Closed
Bug 620182
Opened 14 years ago
Closed 13 years ago
[@ QuoteString | DecompileSwitch] when JSVAL_IS_DOUBLE(key) and SprintDoubleValue fails due to oom
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla7
People
(Reporter: timeless, Assigned: timeless)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, crash, Whiteboard: fixed-in-tracemonkey)
Crash Data
Attachments
(1 file, 1 obsolete file)
700 bytes,
patch
|
Details | Diff | Splinter Review |
1168 DecompileSwitch(SprintStack *ss, TableEntry *table, uintN tableLength, 1235 todo = -1; 1236 if (table[i].label) { 1239 } else if (JSVAL_IS_DOUBLE(key)) { this can return -1 on oom: 1242 todo = SprintDoubleValue(&ss->sprinter, key, &junk); 1243 str = NULL; 1244 } else { 1248 } 1249 if (todo >= 0) { 1251 } else { and we crash under here: 1252 rval = QuoteString(&ss->sprinter, str, (jschar) 1253 (JSVAL_IS_STRING(key) ? '"' : 0)); 684 QuoteString(Sprinter *sp, JSString *str, uint32 quote) 701 str->getCharsAndEnd(s, z);
Updated•13 years ago
|
Attachment #498576 -
Attachment is patch: true
Attachment #498576 -
Attachment mime type: application/octet-stream → text/plain
Comment 2•13 years ago
|
||
Comment on attachment 498576 [details] [diff] [review] patch Review of attachment 498576 [details] [diff] [review]: Write `todo < 0` instead of `todo == -1`. They're equivalent here, but `< 0` is more consistent with what the rest of the file does. r=me with that.
Attachment #498576 -
Flags: review?(jorendorff) → review+
Keywords: checkin-needed
Updated•13 years ago
|
Keywords: checkin-needed
Comment 3•13 years ago
|
||
Updated•13 years ago
|
Attachment #498576 -
Attachment is obsolete: true
Updated•13 years ago
|
Keywords: checkin-needed
Comment 4•13 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/7e6f3b179644
Updated•13 years ago
|
Crash Signature: [@ QuoteString | DecompileSwitch]
Comment 5•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/7e6f3b179644
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•6 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•