Closed
Bug 283439
Opened 19 years ago
Closed 19 years ago
Crash with evil XML: double free or corruption
Categories
(Core :: JavaScript Engine, defect, P1)
Tracking
()
RESOLVED
DUPLICATE
of bug 283064
mozilla1.8beta2
People
(Reporter: igor, Assigned: brendan)
Details
(Keywords: js1.5)
Attachments
(2 files)
When I run the attched test case in js shell with passing explicit stack limit of 500000 which should trigger DeutschSchorrWaite implementation, I got: ~/w/js/mozilla/js/src> ./Linux_All_DBG.OBJ/js -x -S 500000 ~/s/x.js before 2703384, after 135036, break 09146000 *** glibc detected *** double free or corruption (out): 0x08cb3788 *** Aborted
Reporter | ||
Comment 1•19 years ago
|
||
Updated•19 years ago
|
Summary: Crash with evil XML: double free or corruption → Crash with evil XML: double free or corruption
Assignee | ||
Comment 2•19 years ago
|
||
Sorry, been up late sweating the warring-.xpt-files hell behind bug 280084. I'll look at this today. /be
Reporter | ||
Comment 4•19 years ago
|
||
Reporter | ||
Comment 5•19 years ago
|
||
Note that without -S flag the test case runs OK. And with the flag it crashes with or without patch for bug 280844. So it can be another bug in DeutschSchorrWaite from jsgc.c
Reporter | ||
Comment 6•19 years ago
|
||
This is the dupe indeed. *** This bug has been marked as a duplicate of 283064 ***
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•