Bug 1006876 - Use JS_CHECK_RECURSION_DONT_REPORT inside SavedStacksMetadataCallback. r=ejprbruel

2024-09-13 09:24:08 -07:00 · 2014-05-13 10:55:00 -04:00 · 2014-05-13 10:55:00 -04:00 · f328ef948d
commit f328ef948d
parent aaad95841d
2 changed files with 16 additions and 0 deletions
--- a/js/src/jit-test/tests/saved-stacks/bug-1006876-too-much-recursion.js
+++ b/js/src/jit-test/tests/saved-stacks/bug-1006876-too-much-recursion.js
@ -0,0 +1,10 @@
+// |jit-test| exitstatus: 3
+
+// This test case was found by the fuzzer and crashed the js shell. It should
+// throw a "too much recursion" error, but was crashing instead.
+
+enableTrackAllocations();
+function f() {
+    f();
+}
+f();
--- a/js/src/vm/SavedStacks.cpp
+++ b/js/src/vm/SavedStacks.cpp
@ -520,6 +520,12 @@ SavedStacks::createFrameFromLookup(JSContext *cx, SavedFrame::Lookup &lookup)
 bool
 SavedStacksMetadataCallback(JSContext *cx, JSObject **pmetadata)
 {
+    // Do not save the stack if the metadata callback was triggered in response
+    // to a too-much-recursion error. Don't report because it has already been
+    // reported since we are being asked to create metadata for the
+    // too-much-recursion Error object.
+    JS_CHECK_RECURSION_DONT_REPORT(cx, return true);
+
    Rooted<SavedFrame *> frame(cx);
    if (!cx->compartment()->savedStacks().saveCurrentStack(cx, &frame))
        return false;