Closed Bug 684462 Opened 14 years ago Closed 13 years ago

Too-much-recursion through array_sort

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: jruderman, Assigned: Waldo)

Details

(Keywords: crash, testcase)

Attachments

(1 file)

stack trace (repeating portion only)
1.55 KB, text/plain
Details
var a = []; var sort = a.sort.bind(a); a.push(sort); a.push(sort); sort(sort); Crashes with too-much-recursion through array_sort. Similar to bug 671797, which involves array extras such as array_forEach. This bug goes all the way back to the introduction of Function.prototype.bind in bug 429507.
Whiteboard: js-triage-needed
Bug 715387 is another too-much-recursion crash involving array_sort. It's different in that it involves recursion through toString rather than through sort_compare.
Fix and test landed in bug 779215. -> RESOLVED / VERIFIED FIXED
Status: NEW → RESOLVED
Closed: 13 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Whiteboard: js-triage-needed
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: