Following up on Bug 910814, js_strtod_harder's JS_DTOA_ENOMEM error code is also never used. In fact, the err argument is just always set to zero. dtoa.c used to have malloc checking code, and JS_DTOA_ENOMEM used to be hooked up to it, but it was removed in 222c29336422. The result is that the malloc calls within Balloc in dtoa.c are not checked. However, they are immediately dereferenced, so it appears unlikely that a failed malloc would do anything but crash with a null page dereference.
You need to log in before you can comment on or make changes to this bug.