Closed
Bug 533397
Opened 15 years ago
Closed 15 years ago
Debug builds exit when converting "1e-400" to a Number
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla1.9.3a1
Tracking | Status | |
---|---|---|
status1.9.2 | --- | final-fixed |
People
(Reporter: bzbarsky, Assigned: reed)
References
()
Details
Attachments
(1 file)
398 bytes,
patch
|
gal
:
review+
wtc
:
review+
|
Details | Diff | Splinter Review |
Run the testcase in the url field, or this in shell: parseFloat("1e-400") This causes a debug build to print "Zero passed to d2b" and then exit. This seems to come from dtoa.c, which has: 1271 Bug("Zero passed to d2b"); with Bug() defined as: 176 #ifdef DEBUG 177 #include "stdio.h" 178 #define Bug(x) {fprintf(stderr, "%s\n", x); exit(1);} 179 #endif In an opt build I just get 0, as more or less expected. The original testcase I ran into this on was actually passing this string: '{ "very_big_number":1e+400, "very_small_number":1e-400 }' to JSON.parse to hit this bug. Note that jsdtoa and prdtoa have the same code; should I file separate bugs on those?
Comment 1•15 years ago
|
||
I am going to hide this until we had a chance to analyze whats going on behind the scenes. We can reopen if this is harmless.
Group: core-security
Whiteboard: [sg:dos]
Assignee | ||
Comment 2•15 years ago
|
||
This is the JS equivalent of bug 414772. I don't think it's a security issue. We can just use that same patch.
OS: Mac OS X → All
Hardware: x86 → All
Assignee | ||
Comment 3•15 years ago
|
||
Direct port of the patch from bug 414772.
Comment 4•15 years ago
|
||
Looks harmless. Opening up the bug and removing the flags.
Group: core-security
Whiteboard: [sg:dos]
Comment 5•15 years ago
|
||
Comment on attachment 416532 [details] [diff] [review] patch - v1 Stealing. I don't think Blake minds. The code was already reviewed for the other copy of dtoa anyway.
Attachment #416532 -
Flags: review?(mrbkap) → review+
Assignee | ||
Updated•15 years ago
|
Attachment #416532 -
Flags: approval1.9.2?
Assignee | ||
Comment 6•15 years ago
|
||
Requesting approval to land this on trunk and 1.9.2, but I think this may be fine to land on trunk based on the patch being "not part of the Firefox or Fennec builds", as it only affects debug builds, which aren't the normal type of build.
Comment 7•15 years ago
|
||
Yeah, pretty sure you don't need approval. Just land on trunk and 192. Its NPOTB.
Comment 8•15 years ago
|
||
Comment on attachment 416532 [details] [diff] [review] patch - v1 r=wtc.
Attachment #416532 -
Flags: review+
Reporter | ||
Comment 9•15 years ago
|
||
We need to change jsdtoa as well, right?
Assignee | ||
Comment 10•15 years ago
|
||
(In reply to comment #9) > We need to change jsdtoa as well, right? Nope, problem doesn't exist there.
Assignee | ||
Comment 11•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/ce80437ab5bb http://hg.mozilla.org/releases/mozilla-1.9.2/rev/c438ba15483a
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
status1.9.2:
--- → final-fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a1
Reporter | ||
Comment 12•15 years ago
|
||
What about prdtoa.c? That does seem to have the bug.
Comment 13•15 years ago
|
||
bz: prdtoa.c has been fixed in NSPR bug 414772. Since NSPR and JS are separate products, every dtoa bug is covered by an NSPR bug and a JS bug.
Reporter | ||
Comment 14•15 years ago
|
||
Ah, I see. It would have been really nice to file the JS bug when that one was fixed, so I didn't have to re-debug it 3 months later. :( I assume that the NSPR version that bug 414772 was fixed for hasn't been imported into mozilla-central yet?
Comment 15•15 years ago
|
||
The NSPR bug fix is already in mozilla-central, mozilla-1.9.2, and mozilla-1.9.1. This bug is not worth backporting to old release branches, but it piggybacked on the fix for a security vulnerability in dtoa.
Reporter | ||
Comment 16•15 years ago
|
||
Ah, I see. I was confused by the other "zero passed to d2b" that's still there. OK.
Updated•15 years ago
|
Attachment #416532 -
Flags: approval1.9.2?
You need to log in
before you can comment on or make changes to this bug.
Description
•