Closed
Bug 471716
Opened 16 years ago
Closed 15 years ago
jsobj.cpp DEBUG / [@ js_DumpObject] crash on JSFunction with null proto
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: andrew, Assigned: andrew)
Details
(Keywords: crash, fixed1.9.1, Whiteboard: fixed-in-tracemonkey)
Crash Data
Attachments
(1 file, 1 obsolete file)
|
950 bytes,
patch
|
jorendorff
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Build Identifier: mozilla-central When calling JS_DumpObject() on a JSFunction with a null proto, it crashes in fprintf() because proto is passed as an argument. Attaching a patch which simply checks for proto prior to printing and also fixes an "#if DEBUG" to be "#ifdef DEBUG" to be compatible with some other uses of -DDEBUG (and to be consistent with the rest of the file). Reproducible: Always
|
Assignee | |
Comment 1•16 years ago
|
||
|
||
Comment 2•16 years ago
|
||
Did you want to ask for review on the attached patch?
|
|
Assignee | |
Updated•16 years ago
|
Attachment #354975 -
Flags: review?(andrew)
|
|
||
Comment 3•16 years ago
|
||
Comment on attachment 354975 [details] [diff] [review] Proposed patch You have to ask for a module owner/peer to review this.
Attachment #354975 -
Flags: review?(andrew) → review?(brendan)
|
||
Updated•16 years ago
|
Attachment #354975 -
Flags: review?(brendan) → review?(jorendorff)
|
|
||
Comment 4•16 years ago
|
||
Comment on attachment 354975 [details] [diff] [review] Proposed patch Overbrace multiline if/then/else parts. With that nit, r=me but I'd rather jorendorff deal with this (on vacation, js_DumpObject was his baby -- it's very helpful, btw). /be
|
||
Comment 5•16 years ago
|
||
This isn't a trivial bug: things like this have hit me in the middle of a long, complex, debugging session and have cost me lots of lost time. One nit in the description of the bug: the problem isn't passing NULL to a '%p' printf directive; the problem is that we also attempt to pass the name of the proto's class (via STOBJ_GET_CLASS(proto)->name) and attempting to get the class out of proto is what crashes.
Assignee: general → andrew
Severity: trivial → normal
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
Assignee | |
Comment 6•16 years ago
|
||
I meant in general that proto was being used as an argument while null :) IIRC glibc printf handles null values, but I'm not sitting on top of glibc, so either one crashes for me.
|
|
Assignee | |
Comment 7•16 years ago
|
||
Attachment #354975 -
Attachment is obsolete: true
Attachment #354981 -
Flags: review?(jorendorff)
Attachment #354975 -
Flags: review?(jorendorff)
|
||
Comment 8•16 years ago
|
||
Comment on attachment 354981 [details] [diff] [review] Update for Brendan's nit Thanks!
Attachment #354981 -
Flags: review?(jorendorff) → review+
|
|
||
Comment 9•16 years ago
|
||
NPOTB, important to avoid unexpected loss of debugging state. /be
Flags: wanted1.9.1?
|
|
||
Comment 10•16 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/139ce7cb0fc1
Whiteboard: fixed-in-tracemonkey
|
||
Updated•16 years ago
|
Flags: wanted1.9.1? → wanted1.9.1+
|
|
||
Comment 11•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/139ce7cb0fc1
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Summary: jsobj.cpp DEBUG / js_DumpObject crash on JSFunction with null proto → jsobj.cpp DEBUG / [@ js_DumpObject] crash on JSFunction with null proto
|
|
||
Comment 12•15 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/0a04b1a5f992
Keywords: fixed1.9.1
|
||
Updated•15 years ago
|
Flags: in-testsuite-
|
||
Updated•13 years ago
|
Crash Signature: [@ js_DumpObject]
You need to log in
before you can comment on or make changes to this bug.
Description
•