Closed Bug 684462 Opened 10 years ago Closed 10 years ago

Too-much-recursion through array_sort

Tracking

()

Status:

VERIFIED FIXED

People

(Reporter: jruderman, Assigned: Waldo)

Details

(Keywords: crash, testcase)

Attachments

(1 file)

stack trace (repeating portion only) 10 years ago Jesse Ruderman 1.55 KB, text/plain		Details

Jesse Ruderman

Reporter

Description

•

10 years ago

Attached file stack trace (repeating portion only) — Details

var a = [];
  var sort = a.sort.bind(a);
  a.push(sort);
  a.push(sort);
  sort(sort);

Crashes with too-much-recursion through array_sort.

Similar to bug 671797, which involves array extras such as array_forEach.

This bug goes all the way back to the introduction of Function.prototype.bind in bug 429507.

David Mandelin [:dmandelin]

Updated

•

10 years ago

Whiteboard: js-triage-needed

Jesse Ruderman

Reporter

Comment 1

•

10 years ago

Bug 715387 is another too-much-recursion crash involving array_sort. It's different in that it involves recursion through toString rather than through sort_compare.

Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)

Comment 2

•

10 years ago

Fix and test landed in bug 779215. -> RESOLVED / VERIFIED FIXED

Status: NEW → RESOLVED

Closed: 10 years ago

Flags: in-testsuite+

Resolution: --- → FIXED

Whiteboard: js-triage-needed

Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)

Updated

•

10 years ago

Status: RESOLVED → VERIFIED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Too-much-recursion through array_sort

Categories

(Core :: JavaScript Engine, defect)

Tracking

()

People

(Reporter: jruderman, Assigned: Waldo)

References

Details

(Keywords: crash, testcase)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Comment 1

Comment 2

Updated