Hacker News new | past | comments | ask | show | jobs | submit login

There are other bugs, too, like:

    1420     th = js_mallocz(ctx, sizeof(*th));
    1421     th->has_object = TRUE;
    1422     if (!th) {
    1423         JS_FreeValue(ctx, obj);
    1424         return JS_EXCEPTION;
    1425     }
But hey, that's gonna get ironed out. :)

This is still an important reminder that literally nobody in the world can write C code without memory issues.

Even if the developer is a genius and the project isn't that big.

This one is probably easily catchable even by a static code analysis, though.

I suspect this is the result of th->has_object being added later than the surrounding code. I don't think someone would write this code on the first attempt with this bug. It's too obvious.

If the code repo ever becomes available, I'll check my theory out. :D

I'd be curious to see the total number of bugs ever found in this code; I suspect it's going to have a far lower defect density than any other JS engine, especially the ones in the big browsers.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact