Closed
Bug 362134
Opened 19 years ago
Closed 19 years ago
Crash @ dtoa/prdtoa.c when running with reduced CPU float precision
Categories
(NSPR :: NSPR, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
4.6.5
People
(Reporter: wtc, Assigned: wtc)
References
Details
(Keywords: fixed1.8.0.10, verified1.8.1.2, Whiteboard: [sg:moderate])
Attachments
(2 files)
599 bytes,
text/plain
|
Details | |
751 bytes,
patch
|
Details | Diff | Splinter Review |
This crash was first reported in the JavaScript version of
prdtoa.c in bug 358569.
If the CPU float precision is somehow reduced, the following for
loop in dtoa() won't terminate because dval(d) doesn't become 0
due to inaccurate floating-point arithmetic:
for(i = 1;; i++, dval(d) *= 10.) {
L = (Long)(dval(d) / ds);
dval(d) -= L*ds;
#ifdef Check_FLT_ROUNDS
/* If FLT_ROUNDS == 2, L will usually be high by 1 */
if (dval(d) < 0) {
L--;
dval(d) += ds;
}
#endif
*s++ = '0' + (int)L;
if (!dval(d)) {
#ifdef SET_INEXACT
inexact = 0;
#endif
break;
}
if (i == ilim) {
#ifdef Honor_FLT_ROUNDS
if (mode > 1)
switch(rounding) {
case 0: goto ret1;
case 2: goto bump_up;
}
#endif
dval(d) += dval(d);
if (dval(d) > ds || dval(d) == ds && L & 1) {
bump_up:
while(*--s == '9')
if (s == s0) {
k++;
*s = '0';
break;
}
++*s++;
}
break;
}
}
goto ret1;
}
Assignee | ||
Comment 1•19 years ago
|
||
Assignee | ||
Comment 2•19 years ago
|
||
Updated•19 years ago
|
Flags: wanted1.8.1.x+
Whiteboard: [sg:moderate]
Updated•19 years ago
|
QA Contact: wtchang → nspr
Comment 3•19 years ago
|
||
Wan-Teh: when you split this out of the jsdtoa bug, when did you intend to fix it? Not sure why we didn't just do it at the same time given an existing patch.
Flags: blocking1.8.1.2?
Assignee | ||
Comment 4•19 years ago
|
||
Dan, this NSPR bug should not block Mozilla 1.8.1.2. I marked
this bug security-sensitive only because the related JavaScript
bug 358569 is security-sensitive.
Assignee | ||
Comment 5•19 years ago
|
||
I checked in the patch on the NSPR trunk (NSPR 4.7), the
NSPRPUB_PRE_4_2_CLIENT_BRANCH (Mozilla 1.9 Alpha 2), and
the NSPR_4_6_BRANCH (NSPR 4.6.5).
Checking in prdtoa.c;
/cvsroot/mozilla/nsprpub/pr/src/misc/prdtoa.c,v <-- prdtoa.c
new revision: 4.4; previous revision: 4.3
done
Checking in prdtoa.c;
/cvsroot/mozilla/nsprpub/pr/src/misc/prdtoa.c,v <-- prdtoa.c
new revision: 3.7.4.9; previous revision: 3.7.4.8
done
Checking in prdtoa.c;
/cvsroot/mozilla/nsprpub/pr/src/misc/prdtoa.c,v <-- prdtoa.c
new revision: 4.3.2.1; previous revision: 4.3
done
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Target Milestone: --- → 4.6.5
Comment 6•19 years ago
|
||
WTC: Is there anything left to do in this bug? Did your NSPR checkins fix this? Or do we need to review and land Keith Victor's patch? Please clarify. Thanks!
Assignee | ||
Comment 7•19 years ago
|
||
Jay,
The NSPR patch that I checked in is Keith Victor's patch,
adapted for NSPR's version of that file.
The remaining work is:
1. release NSPR 4.6.5
2. MOZILLA_1_8_BRANCH upgrades to NSPR 4.6.5. We can do
this in 1.8.1.2.
Comment 8•19 years ago
|
||
Setting blocking, but only to make sure we upgrade to NSPR 4.6.5 in time for 1.8.1.2.
Wan-Teh: What is the ETA for the NSPR 4.6.5 release? We are aiming for a 1/18 code freeze for 1.8.1.2.
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.2?
Flags: blocking1.8.1.2+
Assignee | ||
Comment 9•19 years ago
|
||
Jay: I'll make sure to release NSPR 4.6.5 before your code freeze on 1/18.
Assignee | ||
Comment 10•18 years ago
|
||
I checked in the fix when I landed NSPR 4.6.5 Beta 1 on the
MOZILLA_1_8_BRANCH today (see bug 363070 comment 11).
Keywords: fixed1.8.1.2
Comment 11•18 years ago
|
||
Confirmed use of NSPR 4.6.5 final and NSS 3.11.5 final for 1.8.1 branch. Check in of these versions was made on 2007-01-18.
Marking verified 1.8.1.2pre verified.
Keywords: fixed1.8.1.2 → verified1.8.1.2
Comment 12•18 years ago
|
||
The 1.8.0.10 release also used NSPR 4.6.5
Group: security
Keywords: fixed1.8.0.10
You need to log in
before you can comment on or make changes to this bug.
Description
•