JavaScript array problem affecting bugzilla
John Sullivan
sullivan at apple.com
Mon Jul 19 18:22:45 CEST 2004
On Jul 18, 2004, at 10:12 AM, Harri Porten wrote:
> Hi,
>
> On Fri, 16 Jul 2004, John Sullivan wrote:
>
>> ArrayProtoFuncImp::call wasn't checking whether args[0] was valid.
>> This
>> caused a hang as follows:
>>
>> 1. Browse to http://bugzilla.mozilla.org/
>> 2. Enter text into search field, ie "tiger"
>> 3. Click Show
>
> The test works fine. While we still had this bug, too, we probably were
> lucky to not see the consequences. For me (with a x86 based system and
> toInteger() returning an int) I got a large negative value for begin
> which
> then got replace by 0.
FYI, we were getting a NAN value that was being converted to some huge
negative value by toInteger(), causing the subsequent loop to run for
an extremely long time.
John
More information about the Khtml-devel
mailing list