Last Comment Bug 684462 - Too-much-recursion through array_sort
: Too-much-recursion through array_sort
Status: VERIFIED FIXED
: crash, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: All All
: -- critical (vote)
: ---
Assigned To: Jeff Walden [:Waldo] (remove +bmo to email)
:
Mentors:
Depends on:
Blocks: 326633
  Show dependency treegraph
 
Reported: 2011-09-03 00:50 PDT by Jesse Ruderman
Modified: 2012-07-31 22:11 PDT (History)
6 users (show)
gary: in‑testsuite+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
stack trace (repeating portion only) (1.55 KB, text/plain)
2011-09-03 00:50 PDT, Jesse Ruderman
no flags Details

Description Jesse Ruderman 2011-09-03 00:50:51 PDT
Created attachment 558046 [details]
stack trace (repeating portion only)

var a = [];
  var sort = a.sort.bind(a);
  a.push(sort);
  a.push(sort);
  sort(sort);

Crashes with too-much-recursion through array_sort.

Similar to bug 671797, which involves array extras such as array_forEach.

This bug goes all the way back to the introduction of Function.prototype.bind in bug 429507.
Comment 1 Jesse Ruderman 2012-01-04 18:33:02 PST
Bug 715387 is another too-much-recursion crash involving array_sort. It's different in that it involves recursion through toString rather than through sort_compare.
Comment 2 Gary Kwong [:gkw] [:nth10sd] 2012-07-31 22:09:55 PDT
Fix and test landed in bug 779215. -> RESOLVED / VERIFIED FIXED

Note You need to log in before you can comment on or make changes to this bug.