Closed
Bug 948233
Opened 11 years ago
Closed 11 years ago
Improper OOM check in DoCompareFallback
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla29
People
(Reporter: decoder, Assigned: decoder)
References
(Blocks 1 open bug)
Details
(Keywords: crash, Whiteboard: [qa-])
Crash Data
Attachments
(1 file)
|
1.12 KB,
patch
|
jandem
:
review+
lsblakk
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
In js::jit::DoCompareFallback we have the following code:
> ICStub *doubleStub = compiler.getStub(compiler.getStubSpace(script));
> if (!stub)
> return false;
I think this is either a typo or some tasty copy-pasta. I changed stub to doubleStub and it fixed another OOM crasher for me. Jandem, can you review the attached patch since it's your code?
Attachment #8345050 -
Flags: review?(jdemooij)
|
||
Updated•11 years ago
|
Attachment #8345050 -
Flags: review?(jdemooij) → review+
|
Assignee | |
Comment 1•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/908680cb2773
Status: NEW → ASSIGNED
https://hg.mozilla.org/mozilla-central/rev/908680cb2773
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla29
|
||
Comment 4•11 years ago
|
||
Christian: should this OOM fix be uplifted to Aurora 28 and Beta 27?
Flags: needinfo?(choller)
|
|
Assignee | |
Comment 5•11 years ago
|
||
This one can safely be uplifted to Aurora at least.
Flags: needinfo?(choller)
|
|
Assignee | |
Comment 6•11 years ago
|
||
Comment on attachment 8345050 [details] [diff] [review] js-setNext-oom.patch [Approval Request Comment] Bug caused by (feature/regressing bug #): N/A User impact if declined: Crashes with OOM conditions Testing completed (on m-c, etc.): A few days on mozilla-central Risk to taking this patch (and alternatives if risky): Not risky, patch is just fixing a null check (fixing a typo). String or IDL/UUID changes made by this patch: None
Attachment #8345050 -
Flags: approval-mozilla-aurora?
|
||
Updated•11 years ago
|
Attachment #8345050 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
Assignee | |
Comment 7•11 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/8f29c6506b23
status-firefox28:
--- → fixed
|
||
Updated•11 years ago
|
status-firefox29:
--- → fixed
I don't think this needs QA verification. If anyone thinks that's a mistake please remove the [qa-] whiteboard tag and add the verifyme keyword.
Whiteboard: [qa-]
You need to log in
before you can comment on or make changes to this bug.
Description
•