Status

()

Core
JavaScript Engine
RESOLVED DUPLICATE of bug 342180
11 years ago
11 years ago

People

(Reporter: li jin, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)
Build Identifier: js 1.6

js_DestroyContext

call js_MarkScriptFilenames
js_MarkScriptFilenames(JSRuntime *rt, uintN gcflags)
{
    JSCList *head, *link;
    ScriptFilenamePrefix *sfp;

    if (gcflags & GC_KEEP_ATOMS) {
        JS_HashTableEnumerateEntries(rt->scriptFilenameTable,
                                     js_script_filename_marker,
                                     rt);
    }
    // no check if head is NULL 
    for (head = &rt->scriptFilenamePrefixes, link = head->next;
         link != head;
         link = link->next) {
        sfp = (ScriptFilenamePrefix *) link;
        js_MarkScriptFilename(sfp->name);
    }
}

Reproducible: Always

Steps to Reproduce:
1.
2.
3.

Comment 1

11 years ago
see also bug 342180, although that fixed it in another location (maybe not fixing it in your scenario)
li_jin: did you see a crash, or are you reporting something you think is a bug by inspection?

head = &rt->something, and it's loop-invariant, so it cannot be null (or nearly null) unless rt is null. So I don't think this is a bug.

Igor, can you check on comment 1's hypothesis that we need another rt->scriptFilenameTable null check?

/be

Comment 3

11 years ago
(In reply to comment #2)
> Igor, can you check on comment 1's hypothesis that we need another
> rt->scriptFilenameTable null check?

I do not see any problems here with looping over a circular list.
(Reporter)

Comment 4

11 years ago
head->next maybe NULL
I found reason is JS_CreateRuntime, param invalid 
JSRuntime* rt = JS_CreateRuntime(0);
JSContext* cx = JS_CreateContext( rt, 8192 );
cause JS_CreateContext fail
js_DestroyContext
call js_MarkScriptFilenames
    head->next is NULL  
You need to log in before you can comment on or make changes to this bug.