Closed Bug 710322 Opened 14 years ago Closed 13 years ago

Invalid read of size 8 with testcase at js::SprintPut in Valgrind

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: gkw, Unassigned)

Details

(Keywords: testcase, valgrind, Whiteboard: js-triage-needed)

Attachments

(1 file)

stack
3.19 KB, text/plain
Details
Attached file stack
"" + Function("\ for each (let z in [\ (4277), ['z'], (4277), (4277), ['z'], (4277), ['z'], \ (4277), (4277), ['z'], ['z'], ['z'], ['z'], (4277), \ (4277), (4277), ['z'], (4277), (4277), ['z'], ['z'], \ (4277), (4277), (4277), ['z'], (4277), ['z']\ ]) {}\ ") The attached testcase shows a Valgrind error in js opt shell on m-c changeset 63bff373cb94 without any CLI arguments with an invalid read of size 8. The following command was used: valgrind --smc-check=all-non-file --dsymutil=yes ./js testcase.js
> "" + Function("\ > for each (let z in [\ > (4277), ['z'], (4277), (4277), ['z'], (4277), ['z'], \ > (4277), (4277), ['z'], ['z'], ['z'], ['z'], (4277), \ > (4277), (4277), ['z'], (4277), (4277), ['z'], ['z'], \ > (4277), (4277), (4277), ['z'], (4277), ['z']\ > ]) {}\ > ") > > The attached testcase shows (I meant *this* testcase shows...)
This does not reproduce on 64-bit opt shell when run under Valgrind in Ubuntu Linux 11.10, on m-c changeset 8ffdb4c7404a. Should retest on Valgrind Mac when bug 715750 is fixed.
WFM on Mac OS X 10.7, m-c changeset 76e469f863ae w/ a relatively recent SVN Valgrind build.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: