Closed Bug 362134 Opened 19 years ago Closed 19 years ago

Crash @ dtoa/prdtoa.c when running with reduced CPU float precision

Categories

(NSPR :: NSPR, defect)

Product:
NSPR
Component:
NSPR
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: wtc, Assigned: wtc)

References

Details

(Keywords: fixed1.8.0.10, verified1.8.1.2, Whiteboard: [sg:moderate])

Attachments

(2 files)

Test program that reproduces the crash on Windows
599 bytes, text/plain
Details
Patch by Keith Victor <keith@virtock.com>
751 bytes, patch
Details | Diff | Splinter Review
This crash was first reported in the JavaScript version of prdtoa.c in bug 358569. If the CPU float precision is somehow reduced, the following for loop in dtoa() won't terminate because dval(d) doesn't become 0 due to inaccurate floating-point arithmetic: for(i = 1;; i++, dval(d) *= 10.) { L = (Long)(dval(d) / ds); dval(d) -= L*ds; #ifdef Check_FLT_ROUNDS /* If FLT_ROUNDS == 2, L will usually be high by 1 */ if (dval(d) < 0) { L--; dval(d) += ds; } #endif *s++ = '0' + (int)L; if (!dval(d)) { #ifdef SET_INEXACT inexact = 0; #endif break; } if (i == ilim) { #ifdef Honor_FLT_ROUNDS if (mode > 1) switch(rounding) { case 0: goto ret1; case 2: goto bump_up; } #endif dval(d) += dval(d); if (dval(d) > ds || dval(d) == ds && L & 1) { bump_up: while(*--s == '9') if (s == s0) { k++; *s = '0'; break; } ++*s++; } break; } } goto ret1; }
Flags: wanted1.8.1.x+
Whiteboard: [sg:moderate]
QA Contact: wtchang → nspr
Wan-Teh: when you split this out of the jsdtoa bug, when did you intend to fix it? Not sure why we didn't just do it at the same time given an existing patch.
Flags: blocking1.8.1.2?
Dan, this NSPR bug should not block Mozilla 1.8.1.2. I marked this bug security-sensitive only because the related JavaScript bug 358569 is security-sensitive.
I checked in the patch on the NSPR trunk (NSPR 4.7), the NSPRPUB_PRE_4_2_CLIENT_BRANCH (Mozilla 1.9 Alpha 2), and the NSPR_4_6_BRANCH (NSPR 4.6.5). Checking in prdtoa.c; /cvsroot/mozilla/nsprpub/pr/src/misc/prdtoa.c,v <-- prdtoa.c new revision: 4.4; previous revision: 4.3 done Checking in prdtoa.c; /cvsroot/mozilla/nsprpub/pr/src/misc/prdtoa.c,v <-- prdtoa.c new revision: 3.7.4.9; previous revision: 3.7.4.8 done Checking in prdtoa.c; /cvsroot/mozilla/nsprpub/pr/src/misc/prdtoa.c,v <-- prdtoa.c new revision: 4.3.2.1; previous revision: 4.3 done
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Target Milestone: --- → 4.6.5
WTC: Is there anything left to do in this bug? Did your NSPR checkins fix this? Or do we need to review and land Keith Victor's patch? Please clarify. Thanks!
Jay, The NSPR patch that I checked in is Keith Victor's patch, adapted for NSPR's version of that file. The remaining work is: 1. release NSPR 4.6.5 2. MOZILLA_1_8_BRANCH upgrades to NSPR 4.6.5. We can do this in 1.8.1.2.
Setting blocking, but only to make sure we upgrade to NSPR 4.6.5 in time for 1.8.1.2. Wan-Teh: What is the ETA for the NSPR 4.6.5 release? We are aiming for a 1/18 code freeze for 1.8.1.2.
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.2?
Flags: blocking1.8.1.2+
Jay: I'll make sure to release NSPR 4.6.5 before your code freeze on 1/18.
I checked in the fix when I landed NSPR 4.6.5 Beta 1 on the MOZILLA_1_8_BRANCH today (see bug 363070 comment 11).
Keywords: fixed1.8.1.2
Confirmed use of NSPR 4.6.5 final and NSS 3.11.5 final for 1.8.1 branch. Check in of these versions was made on 2007-01-18. Marking verified 1.8.1.2pre verified.
Keywords: fixed1.8.1.2verified1.8.1.2
The 1.8.0.10 release also used NSPR 4.6.5
Group: security
Keywords: fixed1.8.0.10
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: