free to imagine a different name as needed.) Spidermonkey is inconsistent about what to do when a function is passed too many arguments to fit on the stack. In many cases, this throws a stack overflow exception, but in some (e.g. function.apply), the argument list is silently truncated instead. By comparison, V8 (to the best of my knowledge) always throws an exception. In http://trac.webkit.org/changeset/62432 , JSC was patched to act like Spidermonkey when too many args are passed to function.apply. Both JSC and V8 developers have opined that in the abstract, always throwing seems like a better behavior, and in #jsapi Jeff Walden said that he considered "clamping sometimes" to be "a bug, to some degree". It seems unlikely any site relies on one behavior or the other for compat reasons. The only citations I've heard of this in the wild are sites that download enormous data files as JSON and pass them straight to function.apply -- something that's going to cause problems no matter what. Therefore, in the interest of having all the engines match, and behave sanely, I propose that Spidermonkey change to always throwing a stack overflow exception. Then JSC can copy that.
Ping. It would be nice to hear from Spidermonkey folks whether they consider this proposal to be sane.
Oops, we just fixed this and made SpiderMonkey throw an exception for an argument array with an overlarge length -- forgot to mark the dependency.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Depends on: 607371
OS: Windows Vista → All
Hardware: x86 → All
Resolution: --- → FIXED
Target Milestone: --- → mozilla8
You need to log in before you can comment on or make changes to this bug.