Bug 6985 - cyclic __proto__ values aren't caught
Summary: cyclic __proto__ values aren't caught
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 420+
Hardware: PC Linux
: P1 Critical
Assignee: Eric Seidel (no email)
URL: data:text/html,%3C%21DOCTYPE%20html%3...
Keywords:
Depends on:
Blocks: 13638
  Show dependency treegraph
 
Reported: 2006-01-31 16:34 PST by Ian 'Hixie' Hickson
Modified: 2007-05-09 04:00 PDT (History)
2 users (show)

See Also:


Attachments
the fix (2.69 KB, patch)
2007-05-09 03:27 PDT, Eric Seidel (no email)
mjs: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ian 'Hixie' Hickson 2006-01-31 16:34:40 PST
STEPS TO REPRODUCE
   Run the following JS:

   var o1 = { p1: 1 };
   var o2 = { p2: 2 };
   o2.__proto__ = o1;
   var o3 = { p3: 3 };
   o3.__proto__ = o2;
   o1.__proto__ = o3; // this hangs

ACTUAL RESULTS
   Hang.

EXPECTED RESULTS
   It should raise an exception "cyclic __proto__ value".
Comment 1 Eric Seidel (no email) 2007-05-09 03:27:53 PDT
Created attachment 14427 [details]
the fix
Comment 2 Eric Seidel (no email) 2007-05-09 03:32:48 PDT
As a reproducible crasher, this should be a P1.
Comment 3 Eric Seidel (no email) 2007-05-09 03:59:16 PDT
Fixed in r21332.
Comment 4 Maciej Stachowiak 2007-05-09 04:00:37 PDT
Comment on attachment 14427 [details]
the fix

r=me