Closed
Bug 885633
Opened 11 years ago
Closed 2 months ago
Misaligned access to various integer types in JS assembler
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: yeukhon, Unassigned)
References
()
Details
(Whiteboard: [-fsanitize=alignment])
We are encountering this bug after building the JS shell as described in this MDN page: https://developer.mozilla.org/en-US/docs/Building_SpiderMonkey_with_UBSan We were able to execute the shell after changing 0x42 to 0x40 in js/src/vm/Interpreter.h At first we were able to do > var k = 1 > k 1 > quit() Often time, when we restart the shell and do a quit as first command, we get the following runtime error: https://gist.github.com/yeukhon/5828922 Consequently, relaunch the shell and do var k = 1 will abort as well. You can find the error messages in the same gist above.
Comment 1•11 years ago
|
||
(Changing 0x42 to 0x40 is a workaround for bug 885631.)
Hardware: x86 → x86_64
Assignee | ||
Updated•10 years ago
|
Assignee: general → nobody
Updated•2 years ago
|
Severity: normal → S3
Updated•2 months ago
|
Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•