Closed Bug 710322 Opened 13 years ago Closed 12 years ago

Invalid read of size 8 with testcase at js::SprintPut in Valgrind

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: gkw, Unassigned)

Details

(Keywords: testcase, valgrind, Whiteboard: js-triage-needed)

Attachments

(1 file)

stack
3.19 KB, text/plain
Details
Attached file stack 
"" + Function("\
  for each (let z in [\
    (4277), ['z'], (4277), (4277), ['z'], (4277), ['z'], \
    (4277), (4277), ['z'], ['z'], ['z'], ['z'], (4277), \
    (4277), (4277), ['z'], (4277), (4277), ['z'], ['z'], \
    (4277), (4277), (4277), ['z'], (4277), ['z']\
  ]) {}\
")

The attached testcase shows a Valgrind error in js opt shell on m-c changeset 63bff373cb94 without any CLI arguments with an invalid read of size 8.

The following command was used:

valgrind --smc-check=all-non-file --dsymutil=yes ./js testcase.js
> "" + Function("\
>   for each (let z in [\
>     (4277), ['z'], (4277), (4277), ['z'], (4277), ['z'], \
>     (4277), (4277), ['z'], ['z'], ['z'], ['z'], (4277), \
>     (4277), (4277), ['z'], (4277), (4277), ['z'], ['z'], \
>     (4277), (4277), (4277), ['z'], (4277), ['z']\
>   ]) {}\
> ")
> 
> The attached testcase shows

(I meant *this* testcase shows...)
This does not reproduce on 64-bit opt shell when run under Valgrind in Ubuntu Linux 11.10, on m-c changeset 8ffdb4c7404a.

Should retest on Valgrind Mac when bug 715750 is fixed.
WFM on Mac OS X 10.7, m-c changeset 76e469f863ae w/ a relatively recent SVN Valgrind build.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: