Constructor function name retrieved incorrectly

RESOLVED FIXED

Status

()

Core
JavaScript Engine
RESOLVED FIXED
7 years ago
6 years ago

People

(Reporter: sfink, Unassigned)

Tracking

unspecified
x86_64
Linux
Points:
---

Firefox Tracking Flags

(blocking2.0 .x+)

Details

(Whiteboard: [fixed-in-tracemonkey])

Attachments

(1 attachment)

(Reporter)

Description

7 years ago
When JSD grabs the name of a constructor to hold onto, it uses incorrect types and interprets a JSString* as a char*. This would produce an invalid string, and a possible crash from reading invalid memory. I haven't observed any negative effects; I just noticed the compile warning.
(Reporter)

Comment 1

7 years ago
Created attachment 509171 [details] [diff] [review]
Convert JSString to char* for constructor names
Attachment #509171 - Flags: review?(timeless)
Seems not to be a regression, so I think it doesn't block. We'll gladly approve it for landing though if it gets r+.
blocking2.0: ? → .x

Comment 3

7 years ago
Comment on attachment 509171 [details] [diff] [review]
Convert JSString to char* for constructor names

sorry, this definitely feels like a regression from when someone changed the JS api to hand out Id's instead of Char*s.

please try to match file style until file style is cleaned up.

that means 

+                if ( (ctorName = JS_EncodeString(cx, ctorNameStr)) ) {

should be:

+                if( (ctorName = JS_EncodeString(cx, ctorNameStr)) ) {

Note that I do not happen to like this style, it's merely the style the file uses and as I've been noting elsewhere I have been unable to get it changed because I couldn't get reviews for anything.
Attachment #509171 - Flags: review?(timeless) → review+
(Reporter)

Comment 4

7 years ago
http://hg.mozilla.org/tracemonkey/rev/04b5492cc109
Whiteboard: [fixed-in-tracemonkey]
(Reporter)

Comment 5

6 years ago
http://hg.mozilla.org/mozilla-central/rev/04b5492cc109
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
(Assignee)

Updated

6 years ago
Component: JavaScript Debugging/Profiling APIs → JavaScript Engine
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.