Closed
Bug 452295
Opened 17 years ago
Closed 17 years ago
segfault: echo 'eval("1")' | ./js
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
People
(Reporter: rubys, Assigned: mrbkap)
References
Details
(5 keywords)
Attachments
(4 files)
|
600 bytes,
patch
|
brendan
:
review+
|
Details | Diff | Splinter Review |
|
1.44 KB,
patch
|
Details | Diff | Splinter Review | |
|
977 bytes,
patch
|
mrbkap
:
review+
dveditz
:
approval1.9.0.4+
|
Details | Diff | Splinter Review |
|
898 bytes,
patch
|
mrbkap
:
review+
dveditz
:
approval1.8.1.18+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Build Identifier:
With a current checkout of mozilla-central, built with "cd js/src; make -f Makefile.ref"
The following causes a segfault
echo 'eval("1")' | ./js
Neither of the following do:
echo 'eval("1")' | ./js -i
echo 'print(eval(1))' | ./js
Reproducible: Always
Steps to Reproduce:
1. echo 'eval("1")' | ./js
Actual Results:
Segmentation fault (core dumped)
Expected Results:
No output
|
Assignee | |
Updated•17 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
Assignee | |
Comment 1•17 years ago
|
||
I'm not sure if this is the right place for the assertion here...
|
||
Comment 2•17 years ago
|
||
Comment on attachment 335579 [details] [diff] [review]
Fix
Testing flags first seems better to me, because of common-case arguments: if the flag is not set more often than principals is null (I bet it is), then you want to bail there -- assuming perf is hyper-critical (which it is probably not, but the principle counts).
/be
Attachment #335579 -
Flags: review?(brendan) → review+
|
|
||
Comment 3•17 years ago
|
||
For future ref.
/be
|
|
Assignee | |
Comment 4•17 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
||
Comment 6•16 years ago
|
||
per previous duped bug, this occurs in 1.9.0.x and 1.8.1.x branches as well.
Flags: wanted1.9.0.x?
Flags: wanted1.8.1.x?
|
||
Updated•16 years ago
|
Flags: in-testsuite?
|
|
Assignee | |
Comment 7•16 years ago
|
||
Attachment #342618 -
Flags: review+
Attachment #342618 -
Flags: approval1.9.0.4?
|
|
Assignee | |
Comment 8•16 years ago
|
||
Attachment #342619 -
Flags: review+
Attachment #342619 -
Flags: approval1.8.1.18?
|
|
Assignee | |
Comment 9•16 years ago
|
||
FWIW, the merges were trivial.
|
||
Comment 11•16 years ago
|
||
The indicated platform is PC/Linux. However, bug #457788 was closed as a duplicate of this one. That bug applied to all platforms and operating systems. It prevented me from installing Mnenhy 0.7.5 under SeaMonkey 1.1.12 (which was not released until after this bug was submitted) on Windows XP.
I must therefore question whether this bug is indeed fixed for all platforms and whether it is actually a duplicate of bug #457788.
|
|
Assignee | |
Comment 12•16 years ago
|
||
The fix hasn't landed on the stable branches yet, so you'll still crash with the latest version of Firefox. The bug was reported on PC/Linux and the fix was in cross-platform code. I have a bad habit of not updating the hardware/OS fields.
OS: Linux → All
Hardware: PC → All
|
||
Updated•16 years ago
|
Blocks: 419848
Keywords: regression
|
|
||
Updated•16 years ago
|
Flags: wanted1.9.0.x?
Flags: wanted1.9.0.x+
Flags: wanted1.8.1.x?
Flags: wanted1.8.1.x+
Flags: blocking1.9.0.4+
Flags: blocking1.8.1.18+
|
|
||
Comment 13•16 years ago
|
||
Comment on attachment 342618 [details] [diff] [review]
Patch for the 1.9 branch
Approved for 1.9.0.4, a=dveditz for release-drivers
Attachment #342618 -
Flags: approval1.9.0.4? → approval1.9.0.4+
|
|
||
Updated•16 years ago
|
Attachment #342619 -
Flags: approval1.8.1.18? → approval1.8.1.18+
|
|
||
Comment 14•16 years ago
|
||
Comment on attachment 342619 [details] [diff] [review]
Patch for the 1.8 branch
Approved for 1.8.1.18, a=dveditz for release-drivers
|
|
Assignee | |
Comment 15•16 years ago
|
||
Checked in on the 1.8 and 1.9 branches.
Keywords: fixed1.8.1.18,
fixed1.9.0.4
|
||
Comment 16•16 years ago
|
||
not possible to test in current framework unless someone can show me how to not have a principal.
Flags: in-testsuite?
Flags: in-testsuite-
Flags: in-litmus-
|
|
||
Comment 17•16 years ago
|
||
(In reply to comment #16)
> not possible to test in current framework unless someone can show me how to not
> have a principal.
See bug 454040 for the branch testcases and comment #6 for the duplication.
|
|
||
Comment 18•16 years ago
|
||
I'll do the test in bug 454040.
|
|
||
Comment 19•16 years ago
|
||
/cvsroot/mozilla/js/tests/js1_5/extensions/regress-454040.js,v <--
regress-454040.js
initial revision: 1.1
http://hg.mozilla.org/mozilla-central/rev/f0e9fd501e63
Flags: in-testsuite- → in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•