Closed Bug 465705 Opened 17 years ago Closed 17 years ago

Valgrind - invalid read of size 1 in js_PCToLineNumber - js1_5/extensions/regress-454040.js

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: bc, Assigned: mrbkap)

Details

(Keywords: valgrind, verified1.9.1)

Attachments

(1 file)

Proposed fix
1.32 KB, patch
brendan
: review+
sayrer
: approval1.9.1b2+
Details | Diff | Splinter Review
==4311== Invalid read of size 1 ==4311== at 0x80BA70B: js_PCToLineNumber (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x80BA73C: js_FramePCToLineNumber (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x8090534: js_ComputeFilename (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x8071DC3: Function(JSContext*, JSObject*, unsigned, long*, long*) (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x8088E58: js_Invoke (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x80891E7: js_InternalInvoke (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x8060018: js_watch_set (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x806016A: js_watch_set_wrapper (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x8088E58: js_Invoke (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x80891E7: js_InternalInvoke (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x80892F8: js_InternalGetOrSet (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x808F2F6: js_NativeSet (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== Address 0x40438F5 is 0 bytes after a block of size 53 alloc'd ==4311== at 0x40053C0: malloc (vg_replace_malloc.c:149) ==4311== by 0x8050C97: JS_malloc (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x80BAC6B: js_NewScript (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x8071B58: js_InitFunctionClass (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x80522D1: js_InitFunctionAndObjectClasses (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x808F767: js_GetClassObject (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x80935B5: js_FindClassObject (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x80936BA: js_GetClassPrototype (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x8093957: js_NewObject (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x80707CC: js_NewFunction (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x8070873: js_DefineFunction (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js) ==4311== by 0x804ED35: JS_DefineFunction (in /usr3/work/mozilla/builds/1.9.1/mozilla/js/src/Linux_All_OPT.OBJ/js)
Flags: blocking1.9.1?
I think this run started before the mc/tm merge. I killed it and started a new one and haven't seen these yet. closing out as wfm.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
js1_5/extensions/regress-454040.js does reproduce with with a fresh pull on mc.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Attached patch Proposed fixSplinter Review
Since source notes are a linked list, it seems like there must always be a terminator note. This is taken care of in the normal path by js_FinishTakingSrcNotes but the special Function.prototype script needs special help. I'm not sure if there's a helper function for this, though.
Assignee: general → mrbkap
Status: REOPENED → ASSIGNED
Attachment #349320 - Flags: review?(brendan)
Flags: blocking1.9.1? → blocking1.9.1+
Attachment #349320 - Flags: review?(brendan)
Attachment #349320 - Flags: review+
Attachment #349320 - Flags: approval1.9.1b2?
Attachment #349320 - Flags: approval1.9.1b2? → approval1.9.1b2+
http://hg.mozilla.org/mozilla-central/rev/be7b0050fe5c
Status: ASSIGNED → RESOLVED
Closed: 17 years ago17 years ago
Resolution: --- → FIXED
Flags: in-testsuite+
Flags: in-litmus-
v 1.9.2
Status: RESOLVED → VERIFIED
v 1.9.1
Keywords: fixed1.9.1verified1.9.1
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: