Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-08 20:47:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
01f516cbd2
gecko-dev/js
History
nboyd%atg.com e4bf1b6548 Fix problems noted in following mail: 
Subject:
        rhino bug(s)
   Date:
        Mon, 30 Apr 2001 23:07:00 -0700
   From:
        Mike Dixon <MDixon@placeware.com>
     To:
        nboyd@atg.com




hi.  i'm a happy rhino user, and just stumbled across what looks like a
pretty basic bug in the property stuff on ScriptableObject...  (i'm running
1.5, but it looks like this code hasn't changed in CVS.)  since it looks
like you're actively developing (even though it's been a while since
1.5...) i figured you might be interested -- apologies if i missed a more
formal bug reporting process...

the symptom was that i got a "Hashtable internal error" thrown from
getSlotToSet.  reading the code, here's what i think could happen:

- create a new object (slots.length is initially 5)
- add 3 properties
- delete those 3 properties

(now count == 0, and slots[i] == REMOVED for 3 values of i)

- add 2 more properties

now assume that you're unlucky, and that these two hash to different values
than the first three; now you have 2 elements of slots[] containing real
slots, and the other three containing REMOVED.

now what happens when you try to create another slot?  getSlotToSet is only
willing to put something in a null slot[], and you haven't got one, so you
get the internal error.

writing this message encouraged me to try to write a test case to reproduce
it, and in fact it's trivial:

   js> x={}; x.a=x.b=x.c=1; delete x.a; delete x.b; delete x.c; x.d=x.e=1
   1
   js> x.whatever=1
(boom)

by the way, while reading the code i also noticed what looks like another,
less consequential bug: addSlot increments count before deciding to grow
the table, which is done with a recursive call, which will cause count to
be incremented again -- right?  as far as i can tell, setting count too big
will only cause it to grow the table a little early next time, so it
doesn't really matter, but it looks wrong.

                                                        .mike.
2001-05-06 23:56:34 +00:00
..
benchmarks
js2 Fixed case, sorry 2001-02-02 01:08:06 +00:00
jsd - not built - 2001-05-04 23:44:07 +00:00
jsdj updated license boilerplate to xPL 1.1, a=chofmann@netscape.com,r=endico@mozilla.org 1999-11-06 02:47:15 +00:00
jsj
macbuild Define EXPORT_JS_API. r=rginda, r=beard, sr=brendan. 2001-05-04 21:30:55 +00:00
ref
rhino Fix problems noted in following mail: 2001-05-06 23:56:34 +00:00
semantics Added more semantics 2001-02-07 05:08:44 +00:00
src Check in for Ron Guilmette. r=shaver, sr=waterson. For intl r=nhotta. Changes for NS_IMPL_NSGETMODULE. bug #46775. 2001-05-05 05:33:37 +00:00
tests Minor style changes. 2001-05-06 18:07:12 +00:00
.cvsignore
landbranch.pl
Makefile.in Fix fdlibm/mozjs dependency problem by making sure that fdlibm is always built before mozjs. 2001-02-04 06:27:59 +00:00
makefile.win updated license boilerplate to xPL 1.1, a=chofmann@netscape.com,r=endico@mozilla.org 1999-11-06 03:40:37 +00:00