Closed
Bug 1234323
Opened 9 years ago
Closed 2 years ago
AddressSanitizer failed to allocate 0x001000000000 bytes. AddressSanitizer's allocator is terminating the process instead of returning 0
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: spandan.veggalam, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0
Build ID: 20151210084639
Steps to reproduce:
var IN_RHINO = inRhino();
try {
if (!IN_RHINO) {
var a1 = Array(0xFFFFFFFF);
a1.sort();
}
} catch (ex) {
}
Actual results:
==15156==WARNING: AddressSanitizer failed to allocate 0x001000000000 bytes
==15156==AddressSanitizer's allocator is terminating the process instead of returning 0
==15156==If you don't like this behavior set allocator_may_return_null=1
==15156==AddressSanitizer CHECK failed: /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_allocator.cc:149 "((0)) != (0)" (0x0, 0x0)
#0 0x48a0cb in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_rtl.cc:69
#1 0x490681 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common.cc:76
#2 0x48f320 in __sanitizer::AllocatorReturnNull() /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_allocator.cc:149
#3 0x483b08 in __interceptor_malloc /builds/slave/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:75
#4 0x54b18d in js_malloc /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/js/src/../../dist/include/js/Utility.h:221
#5 0x54b18d in js_pod_malloc<JS::Value> /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/js/src/../../dist/include/js/Utility.h:407
#6 0x54b18d in maybe_pod_malloc<JS::Value> /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/jsalloc.h:88
#7 0x54b18d in pod_malloc<JS::Value> /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/jsalloc.h:103
#8 0x54b18d in convertToHeapStorage /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/js/src/../../dist/include/mozilla/Vector.h:790
#9 0x54b18d in mozilla::VectorBase<JS::Value, 8ul, js::TempAllocPolicy, js::Vector<JS::Value, 8ul, js::TempAllocPolicy> >::growStorageBy(unsigned long) /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/js/src/../../dist/include/mozilla/Vector.h:881
#10 0x1a01b95 in reserve /builds/slave/m-cen-l64-asan-000000000000000/build/src/obj-firefox/js/src/../../dist/include/mozilla/Vector.h:915
#11 0x1a01b95 in reserve /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/jsapi.h:164
#12 0x1a01b95 in js::array_sort(JSContext*, unsigned int, JS::Value*) /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/jsarray.cpp:1871
#13 0x127d17e in CallJSNative /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/jscntxtinlines.h:235
#14 0x127d17e in js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/vm/Interpreter.cpp:394
#15 0x12b55cd in Interpret(JSContext*, js::RunState&) /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/vm/Interpreter.cpp:2686
#16 0x129583d in js::RunScript(JSContext*, js::RunState&) /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/vm/Interpreter.cpp:341
#17 0x12c8458 in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, JS::Value const&, js::ExecuteType, js::AbstractFramePtr, JS::Value*) /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/vm/Interpreter.cpp:603
#18 0x12c8c08 in js::Execute(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value*) /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/vm/Interpreter.cpp:639
#19 0xef083e in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::Value*) /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/jsapi.cpp:4390
#20 0xef0a1d in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>) /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/jsapi.cpp:4423
#21 0x4b71d8 in RunFile /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/shell/js.cpp:515
#22 0x4b71d8 in Process(JSContext*, char const*, bool, FileKind) /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/shell/js.cpp:728
#23 0x4ab86f in ProcessArgs /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/shell/js.cpp:6141
#24 0x4ab86f in Shell /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/shell/js.cpp:6482
#25 0x4ab86f in main /builds/slave/m-cen-l64-asan-000000000000000/build/src/js/src/shell/js.cpp:6843
#26 0x7f532b23ca3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
#27 0x49b47c in _start (/home/rubbernecker/jsengines/jsshell_asan/js+0x49b47c)
|
Reporter | |
Comment 1•8 years ago
|
||
This is issue found on JS Shell Linx64-debug-asan artifact Expected to throw an error 'InternalError: allocation size overflow'
|
||
Updated•2 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•