search

ericmckean / traceur-compiler

Automatically exported from code.google.com/p/traceur-compiler
Apache License 2.0
0 stars 0 forks source link

Infinite loop in LineNumberTable.getLine() if we pass large negative then a positive offset. #195

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
1) If we call getLine(-649) then getLine(789)...

  getLine(offset) {
    // It turns out that almost all calls to this function are done in an
    // incremental order, usually very close to the last offset. We therefore
    // just iterate from the last position.
    if (offset === this.lastOffset_)
      return this.lastLine_;

    this.ensureLineStartOffsets_();

    var line;
    if (offset < this.lastOffset_) {
2) -649 < -1
      for (var i = this.lastLine_; i >= 0; i--) {
        if (this.lineStartOffsets_[i] <= offset) {
3) this condition is never true because the offsets >= 0
          line = i;
          break;
        }
      }
4) we exit the loop with line undefined
    } else {
      for (var i = this.lastLine_; true; i++) {
7) Next call, i will be undefined then NaN
        if (this.lineStartOffsets_[i] > offset) {
8) Both undefined and NaN give this.lineStartOffsets[i] undefined < 789
          line = i - 1;
          break;
        }
      }
9) we never exit the loop.
    }

    this.lastLine_ = line;
5) we set lastLine_ to undefined
    this.lastOffset_ = offset;
6) lastOffset to -649
    return line;
  }

Original issue reported on code.google.com by johnjbar...@google.com on 2 Feb 2013 at 1:03

GoogleCodeExporter commented 9 years ago 
Patch : https://codereview.appspot.com/7229075/

Original comment by johnjbar...@chromium.org on 2 Feb 2013 at 3:18

GoogleCodeExporter commented 9 years ago 
Why are you trying to get a negative line? Maybe we should just return NaN in 
that case =P

Looking at the patch now.

Original comment by arv@chromium.org on 2 Feb 2013 at 6:34

GoogleCodeExporter commented 9 years ago 
Yes, of course my code as a bad offset, but the infinite loop is a nasty way to 
find that out. For some reason I never get the slow-script warning but rather 
my app and its debugger act wonky and semi-responsive. I usually have to 
restart the browser a few times before I remember to check the CPU.

Sadly, NaN is pretty much a viable array index or object property, so only 
throwing an exception would really alert the developer.

landed.

Original comment by johnjbar...@chromium.org on 3 Feb 2013 at 4:59