Closed Bug 1695005 Opened 4 years ago Closed 4 years ago

selfhosted XDR decoding asserts if it cannot load file

Categories

(Core :: JavaScript Engine, defect, P1)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
88 Branch
Tracking Flags:
Tracking Status
firefox88 --- fixed

People

(Reporter: sfink, Assigned: nbp, NeedInfo)

Details

Attachments

(1 file)

Bug 1695005 - ReadSelfHostedXDRFile: fallback to parsing on failure.
48 bytes, text/x-phabricator-request
Details | Review 
js --selfhosted-xdr-path /tmp/nonexistent-file --selfhosted-xdr-mode decode -e 1
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==3135389==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x0000000002e4 (pc 0x5604325717ec bp 0x7fff0c7ed0c0 sp 0x7fff0c7ed0c0 T3135389)
==3135389==The signal is caused by a READ memory access.
==3135389==Hint: address points to the zero page.
    #0 0x5604325717ec in JS::Realm::isSelfHostingRealm() const /home/sfink/src/mozilla4/js/src/vm/Realm.h:508:44
    #1 0x56043254a7be in js::ErrorToException(JSContext*, JSErrorReport*, JSErrorFormatString const* (*)(void*, unsigned int), void*) /home/sfink/src/mozilla4/js/src/jsexn.cpp:294:20
    #2 0x56043266cd04 in ReportError(JSContext*, JSErrorReport*, JSErrorFormatString const* (*)(void*, unsigned int), void*) /home/sfink/src/mozilla4/js/src/vm/ErrorReporting.cpp:165:3
    #3 0x56043266d3d7 in js::ReportErrorVA(JSContext*, js::IsWarning, char const*, js::ErrorArgumentsType, __va_list_tag*) /home/sfink/src/mozilla4/js/src/vm/ErrorReporting.cpp:567:3
    #4 0x560432bef604 in JS_ReportErrorUTF8(JSContext*, char const*, ...) /home/sfink/src/mozilla4/js/src/jsapi.cpp:4739:3
    #5 0x5604321484f3 in ReadSelfHostedXDRFile(JSContext*, mozilla::Vector<unsigned char, 8ul, js::TempAllocPolicy>&) /home/sfink/src/mozilla4/js/src/shell/js.cpp:11351:5
    #6 0x560432143d1d in main /home/sfink/src/mozilla4/js/src/shell/js.cpp:12100:10
    #7 0x7fb6f199d1e1 in __libc_start_main (/lib64/libc.so.6+0x281e1)
    #8 0x5604321179fd in _start (/home/sfink/src/mozilla4/obj-debug-js/dist/bin/js+0x1ff29fd)

The problem is that it tries to report an error before the cx has entered a realm, so it seg faults when accessing cx->realm()->isSelfHostingRealm() in js::ErrorToException. Either it should fall back to printing to stderr if !cx->realm(), or it shouldn't do this via an exception in the first place.

Flags: needinfo?(nicolas.b.pierron)

Good catch!

I think I will change the code to print on stderr as you suggested, and also remove the following MOZ_CRASH such that it fallback on parsing, which I think would be a good default for testing.

Assignee: nobody → nicolas.b.pierron
Severity: -- → S4
Status: NEW → ASSIGNED
Priority: P3 → P1
Pushed by lando_landing_worker@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2265f1fda746 ReadSelfHostedXDRFile: fallback to parsing on failure. r=sfink

https://hg.mozilla.org/mozilla-central/rev/2265f1fda746

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox88: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 88 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: