Closed Bug 276480 Opened 20 years ago Closed 20 years ago

JS_DestroyContext wants to destroy system pointer?

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: blaubaer, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.5) Gecko/20041108 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.5) Gecko/20041108 Firefox/1.0

JS_DestroyContext want's to destroy system pointer?

I have includet the JavaScript engine (RC6a) in an plugin from Half-Life Source.
When i shut down the server, the plugin (.so under linux or .dll under windows)
want's to destroy pointers of the server, too. and then the server crashes.
JS_DestroyContext is called when the Server-Engine calls the function Unload(void);

I use the normal version without modifications. I tried a few things, but I
can't fix that problem.

I just init the context and runtime with following lines:
+++BEGIN+++
rt = JS_NewRuntime(64L * 1024L * 1024L);
    if (!rt)
	{Msg("Isis_Mod::Load: JS_NewRuntime faild!\n");return false;}

	Msg("StackChunkSize: %d\n",gStackChunkSize);
    cx = JS_NewContext(rt, gStackChunkSize);
    if (!cx)
	{Msg("Isis_Mod::Load: JS_NewContext faild!\n");return false;}

    JS_SetErrorReporter(cx, my_ErrorReporter);

    glob = JS_NewObject(cx, &global_class, NULL, NULL);
    if (!glob)
	{Msg("Isis_Mod::Load: JS_NewObject faild!\n");return false;}

    if (!JS_InitStandardClasses(cx, glob))
	{Msg("Isis_Mod::Load: JS_InitStandardClasses faild!\n");return false;}

    if (!JS_DefineFunctions(cx, glob, shell_functions))
	{Msg("Isis_Mod::Load: JS_DefineFunctions faild!\n");return false;}

    JS_SetVersion(cx, (JSVersion)JS_VERSION);
+++END+++

I do nothing else and than i shut down the server...
+++BEGIN+++
   JS_DestroyContext(cx);
   JS_DestroyRuntime(rt);
   JS_ShutDown();
+++END+++

Here the Debuglog from Visual C++ 7.0:
+++BEGIN+++
 	msvcr70d.dll!free(void * pUserData=0x05d7afe0)  Line 1025 + 0xb	C
>	js32.dll!js_PurgeDeflatedStringCache(JSString * str=0x06255838)  Line 2639 + 0xd	C
 	js32.dll!js_FinalizeStringRT(JSRuntime * rt=0x010847f0, JSString *
str=0x06255838)  Line 2670 + 0x9	C
 	js32.dll!js_FinalizeString(JSContext * cx=0x061873f8, JSString *
str=0x06255838)  Line 2649 + 0x10	C
 	js32.dll!js_GC(JSContext * cx=0x061873f8, unsigned int gcflags=0)  Line 1324
+ 0xb	C
 	js32.dll!js_ForceGC(JSContext * cx=0x061873f8, unsigned int gcflags=0)  Line
1000 + 0xd	C
 	js32.dll!js_DestroyContext(JSContext * cx=0x061873f8, JSGCMode
gcmode=JS_FORCE_GC)  Line 253 + 0xb	C
 	js32.dll!JS_DestroyContext(JSContext * cx=0x061873f8)  Line 928 + 0xb	C
 	isismod.dll!Isis_Mod::Unload()  Line 279 + 0x19	C++
+++END+++

Thx for help
please report me some fix :)

Reproducible: Always

Steps to Reproduce:
1. look above
Actual Results:  
JS_DestroyContext want's to destroy system pointer?
can you run purify (win/lin) or valgrind (lin) to get a stack trace for when the
memory was allocated?
Summary: JS_DestroyContext want's to destroy system pointer? → JS_DestroyContext wants to destroy system pointer?
Don't call free on memory returned by JS_GetStringBytes; don't pass memory you
don't disown to JS_NewString.

If you look at the JSString at 0x06255838, what are its length and characters?

I'm marking INVALID and suggesting you take this to the
news://news.mozilla.org/netscape.public.mozilla.jseng group, where we can debug
jointly and maybe help others avoid the same API mistakes.

/be
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.