Closed Bug 131817 Opened 23 years ago Closed 23 years ago

OOM in AllocSrcNote causes crash in js_NewSrcNote

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: scole, Assigned: khanson)

Details

Attachments

(1 file)

Fix the return value checking.
446 bytes, patch
khanson
: review+
brendan
: superreview+
scc
: approval+
Details | Diff | Splinter Review
Here's another one... Looks like js_NewSrcNote isn't paying attention to return values like it should. Memory Failure Location: JS_ArenaAllocate(JSArenaPool * 0x00163cfc, unsigned int 0x00000040) line 189 + 9 bytes AllocSrcNote(JSContext * 0x00163ca8, JSCodeGenerator * 0x0012ebf8) line 3895 + 73 bytes js_NewSrcNote(JSContext * 0x00163ca8, JSCodeGenerator * 0x0012ebf8, int 0x00000017) line 3923 + 13 bytes js_NewSrcNote2(JSContext * 0x00163ca8, JSCodeGenerator * 0x0012ebf8, int 0x00000017, int 0x0000001c) line 3964 + 17 bytes js_EmitTree(JSContext * 0x00163ca8, JSCodeGenerator * 0x0012ebf8, JSParseNode * 0x0015a4b8) line 1843 + 107 bytes Statements(JSContext * 0x00163ca8, JSTokenStream * 0x0015a140, JSTreeContext * 0x0012ebf8) line 915 + 61 bytes js_CompileTokenStream(JSContext * 0x00163ca8, JSObject * 0x00157740, JSTokenStream * 0x0015a140, JSCodeGenerator * 0x0012ebf8) line 392 + 17 bytes CompileTokenStream(JSContext * 0x00163ca8, JSObject * 0x00157740, JSTokenStream * 0x0015a140, void * 0x00163d28, int * 0x00000000) line 2834 + 24 bytes JS_CompileFileHandleForPrincipals(JSContext * 0x00163ca8, JSObject * 0x00157740, const char * 0x00301bd4, _iobuf * 0x10261888, JSPrincipals * 0x00000000) line 3014 + 23 bytes JS_CompileFileHandle(JSContext * 0x00163ca8, JSObject * 0x00157740, const char * 0x00301bd4, _iobuf * 0x10261888) line 2991 + 23 bytes Process(JSContext * 0x00163ca8, JSObject * 0x00157740, char * 0x00301bd4) line 333 + 25 bytes ProcessArgs(JSContext * 0x00163ca8, JSObject * 0x00157740, char * * 0x00301b94, int 0x00000004) line 486 + 17 bytes orig_main(int 0x00000004, char * * 0x00301b94) line 2134 + 21 bytes main(int 0x00000005, char * * 0x00301b90) line 2162 + 13 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77f1bbb5() Crash Location: (sn = 0xffffffff) js_NewSrcNote(JSContext * 0x00163ca8, JSCodeGenerator * 0x0012ebf8, int 0x00000017) line 3950 + 17 bytes js_NewSrcNote2(JSContext * 0x00163ca8, JSCodeGenerator * 0x0012ebf8, int 0x00000017, int 0x0000001c) line 3964 + 17 bytes js_EmitTree(JSContext * 0x00163ca8, JSCodeGenerator * 0x0012ebf8, JSParseNode * 0x0015a4b8) line 1843 + 107 bytes Statements(JSContext * 0x00163ca8, JSTokenStream * 0x0015a140, JSTreeContext * 0x0012ebf8) line 915 + 61 bytes js_CompileTokenStream(JSContext * 0x00163ca8, JSObject * 0x00157740, JSTokenStream * 0x0015a140, JSCodeGenerator * 0x0012ebf8) line 392 + 17 bytes CompileTokenStream(JSContext * 0x00163ca8, JSObject * 0x00157740, JSTokenStream * 0x0015a140, void * 0x00163d28, int * 0x00000000) line 2834 + 24 bytes JS_CompileFileHandleForPrincipals(JSContext * 0x00163ca8, JSObject * 0x00157740, const char * 0x00301bd4, _iobuf * 0x10261888, JSPrincipals * 0x00000000) line 3014 + 23 bytes JS_CompileFileHandle(JSContext * 0x00163ca8, JSObject * 0x00157740, const char * 0x00301bd4, _iobuf * 0x10261888) line 2991 + 23 bytes Process(JSContext * 0x00163ca8, JSObject * 0x00157740, char * 0x00301bd4) line 333 + 25 bytes ProcessArgs(JSContext * 0x00163ca8, JSObject * 0x00157740, char * * 0x00301b94, int 0x00000004) line 486 + 17 bytes orig_main(int 0x00000004, char * * 0x00301b94) line 2134 + 21 bytes main(int 0x00000005, char * * 0x00301b90) line 2162 + 13 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77f1bbb5()
This fix makes my test work for me...
Thanks, hope that was the last unchecked return. /be
Comment on attachment 74900 [details] [diff] [review] Fix the return value checking. Kenton, can you r= and mail drivers for a=, then check in, citing scole@planetweb.com as the patch contributor? Thanks, /be
Attachment #74900 - Flags: superreview+
Comment on attachment 74900 [details] [diff] [review] Fix the return value checking. r=khanson
Attachment #74900 - Flags: review+
Comment on attachment 74900 [details] [diff] [review] Fix the return value checking. a=scc
Attachment #74900 - Flags: approval+
Fixed
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Marking Verified per Steven's Comment #1 -
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: