Bugzilla@Mozilla – Bug 461158
js1_6/extensions/regress-456826.js: (Math|Date) is not defined
Last modified: 2009-04-21 13:59:38 PDT
Summon comment box
from bug 456826 comment 36. ./js1_6/extensions/regress-456826.js:93: Math is not defined ./js1_6/extensions/regress-456826.js:127: Date is not defined either of these errors may occur depending on the build and shell options. this regressed in http://hg.mozilla.org/mozilla-central/rev/62b8f8cd8b69 Igor@mir2.org date: Wed Apr 02 00:46:12 2008 -0700 summary: [Bug 423874] Allocating functions together with JSObject. r=brendan
The regression is from bug 365851 and comes from the fact that js_FindPropertyHelper, http://hg.mozilla.org/mozilla-central/file/0d837275baca/js/src/jsobj.cpp#l3533 , does not propagate the error condition from js_LookupPropertyWithFlags . The latter returns -1 on errors and the code ignores that. The reason the failure is associated with the bug 423874 is that bug altered the memory usage for the function objects. Given the restriction gcparam("maxBytes", 22000); from the test, that triggered the failure on the code path with errors.
Created attachment 350229 [details] [review] fix v1 The patch just adds the missing error check.
Note on ./js1_6/extensions/regress-456826.js test: on 64-bit platform it fails with OOM and that should be OK. Alternatively, changing 22000 in gcparam("maxBytes", 22000); to 60000 on 64 bit should make it work.
Comment on attachment 350229 [details] [review] fix v1 Whoops -- thanks for fixing. /be
Comment on attachment 350229 [details] [review] fix v1 a=sayrer, but it's already blocking
Created attachment 350244 [details] [review] fix v1 (mq patch)
I marked the bug as restricted as it is not clear if there any hazards due to it.
Pushed http://hg.mozilla.org/mozilla-central/rev/4c6331befc51
verified fixed mozilla-central but not tracemonkey
v 1.9.1, 1.9.2
Not needed for 1.8, wanted for 1.9.0 which contains the patch from bug 365851 that caused this. Don't know the potential security impacts of this.
Igor: Can you please work up a 1.9.0-branch patch for this? Our code freeze for 1.9.0.8 is tomorrow and this blocks the release.
Created attachment 367870 [details] [review] Patch for the 1.9.0 branch
Comment on attachment 367870 [details] [review] Patch for the 1.9.0 branch Approved for 1.9.0.8. a=ss for release-drivers
Fixed on the 1.9.0 branch.
v 1.9.0