Fix for infinite recursion in evil case
David Faure
faure at kde.org
Tue Nov 18 17:35:07 CET 2003
The attached testcase (from the Mozilla testsuite) is about putting an array as an element of itself (!!!)
It looped infinitely in toString() - but for some reason, only with KJS_VERBOSE enabled.
Anyway, the change is correct in itself, isn't it?
--- array_object.cpp 17 Nov 2003 00:42:15 -0000 1.59
+++ array_object.cpp 18 Nov 2003 16:23:35 -0000
@@ -500,6 +500,8 @@ Value ArrayProtoFuncImp::call(ExecState
Value element = thisObj.get(exec,k);
if (element.type() != UndefinedType && element.type() != NullType)
str += (id == ToLocaleString ? valueToLocaleString(exec,element) : element.toString(exec));
+ if ( exec->hadException() )
+ break;
}
result = String(str);
break;
--
David FAURE, faure at kde.org
Konqueror (http://www.konqueror.org), and KOffice (http://www.koffice.org).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: regress-108440.js
Type: text/x-csrc
Size: 2912 bytes
Desc: not available
Url : https://mail.kde.org/mailman/private/khtml-devel/attachments/20031118/f6461233/regress-108440.bin
More information about the Khtml-devel
mailing list