The default bug view has changed. See this FAQ.

CallJS(Native|PropertyOp|PropertyOpSetter) should JS_CHECK_RECURSION

VERIFIED FIXED in mozilla17

Status

()

Core
JavaScript Engine
VERIFIED FIXED
5 years ago
5 years ago

People

(Reporter: luke, Assigned: luke)

Tracking

unspecified
mozilla17
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

5 years ago
Created attachment 647596 [details] [diff] [review]
fix and all the tests that were failing

There are currently 7 open bugs that crash from C stack overflow.  They all involve paths through native functions/propertyops that skip the RunScript JS_CHECK_RECURSION pinchpoint.  Adding a recursion check to these three pinchpoints cover them all.  Hot code should be unaffected since jit code calls into natives directly.
Attachment #647596 - Flags: review?(dmandelin)
Attachment #647596 - Flags: review?(dmandelin) → review+
http://hg.mozilla.org/integration/mozilla-inbound/rev/3ab53aa58514

This should fix a bunch of js too-much-recursion crash fuzzblockers. Thanks Luke! \o/
Target Milestone: --- → mozilla17
https://hg.mozilla.org/mozilla-central/rev/3ab53aa58514
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Setting VERIFIED since tests have landed in the repository as well as in-testsuite+.
Status: RESOLVED → VERIFIED
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.