Last Comment Bug 779215 - CallJS(Native|PropertyOp|PropertyOpSetter) should JS_CHECK_RECURSION
: CallJS(Native|PropertyOp|PropertyOpSetter) should JS_CHECK_RECURSION
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
-- normal (vote)
: mozilla17
Assigned To: Luke Wagner [:luke]
: Jason Orendorff [:jorendorff]
Depends on:
  Show dependency treegraph
Reported: 2012-07-31 10:51 PDT by Luke Wagner [:luke]
Modified: 2012-07-31 22:09 PDT (History)
2 users (show)
gary: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

fix and all the tests that were failing (4.58 KB, patch)
2012-07-31 10:51 PDT, Luke Wagner [:luke]
dmandelin: review+
Details | Diff | Splinter Review

Description User image Luke Wagner [:luke] 2012-07-31 10:51:45 PDT
Created attachment 647596 [details] [diff] [review]
fix and all the tests that were failing

There are currently 7 open bugs that crash from C stack overflow.  They all involve paths through native functions/propertyops that skip the RunScript JS_CHECK_RECURSION pinchpoint.  Adding a recursion check to these three pinchpoints cover them all.  Hot code should be unaffected since jit code calls into natives directly.
Comment 1 User image Gary Kwong [:gkw] [:nth10sd] 2012-07-31 12:00:18 PDT

This should fix a bunch of js too-much-recursion crash fuzzblockers. Thanks Luke! \o/
Comment 2 User image Ryan VanderMeulen [:RyanVM] 2012-07-31 19:17:23 PDT
Comment 3 User image Gary Kwong [:gkw] [:nth10sd] 2012-07-31 22:09:02 PDT
Setting VERIFIED since tests have landed in the repository as well as in-testsuite+.

Note You need to log in before you can comment on or make changes to this bug.