292324 - ArrayIndexOutOfBoundsException while compiling a script

Status: RESOLVED FIXED

(Rhino Graveyard :: Compiler, defect)

Description

[Attila Szegedi]

User-Agent:       Opera/8.0 (Windows NT 5.0; U; en)
Build Identifier: 

An attempt to compile the attached script will throw an 
ArrayIndexOutOfBoundsException in the interpreter. 


Reproducible: Always

Steps to Reproduce:
1. Paste the attached function definition into a Rhino console (you might have 
to do it twice as first time it will complain "java.io.IOException: Not enough 
storage is available to process this command" - ignore it, and paste the 
function code once more)
2.
3.

Actual Results:  
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 1024
        at org.mozilla.javascript.Interpreter.recordJump(Interpreter.java:1524)
        at org.mozilla.javascript.Interpreter.addGoto(Interpreter.java:1456)
        at org.mozilla.javascript.Interpreter.visitStatement(Interpreter.java:
719)
        at org.mozilla.javascript.Interpreter.visitStatement(Interpreter.java:
652)
        at org.mozilla.javascript.Interpreter.visitStatement(Interpreter.java:
673)
        at org.mozilla.javascript.Interpreter.visitStatement(Interpreter.java:
652)
        at org.mozilla.javascript.Interpreter.generateICodeFromTree(Interpreter.
java:502)
        at org.mozilla.javascript.Interpreter.generateFunctionICode(Interpreter.
java:493)
        at org.mozilla.javascript.Interpreter.
generateNestedFunctions(Interpreter.java:577)
        at org.mozilla.javascript.Interpreter.generateICodeFromTree(Interpreter.
java:498)
        at org.mozilla.javascript.Interpreter.compile(Interpreter.java:455)
        at org.mozilla.javascript.Context.compileImpl(Context.java:2220)
        at org.mozilla.javascript.Context.compileString(Context.java:1284)
        at org.mozilla.javascript.Context.compileString(Context.java:1273)
        at org.mozilla.javascript.Context.evaluateString(Context.java:1129)
        at org.mozilla.javascript.tools.shell.Main.evaluateScript(Main.java:453)
        at org.mozilla.javascript.tools.shell.Main.processSource(Main.java:341)
        at org.mozilla.javascript.tools.shell.Main.processFiles(Main.java:160)
        at org.mozilla.javascript.tools.shell.Main$IProxy.run(Main.java:83)
        at org.mozilla.javascript.Context.call(Context.java:528)
        at org.mozilla.javascript.ContextFactory.call(ContextFactory.java:414)
        at org.mozilla.javascript.tools.shell.Main.exec(Main.java:140)
        at org.mozilla.javascript.tools.shell.Main.main(Main.java:112)


Expected Results:  
Should have silently compiled the function.

Comment 1

[Attila Szegedi]

Attachment: A function definition that causes the Rhino to crash

A trivial change to the script, i.e. rewriting

    f2("a0=" + a0);

to

    f2("a0=");

or even
 
    var x = "a0=" + a0;
    f2(x);

will make the compilation succeed. So, while it can be worked around, it should
be fixed as there's no guarantee that the compiled code is correct if the
script compiler otherwise has a bug.

Comment 2

[Grzegorz Lukasik]

*** Bug 296959 has been marked as a duplicate of this bug. ***

Comment 3

[Grzegorz Lukasik]

(In reply to comment #2)
> *** Bug 296959 has been marked as a duplicate of this bug. ***

On this second page with description of bug 296959 there is proposed solution
for it.

Comment 4

[Attila Szegedi]

Attachment: Committable patch, based on the fix proposed by hauserx@gmail.com

Thanks a lot - I transformed your proposal into a committable patch. Hopefully
sooner or later a Rhino committer will come along and commit it to CVS.

Comment 5

[Attila Szegedi]

Attachment: Committable patch, based on the fix proposed by hauserx@gmail.com

Forget the previous one, mistakenly attached whole Interpreter.java instead of
just the diff :-[

Comment 6

[Grzegorz Lukasik]

There is a bug in the patch i have proposed, it should be:

            int capacity = itsData.itsICode.length;
            int capacityNeeded = offsetSite+2;
            if( capacity<capacityNeeded) {
                increaseICodeCapasity( capacityNeeded-itsICodeTop);
            }
                                                      ^^^^^^^^^^^
Instead of:

            int capacity = itsData.itsICode.length;
            int capacityNeeded = offsetSite+2;
            if( capacity<capacityNeeded) {
                increaseICodeCapasity( capacityNeeded-capacity);
            }
                                                      ^^^^^^^^ 

Comment 7

[Igor Bukanov]

(In reply to comment #6)
> There is a bug in the patch i have proposed, it should be:
> 
>             int capacity = itsData.itsICode.length;
>             int capacityNeeded = offsetSite+2;
>             if( capacity<capacityNeeded) {
>                 increaseICodeCapasity( capacityNeeded-itsICodeTop);
>             }
>                                                       ^^^^^^^^^^^

Note that the version of patch from Attila already contains the proper fix.

Comment 8

[Igor Bukanov]

(In reply to comment #5)
> Created an attachment (id=185597) [edit]
> Committable patch, based on the fix proposed by hauserx@gmail.com
> 

I committed the patch.