Closed
Bug 345350
Opened 19 years ago
Closed 19 years ago
crash in js_FreeRuntimeScriptState - jsscript.c
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla1.8.1beta2
People
(Reporter: MikeM, Assigned: brendan)
Details
(Keywords: fixed1.8.1)
Attachments
(1 file)
|
769 bytes,
patch
|
mrbkap
:
review+
dbaron
:
approval1.8.1+
|
Details | Diff | Splinter Review |
js_FreeRuntimeScriptState in jsscript.c crashes when doing GC.
Whenever the rt->scriptFilenameTable member is NULL this function attempts to iterate using the NULL pointer.
|
Reporter | |
Comment 1•19 years ago
|
||
|
Assignee | |
Comment 2•19 years ago
|
||
(In reply to comment #0)
> js_FreeRuntimeScriptState in jsscript.c crashes when doing GC.
When shutting down, or really when calling JS_DestroyRuntime, rather.
> Whenever the rt->scriptFilenameTable member is NULL this function attempts to
> iterate using the NULL pointer.
Thanks for filing this. Nominating for 1.8.1.
/be
Assignee: general → brendan
Flags: blocking1.8.1?
|
|
Assignee | |
Comment 3•19 years ago
|
||
Comment on attachment 229983 [details] [diff] [review]
Patch to handle null value.
This was my patch, so mrbkap should review.
/be
Attachment #229983 -
Flags: review?(mrbkap)
|
|
Assignee | |
Updated•19 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → mozilla1.8.1beta2
Flags: blocking1.8.1? → blocking1.8.1+
|
||
Updated•19 years ago
|
Attachment #229983 -
Flags: review?(mrbkap) → review+
|
|
Assignee | |
Comment 4•19 years ago
|
||
Comment on attachment 229983 [details] [diff] [review]
Patch to handle null value.
Null defense, important for embeddings and general correctness, zero risk.
/be
Attachment #229983 -
Flags: approval1.8.1?
|
|
Assignee | |
Comment 5•19 years ago
|
||
Fixed on trunk.
/be
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
||
Updated•19 years ago
|
Flags: in-testsuite-
Comment on attachment 229983 [details] [diff] [review]
Patch to handle null value.
a=dbaron on behalf of drivers. Please check in to MOZILLA_1_8_BRANCH and mark fixed1.8.1 once you have.
Attachment #229983 -
Flags: approval1.8.1? → approval1.8.1+
|
|
Assignee | |
Updated•19 years ago
|
Keywords: fixed1.8.1
|
|
||
Comment 7•19 years ago
|
||
|
|
Assignee | |
Comment 8•19 years ago
|
||
Sorry, I don't see how this null check could have caused a leak. If the runtime's scriptFilenameTable is null, no script filename prefixes can be saved. If it's not null, then prefixes may or may not be in the prefix list. Someone please show cause and effect, or more leak traces, or something more than just guilty hook.
Do we need a separate bug on file? Don't reopen this bug, in any event.
/be
You need to log in
before you can comment on or make changes to this bug.
Description
•