As a security precaution, we have turned on the setting "Require API key authentication for API requests" for everyone. If this has broken something, please contact
Last Comment Bug 735161 - Method JIT allows assignment to undeclared in ES5 strict mode code
: Method JIT allows assignment to undeclared in ES5 strict mode code
: regression, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86_64 Mac OS X
: -- normal (vote)
: mozilla14
Assigned To: Brian Hackett (:bhackett)
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: jsfunfuzz js-differential-test
  Show dependency treegraph
Reported: 2012-03-13 00:06 PDT by Jesse Ruderman
Modified: 2012-03-15 08:00 PDT (History)
7 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

patch (1.49 KB, patch)
2012-03-13 08:32 PDT, Brian Hackett (:bhackett)
dvander: review+
Details | Diff | Splinter Review

Description User image Jesse Ruderman 2012-03-13 00:06:37 PDT
var obj = {valueOf: function() { "use strict"; undeclared = 7; }};
try { '' + obj; print("FAIL 1"); } catch(e) { }
try { '' + obj; print("FAIL 2"); } catch(e) { }
if ("undeclared" in this) print("FAIL 3");

./js           (no output; PASS)
./js -m -a     FAIL 2, FAIL 3
Comment 1 User image Gary Kwong [:gkw] [:nth10sd] 2012-03-13 02:28:04 PDT
autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   81258:f852758f39d1
user:        Brian Hackett
date:        Thu Oct 13 20:21:36 2011 -0700
summary:     Move JSObject::parent to BaseShape, bug 638316.
Comment 2 User image Brian Hackett (:bhackett) 2012-03-13 08:32:05 PDT
Created attachment 605407 [details] [diff] [review]

autoBisect is wrong, this bug is older.  The PIC generation for ADDPROP wasn't checking for undeclared vars under SETNAME, this patch disables the PIC in such cases.
Comment 3 User image Brian Hackett (:bhackett) 2012-03-14 08:11:31 PDT
Comment 4 User image Marco Bonardo [::mak] 2012-03-15 08:00:32 PDT

Note You need to log in before you can comment on or make changes to this bug.