Closed
Bug 310295
Opened 19 years ago
Closed 19 years ago
crash: stack corruption during execution JS_ValueToString
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: k_mirny, Unassigned)
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon; MRA 4.0 (build 00768); .NET CLR 1.1.4322; .NET CLR 2.0.40607) Build Identifier: When 'double' variable defined in JavaScript is too long, stack is corrupted after execution js_dtoa(). It only happens on Linux, on Windows everything is Ok. We are using JS as standalone engine - not inside Mozilla, but it should be reproducible in Mozilla also. Stack before corruption: 0x0804ccda in main () at jstest.cpp:121 0x0804eb92 in XmlScope::GetVar() at xmlscope.cpp: 332 0x08055795 in SpiderMonkeyStore::GetVar() and jssmstore.cpp:699 0x00120e5b in JS_ValueToString() at jsapi.c:546 0x00191c7b in js_ValueToString() at jsstr.c:2663 0x0016258d in js_NumberToString() at jsnum.c:608 JS_dtostr() at jsdtoa.c:2778 Reproducible: Always Steps to Reproduce: 1.Define variable in the scope: var tmp = 23948730458647527874392837439299837412374859487593; 2. call JS_ValueToString for that variable Actual Results: Stack is corrupted after calling JS_dtostr() Linux RedHat Enterprise 3.2.3
Comment 1•19 years ago
|
||
I cannot seem reproduce this on Linux using an up-to-date trunk build. Konstantin, what release of SpiderMonkey are you using?
Reporter | ||
Comment 2•19 years ago
|
||
We are using js-1.5-rc6a.
Comment 3•19 years ago
|
||
RC6a is quite old. Perhaps someone can suggest a bug that was fixed since then that matches this bug. There will be a JS1.6 RC1 soon, I believe (bclary knows all), but in the mean time you could do worse than to try the MOZILLA_1_8_BRANCH version of js/src. /be
Updated•19 years ago
|
Whiteboard: DUPEME
Comment 4•19 years ago
|
||
Checking in regress-310295.js; /cvsroot/mozilla/js/tests/js1_5/Regress/regress-310295.js,v <-- regress-310295.js initial revision: 1.1 done works for me in 1.0.7/1.6. I couldn't find any particular bug fixed in the correct date range. Marking works for me.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Flags: testcase+
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•