Closed Bug 630939 Opened 11 years ago Closed 10 years ago

Constructor function name retrieved incorrectly

Categories

(Core :: JavaScript Engine, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED
Tracking Status
blocking2.0 --- .x+

People

(Reporter: sfink, Unassigned)

Details

(Whiteboard: [fixed-in-tracemonkey])

Attachments

(1 file)

When JSD grabs the name of a constructor to hold onto, it uses incorrect types and interprets a JSString* as a char*. This would produce an invalid string, and a possible crash from reading invalid memory. I haven't observed any negative effects; I just noticed the compile warning.
Seems not to be a regression, so I think it doesn't block. We'll gladly approve it for landing though if it gets r+.
blocking2.0: ? → .x
Comment on attachment 509171 [details] [diff] [review]
Convert JSString to char* for constructor names

sorry, this definitely feels like a regression from when someone changed the JS api to hand out Id's instead of Char*s.

please try to match file style until file style is cleaned up.

that means 

+                if ( (ctorName = JS_EncodeString(cx, ctorNameStr)) ) {

should be:

+                if( (ctorName = JS_EncodeString(cx, ctorNameStr)) ) {

Note that I do not happen to like this style, it's merely the style the file uses and as I've been noting elsewhere I have been unable to get it changed because I couldn't get reviews for anything.
Attachment #509171 - Flags: review?(timeless) → review+
http://hg.mozilla.org/tracemonkey/rev/04b5492cc109
Whiteboard: [fixed-in-tracemonkey]
http://hg.mozilla.org/mozilla-central/rev/04b5492cc109
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Component: JavaScript Debugging/Profiling APIs → JavaScript Engine
You need to log in before you can comment on or make changes to this bug.