You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Dmitri Blinov (JIRA)" <ji...@apache.org> on 2019/01/14 08:06:00 UTC

[jira] [Updated] (JEXL-289) Passing undeclared function parameter can overwrite a local function variable

     [ https://issues.apache.org/jira/browse/JEXL-289?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dmitri Blinov updated JEXL-289:
-------------------------------
    Description: 
The following script
{code:java}
var x = function(a) { var b; return b}; x(1,2)
{code}
returns {{2}}. The expected behaviour is to return {{null}}. 

As an additional safeguarding measure we may also consider restricting a function call with more supplied arguments than the number of declared parameters, since, IMO, in a majority of cases this is a bug, like where the function definition was changed but the call was not updated accordingly.

  was:
The following script
{code:java}
var x = function(a) { var b; return b}; x(1,2)
{code}
returns {{2}}. The expected behaviour is to return {{null}}. 

As an additional safeguarding measure we may also consider restricting a function call with more supplied arguments than the number of  declared parameters in a strict execution mode.


> Passing undeclared function parameter can overwrite a local function variable
> -----------------------------------------------------------------------------
>
>                 Key: JEXL-289
>                 URL: https://issues.apache.org/jira/browse/JEXL-289
>             Project: Commons JEXL
>          Issue Type: Bug
>    Affects Versions: 3.1
>            Reporter: Dmitri Blinov
>            Priority: Major
>
> The following script
> {code:java}
> var x = function(a) { var b; return b}; x(1,2)
> {code}
> returns {{2}}. The expected behaviour is to return {{null}}. 
> As an additional safeguarding measure we may also consider restricting a function call with more supplied arguments than the number of declared parameters, since, IMO, in a majority of cases this is a bug, like where the function definition was changed but the call was not updated accordingly.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)