IonMonkey: JSScript::ion is never initialized to NULL.

RESOLVED INVALID

Status

()

Core
JavaScript Engine
RESOLVED INVALID
6 years ago
6 years ago

People

(Reporter: nbp, Unassigned)

Tracking

unspecified
x86_64
Linux
Points:
---

Firefox Tracking Flags

(firefox15 unaffected, firefox16 unaffected, firefox17 unaffected)

Details

(Whiteboard: [ion:p1:fx18])

Valgrind reports that uses of hasIonScript is reading uninitialized memory as listed in https://bugzilla.mozilla.org/attachment.cgi?id=646198
Whiteboard: [ion:p1:fx18]
There's a PodZero(script) in JSScript::Create so it should be initialized, but the Valgrind errors are still weird.. Is this with an --enable-valgrind build?
status-firefox15: --- → unaffected
status-firefox16: --- → unaffected
status-firefox17: --- → unaffected
Valgrind 3.7.0 has some known issues, try again w/ Valgrind 3.8.0 SVN build?
I guess the build I made was not compiled with --enable-valgrind, based on the number of errors, I will try later with a recent build.
I cannot reproduce it with the latest build made with the patch listed in Bug 777788.  I guess I somehow miss the --enable-valgrind flag while configuring.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Keywords: sec-critical
Resolution: --- → INVALID
Nothing s-s here -> opening up.
Group: core-security
You need to log in before you can comment on or make changes to this bug.