Closed
Bug 599188
Opened 15 years ago
Closed 15 years ago
potential overflow in shell ShapeOf
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: bhackett1024, Assigned: gal)
Details
(Whiteboard: [fixed-in-tracemonkey])
Attachments
(1 file)
|
655 bytes,
patch
|
jorendorff
:
review+
|
Details | Diff | Splinter Review |
ShapeOf can read vp[2] if argc == 0. Here is the relevant code:
static JSBool
ShapeOf(JSContext *cx, uintN argc, jsval *vp)
{
jsval v = JS_ARGV(cx, vp)[0];
...
|
Assignee | |
Comment 1•15 years ago
|
||
Shell only. We don't have to block on this.
|
|
Assignee | |
Comment 2•15 years ago
|
||
Assignee: general → gal
Attachment #478139 -
Flags: review?(brendan)
|
||
Comment 3•15 years ago
|
||
Comment on attachment 478139 [details] [diff] [review]
patch
Traveling, going to ignore mail in a minute. Suggest jorendorff since luke is on paternity leave.
Also suggest not nesting v = ... in actual argument to what was once a macro, but that's a style thing at this point. It does highlight that v is single use and really unnecessary, though!
/be
Attachment #478139 -
Flags: review?(brendan) → review?(jorendorff)
|
||
Updated•15 years ago
|
Attachment #478139 -
Flags: review?(jorendorff) → review+
|
|
Assignee | |
Updated•15 years ago
|
Keywords: checkin-needed
|
||
Comment 4•15 years ago
|
||
Please remove the checkin-needed keyword and request approval.
|
|
||
Comment 5•15 years ago
|
||
Keywords: checkin-needed
Whiteboard: [fixed-in-tracemonkey]
|
||
Comment 6•15 years ago
|
||
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•