Fix for infinite recursion in evil case
Maciej Stachowiak
mjs at apple.com
Tue Dec 2 11:29:07 CET 2003
On Nov 21, 2003, at 3:37 AM, David Faure wrote:
> On Friday 21 November 2003 09:32, Maciej Stachowiak wrote:
>>
>> On Nov 18, 2003, at 8:35 AM, David Faure wrote:
>>
>>> The attached testcase (from the Mozilla testsuite) is about putting
>>> an
>>> array as an element of itself (!!!)
>>> It looped infinitely in toString() - but for some reason, only with
>>> KJS_VERBOSE enabled.
>>
>> I couldn't reproduce the infinite loop in Safari so I'm not merging
>> this for now.
>
> Harri found a better testcase for this problem:
>
> var a = [];
> a.push(a);
> a.push(a);
> print(a); (or alert, or toString)
OK, with that test case, I get a stack overflow. Applied your patch (as
well as Harri's earlier change to move the c all depth check to
Object::call).
Regards,
Maciej
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2355 bytes
Desc: not available
Url : https://mail.kde.org/mailman/private/khtml-devel/attachments/20031202/73decff3/smime.bin
More information about the Khtml-devel
mailing list