Closed Bug 337407 Opened 18 years ago Closed 18 years ago

On tight memory js_NewGCThing can fail to initialize GC thing flags.

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: igor, Assigned: igor)

Details

(Keywords: fixed1.8.0.5, fixed1.8.1)

Attachments

(1 file)

Minimal fix
1005 bytes, patch
brendan
: review+
brendan
: approval-branch-1.8.1+
dveditz
: approval1.8.0.5+
Details | Diff | Splinter Review 
When js_NewGCThing allocations the GC thing from from the last arena tail and js_PushLocalRoot fails due to a tight memory condition, then the flag byte corresponding to the allocated thing would not be initialized. Since after the allocation the sings is within arenaList->lastLimit, GC during the finalization phase would read the uninitialized value.
Attached patch Minimal fixSplinter Review 
The fix should go to Firefox >= 1.5.* branches as well.
Assignee: general → igor.bukanov
Status: NEW → ASSIGNED
Attachment #221566 - Flags: review?(brendan)
Comment on attachment 221566 [details] [diff] [review]
Minimal fix

Safe fix, should ride along.

/be
Attachment #221566 - Flags: review?(brendan)
Attachment #221566 - Flags: review+
Attachment #221566 - Flags: approval1.8.0.5?
Attachment #221566 - Flags: approval-branch-1.8.1+
I committed the fix to the trunk.
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
I committed the fix to MOZILLA_1_8_BRANCH
Keywords: fixed1.8.1
I committed the patch to MOZILLA_1_8_0_BRANCH
Keywords: fixed1.8.0.5
(In reply to comment #5)
> I committed the patch to MOZILLA_1_8_0_BRANCH
> 

Sorry about the commit: I misread the aproval status. Should i take this back?

I reverted the previous commit to MOZILLA_1_8_0_BRANCH to wait until approval resolution.
Keywords: fixed1.8.0.5
Comment on attachment 221566 [details] [diff] [review]
Minimal fix

approved for 1.8.0 branch, a=dveditz for drivers
Attachment #221566 - Flags: approval1.8.0.5? → approval1.8.0.5+
I committed the patch from comment 1 to MOZILLA_1_8_0_BRANCH.
Keywords: fixed1.8.0.5
Flags: in-testsuite-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: