From d9f72101a7aab7669d8dc4cc61d432b74097f51b Mon Sep 17 00:00:00 2001 From: "andrea.bergia" Date: Thu, 19 Dec 2024 17:50:21 +0100 Subject: [PATCH] Fix: handle stack frames in the correct order Commit f3c64ee29f9094bdc87a4fe3615c21f9c65fab51 removed `ObjArray` and replaced its usage with standard JDK classes. In `Interpreter`, in particular, an `ArrayDeque` is now used to store `cx.previousInterpreterInvocations`, which is used to generate the stack frame information. However, there is one place where `toArray` is done, and the behavior for `ObjArray` and `ArrayDeque` are different (swapped). Unfortunately no tests actually ends up exercising this difference due to the interpreter function peeling optimization done in https://github.com/mozilla/rhino/pull/1510. We have discovered this problem because, in ServiceNow's fork, we currently need to disable the function peeling optimization. --- rhino/src/main/java/org/mozilla/javascript/Interpreter.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rhino/src/main/java/org/mozilla/javascript/Interpreter.java b/rhino/src/main/java/org/mozilla/javascript/Interpreter.java index d777ae172d..1414de122b 100644 --- a/rhino/src/main/java/org/mozilla/javascript/Interpreter.java +++ b/rhino/src/main/java/org/mozilla/javascript/Interpreter.java @@ -14,6 +14,7 @@ import java.util.ArrayDeque; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Objects; @@ -951,7 +952,10 @@ public void captureStackInfo(RhinoException ex) { --previousCount; } array = new CallFrame[previousCount + 1]; - cx.previousInterpreterInvocations.toArray(array); + + ArrayList tempList = new ArrayList<>(cx.previousInterpreterInvocations); + Collections.reverse(tempList); + tempList.toArray(array); } array[array.length - 1] = (CallFrame) cx.lastInterpreterFrame;