673662 - mozjs185-1.0.dll: Access violation writing location 0x00000000.

Status: RESOLVED WORKSFORME

(Core :: JavaScript Engine, defect)

Description

[Mike Mestnik]

User Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30

Steps to reproduce:

[1]"Perlito" MiniPerl6 [2]Compiler passed to SpiderMonky's JS_CompileFile.
1. http://www.perlito.org/js/
2. http://www.perlito.org/js/perlito.js



Actual results:

First-chance exception at 0x58c3f30a (mozjs185-1.0.dll) in Cmd.exe: 0xC0000005: Access violation writing location 0x00000000.
Unhandled exception at 0x58c3f30a (mozjs185-1.0.dll) in Cmd.exe: 0xC0000005: Access violation writing location 0x00000000.

 	mozjs185-1.0.dll!JS_Assert(const char * s, const char * file, int ln)  Line 73	C++
 	mozjs185-1.0.dll!js::MarkThreadDataConservatively(JSTracer * trc, JSThreadData * td)  Line 757 + 0x1e bytes	C++
 	mozjs185-1.0.dll!js::MarkConservativeStackRoots(JSTracer * trc)  Line 798 + 0x18 bytes	C++
 	mozjs185-1.0.dll!js::MarkRuntime(JSTracer * trc)  Line 1649 + 0x9 bytes	C++
 	mozjs185-1.0.dll!MarkAndSweep(JSContext * cx, JSGCInvocationKind gckind)  Line 2411 + 0x9 bytes	C++
 	mozjs185-1.0.dll!GCUntilDone(JSContext * cx, JSCompartment * comp, JSGCInvocationKind gckind)  Line 2755 + 0xd bytes	C++
 	mozjs185-1.0.dll!js_GC(JSContext * cx, JSCompartment * comp, JSGCInvocationKind gckind)  Line 2824 + 0x11 bytes	C++
 	mozjs185-1.0.dll!RunLastDitchGC(JSContext * cx)  Line 1114 + 0x15 bytes	C++
 	mozjs185-1.0.dll!RefillTypedFreeList<JSFunction>(JSContext * cx, unsigned int thingKind)  Line 1134 + 0x9 bytes	C++
 	mozjs185-1.0.dll!RefillFinalizableFreeList(JSContext * cx, unsigned int thingKind)  Line 1197 + 0xd bytes	C++
 	mozjs185-1.0.dll!NewFinalizableGCThing<JSFunction>(JSContext * cx, unsigned int thingKind)  Line 127 + 0xd bytes	C++
 	mozjs185-1.0.dll!js_NewGCFunction(JSContext * cx)  Line 168 + 0xb bytes	C++
>	mozjs185-1.0.dll!js::detail::NewObject<0,1>(JSContext * cx, js::Class * clasp, JSObject * proto, JSObject * parent, js::gc::FinalizeKind kind)  Line 1081 + 0x12 bytes	C++
 	mozjs185-1.0.dll!js::NewFunction(JSContext * cx, JSObject * parent)  Line 1115 + 0x16 bytes	C++
 	mozjs185-1.0.dll!js_NewFunction(JSContext * cx, JSObject * funobj, int (JSContext *, unsigned int, js::Value *)* native, unsigned int nargs, unsigned int flags, JSObject * parent, JSAtom * atom)  Line 2729 + 0xd bytes	C++
 	mozjs185-1.0.dll!js::Parser::newFunction(JSTreeContext * tc, JSAtom * atom, unsigned int lambda)  Line 2011 + 0x24 bytes	C++
 	mozjs185-1.0.dll!EnterFunction(JSParseNode * fn, JSTreeContext * funtc, JSAtom * funAtom, unsigned int lambda)  Line 2677 + 0x17 bytes	C++
 	mozjs185-1.0.dll!js::Parser::functionDef(JSAtom * funAtom, js::Parser::FunctionType type, unsigned int lambda)  Line 3154 + 0x1b bytes	C++
 	mozjs185-1.0.dll!js::Parser::functionExpr()  Line 3403	C++
 	mozjs185-1.0.dll!js::Parser::primaryExpr(js::TokenKind tt, int afterDot)  Line 8408 + 0xb bytes	C++
 	mozjs185-1.0.dll!js::Parser::memberExpr(int allowCallSyntax)  Line 7526 + 0xe bytes	C++
 	mozjs185-1.0.dll!js::Parser::unaryExpr()  Line 6890 + 0xa bytes	C++
 	mozjs185-1.0.dll!js::Parser::mulExpr()  Line 6724 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::addExpr()  Line 6710 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::shiftExpr()  Line 6699 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::relExpr()  Line 6677 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::eqExpr()  Line 6658 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::bitAndExpr()  Line 6649 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::bitXorExpr()  Line 6640 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::bitOrExpr()  Line 6631 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::andExpr()  Line 6622 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::orExpr()  Line 6613 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::condExpr()  Line 6578 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::assignExpr()  Line 6500 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::assignExpr()  Line 6555 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::expr()  Line 6464 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::expressionStatement()  Line 5870 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::statement()  Line 6274 + 0xb bytes	C++
 	mozjs185-1.0.dll!js::Parser::statements()  Line 3509 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::statement()  Line 6204 + 0xb bytes	C++
 	mozjs185-1.0.dll!js::Parser::statement()  Line 5984 + 0xb bytes	C++
 	mozjs185-1.0.dll!js::Parser::statements()  Line 3509 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::functionBody()  Line 1538 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::functionDef(JSAtom * funAtom, js::Parser::FunctionType type, unsigned int lambda)  Line 3215 + 0xb bytes	C++
 	mozjs185-1.0.dll!js::Parser::functionExpr()  Line 3403	C++
 	mozjs185-1.0.dll!js::Parser::primaryExpr(js::TokenKind tt, int afterDot)  Line 8408 + 0xb bytes	C++
 	mozjs185-1.0.dll!js::Parser::memberExpr(int allowCallSyntax)  Line 7526 + 0xe bytes	C++
 	mozjs185-1.0.dll!js::Parser::unaryExpr()  Line 6890 + 0xa bytes	C++
 	mozjs185-1.0.dll!js::Parser::mulExpr()  Line 6724 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::addExpr()  Line 6710 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::shiftExpr()  Line 6699 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::relExpr()  Line 6677 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::eqExpr()  Line 6658 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::bitAndExpr()  Line 6649 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::bitXorExpr()  Line 6640 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::bitOrExpr()  Line 6631 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::andExpr()  Line 6622 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::orExpr()  Line 6613 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::condExpr()  Line 6578 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::assignExpr()  Line 6500 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::expr()  Line 6464 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::bracketedExpr()  Line 7710 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::parenExpr(int * genexp)  Line 9018 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::primaryExpr(js::TokenKind tt, int afterDot)  Line 8765 + 0xf bytes	C++
 	mozjs185-1.0.dll!js::Parser::memberExpr(int allowCallSyntax)  Line 7526 + 0xe bytes	C++
 	mozjs185-1.0.dll!js::Parser::unaryExpr()  Line 6890 + 0xa bytes	C++
 	mozjs185-1.0.dll!js::Parser::mulExpr()  Line 6724 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::addExpr()  Line 6710 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::shiftExpr()  Line 6699 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::relExpr()  Line 6677 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::eqExpr()  Line 6658 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::bitAndExpr()  Line 6649 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::bitXorExpr()  Line 6640 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::bitOrExpr()  Line 6631 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::andExpr()  Line 6622 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::orExpr()  Line 6613 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::condExpr()  Line 6578 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::assignExpr()  Line 6500 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::expr()  Line 6464 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::expressionStatement()  Line 5870 + 0x8 bytes	C++
 	mozjs185-1.0.dll!js::Parser::statement()  Line 6274 + 0xb bytes	C++
 	mozjs185-1.0.dll!js::Compiler::compileScript(JSContext * cx, JSObject * scopeChain, JSStackFrame * callerFrame, JSPrincipals * principals, unsigned int tcflags, const wchar_t * chars, unsigned int length, const char * filename, unsigned int lineno, JSVersion version, JSString * source, unsigned int staticLevel)  Line 1017 + 0x8 bytes	C++
 	mozjs185-1.0.dll!CompileFileHelper(JSContext * cx, JSObject * obj, JSPrincipals * principals, const char * filename, _iobuf * fp)  Line 4716 + 0x32 bytes	C++
 	mozjs185-1.0.dll!JS_CompileFile(JSContext * cx, JSObject * obj, const char * filename)  Line 4749 + 0x17 bytes	C++
 	Cmd.exe!Core::Script::Script(const wchar_t * path, Core::Engine * engine)  Line 47 + 0x1f bytes	C++
 	Cmd.exe!Core::Engine::CompileScript(const wchar_t * file, bool recompile)  Line 104 + 0x3b bytes	C++
 	Cmd.exe!mod_load(JSContext * cx, unsigned int argc, jsval_layout * vp)  Line 54 + 0x1d bytes	C++
 	mozjs185-1.0.dll!js::CallJSNative(JSContext * cx, int (JSContext *, unsigned int, js::Value *)* native, unsigned int argc, js::Value * vp)  Line 701 + 0xf bytes	C++
 	mozjs185-1.0.dll!js::Interpret(JSContext * cx, JSStackFrame * entryFrame, unsigned int inlineCallCount, JSInterpMode interpMode)  Line 4799 + 0x21 bytes	C++
 	mozjs185-1.0.dll!js::RunScript(JSContext * cx, JSScript * script, JSStackFrame * fp)  Line 653 + 0x11 bytes	C++
 	mozjs185-1.0.dll!js::Execute(JSContext * cx, JSObject * chain, JSScript * script, JSStackFrame * prev, unsigned int flags, js::Value * result)  Line 1028 + 0x16 bytes	C++
 	mozjs185-1.0.dll!JS_ExecuteScript(JSContext * cx, JSObject * obj, JSObject * scriptObj, jsval_layout * rval)  Line 4998 + 0x27 bytes	C++
 	Cmd.exe!Core::Script::MainProc(void * args)  Line 191 + 0x21 bytes	C++
 	msvcr100d.dll!_callthreadstart()  Line 259 + 0xf bytes	C
 	msvcr100d.dll!_threadstart(void * ptd)  Line 243	C
 	kernel32.dll!772cd309() 	
 	[Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll]	
 	ntdll.dll!775416c3() 	
 	ntdll.dll!77541696() 	



Expected results:

Any thing other then an exception.  If the data passed to this function needs to be validated, then a function to perform this validation is needed.  One should be reasonably safe passing /dev/random to this function, in that it should *eventually* return with an error.

I'm not asking that this program be made to work with SpiderMonky, just that it not try to write to location 0x00000000.

Comment 1

[Mike Mestnik]

Sorry, changed the number(memory) passed to JS_NewRuntime and it works now.  Still could be a bit more descriptive about what is going on.