Open
Bug 1458035
Opened 6 years ago
Updated 2 years ago
firefox 52 segfault in js
Categories
(Core :: JavaScript: Internationalization API, defect, P3)
Tracking
()
UNCONFIRMED
People
(Reporter: vitalik.perevertun, Unassigned)
References
Details
Attachments
(1 file)
631 bytes,
patch
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Build ID: 20180317190926 Steps to reproduce: <path>/firefox-52.7.2esr/js/src/builtin/Intl.cpp:964 collation = 0x0 jscollation = {<js::RootedBase<JSString*>> = {<No data fields>}, stack = 0x7ffffffe9230, prev = 0xfffa000000000009, ptr = 0x7fffc108c850} element = see patch. possible null access in equal function. https://hg.mozilla.org/releases/mozilla-esr52/file/tip/js/src/builtin/Intl.cpp#l670 https://hg.mozilla.org/releases/mozilla-esr52/file/tip/js/src/builtin/Intl.cpp#l964
Reporter | ||
Comment 1•6 years ago
|
||
Comment 2•6 years ago
|
||
Based on the bugs fixed/revisions of the files containing the issue, the bug probably belongs to the Core - JavaScript: internationalization API. I have set the component accordingly. Please set it correctly if it does not belong there.
Component: Untriaged → JavaScript: Internationalization API
Product: Firefox → Core
Comment 3•6 years ago
|
||
Unless this is a self-built Firefox with system-ICU using ICU58 [1], this could be another issue where ICU doesn't report OOM errors [2,3]. In that case we probably need to handle null-pointer returns from uenum_next() explicitly in js::intl_availableCollations() and js::intl_availableCalendars(). Or we remove the uenum_count() call and instead stop enumeration when the first null-pointer was seen (which then means we either have traversed the complete enumerator or ICU OOM-ed without setting an error status). (We already do the latter in all other cases when we enumerate over ICU enumerators, because uenum_count() is actually documented as potentially being expensive [4], so we avoid it elsewhere...) [1] http://bugs.icu-project.org/trac/ticket/12827 [2] http://bugs.icu-project.org/trac/ticket/13712 [3] http://bugs.icu-project.org/trac/ticket/13739 [4] http://icu-project.org/apiref/icu4c/uenum_8h.html#a8be6db20419d79ecdd71e717a9521773
Reporter | ||
Comment 4•6 years ago
|
||
I have another bug (possible null access) in js. 52 Branch is already closed for bug fix? Or i can write here about this bug?
Updated•5 years ago
|
Priority: -- → P2
Updated•2 years ago
|
Severity: normal → S3
Priority: P2 → P3
You need to log in
before you can comment on or make changes to this bug.
Description
•