Closed Bug 604638 Opened 15 years ago Closed 15 years ago

TracerState::TracerState does something strange with bailedSlowNativeRegs

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: luke)

References

(Blocks 1 open bug)

Details

(Keywords: coverity, Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

rm
1.43 KB, patch
dvander
: review+
Details | Diff | Splinter Review
6535 JS_ALWAYS_INLINE 6536 TracerState::TracerState(JSContext* cx, TraceMonitor* tm, TreeFragment* f, 6537 uintN& inlineCallCount, VMSideExit** innermostNestedGuardp) 6558 bailedSlowNativeRegs(bailedSlowNativeRegs) I'm not sure if this is always initialized by something else. If it isn't, this is probably uninitialized data.
Ah, a straggler that survived bug 581263. http://hg.mozilla.org/tracemonkey/diff/66c8ad02543b/js/src/jstracer.cpp#l1.57 The self-initialization is indeed weird, but not sensitive.
Group: core-security
Attached patch rmSplinter Review
Assignee: general → lw
Status: NEW → ASSIGNED
Attachment #483511 - Flags: review?(dvander)
Attachment #483511 - Attachment is patch: true
Attachment #483511 - Attachment mime type: application/octet-stream → text/plain
Attachment #483511 - Flags: review?(dvander) → review+
http://hg.mozilla.org/tracemonkey/rev/caffd36efd15
Whiteboard: fixed-in-tracemonkey
http://hg.mozilla.org/mozilla-central/rev/caffd36efd15
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: