Subj : Re: spidermonkey: perhaps bug in jsarena.c:JS_ArenaRealloc
To   : netscape.public.mozilla.jseng
From : Jens Thiele <karme@unforgettable.com>
Date : Mon Apr 05 2004 03:58 pm

with efence i now got a working core dump:
(again using the modified jsarena.c version:)

(gdb) bt
#0  0x0806cfb0 in JS_ArenaRealloc (pool=0x402adef8, p=0x412b4bf8,
size=2, incr=2352) at jsarena.c:308
308             *segfault='K';
(gdb) i s
#0  0x0806cfb0 in JS_ArenaRealloc (pool=0x402adef8, p=0x412b4bf8,
size=2, incr=2352) at jsarena.c:308
#1  0x080ba2d6 in SprintAlloc (sp=0xbfffe4a0, nb=2352) at jsopcode.c:321
#2  0x080ba679 in QuoteString (sp=0xbfffe4a0, str=0x402b74b0, quote=34)
at jsopcode.c:412
#3  0x080ba83e in js_QuoteString (cx=0x402adebc, str=0x402b74b0,
quote=34) at jsopcode.c:450
#4  0x080e3f86 in js_ValueToSource (cx=0x402adebc, v=1076589748) at
jsstr.c:2676
#5  0x080b0fc4 in js_obj_toSource (cx=0x402adebc, obj=0x402b7270,
argc=0, argv=0x411973a4, rval=0xbfffe700) at jsobj.c:781
#6  0x0809a1a9 in js_Invoke (cx=0x402adebc, argc=0, flags=2) at
jsinterp.c:941
#7  0x0809a5bc in js_InternalInvoke (cx=0x402adebc, obj=0x402b7270,
fval=1076584360, flags=0, argc=0, argv=0x0,
    rval=0xbfffe894) at jsinterp.c:1035
#8  0x080b8727 in js_TryMethod (cx=0x402adebc, obj=0x402b7270,
atom=0x40361fe8, argc=0, argv=0x0, rval=0xbfffe894)
    at jsobj.c:3519
#9  0x080e403e in js_ValueToSource (cx=0x402adebc, v=1076589168) at
jsstr.c:2686
#10 0x080b0fc4 in js_obj_toSource (cx=0x402adebc, obj=0x402b7268,
argc=0, argv=0x41197388, rval=0xbfffea70) at jsobj.c:781
#11 0x0809a1a9 in js_Invoke (cx=0x402adebc, argc=0, flags=0) at
jsinterp.c:941
#12 0x080a689b in js_Interpret (cx=0x402adebc, result=0xbfffef7c) at
jsinterp.c:2962
#13 0x0809a21d in js_Invoke (cx=0x402adebc, argc=1, flags=0) at
jsinterp.c:958
#14 0x080a689b in js_Interpret (cx=0x402adebc, result=0xbffff5a8) at
jsinterp.c:2962
#15 0x0809aa54 in js_Execute (cx=0x402adebc, chain=0x402b5f48,
script=0x411c0c24, down=0x0, special=0, result=0xbffff5a8)
    at jsinterp.c:1155
#16 0x0806b986 in JS_EvaluateUCScriptForPrincipals (cx=0x402adebc,
obj=0x402b5f48, principals=0x0, chars=0x4110d0cc,
    length=14232, filename=0x80e8319 "stdin", lineno=1, rval=0xbffff5a8)
at jsapi.c:3530
#17 0x0806b8f7 in JS_EvaluateUCScript (cx=0x402adebc, obj=0x402b5f48,
chars=0x4110d0cc, length=14232,
    filename=0x80e8319 "stdin", lineno=1, rval=0xbffff5a8) at jsapi.c:3511
#18 0x0806b7e7 in JS_EvaluateScript (cx=0x402adebc, obj=0x402b5f48,
    bytes=0x40dd001c "// networked pong
clone\n\nframes=1024;\nspriteSize=new
V2D(100,100);\nsx=1024;\nsy=768;\nrackets=[];\n\nEGachine.addResource(\"racket\",
'\\\niVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAAAmJLR0QA/4ePzL8AAAAJc"...,

    length=14232, filename=0x80e8319 "stdin", lineno=1, rval=0xbffff5a8)
at jsapi.c:3479
#19 0x0805dd17 in ECMAScript::eval(std::istream&, char const*)
(in=@0x81001a0, resname=0x0) at basic_string.h:717
#20 0x0805a8b5 in main (argc=1, argv=0xbffffb44) at server/server.cpp:358

some more info:
(gdb) print *a
$2 = {next = 0x0, base = 1093347016, limit = 1093349373, avail = 1093349376}
(gdb) print ap
$3 = (JSArena **) 0x402adef8
(gdb) print a
$4 = (JSArena *) 0x412b26ac
(gdb) print b
$5 = (JSArena *) 0x0
(gdb) print boff
$6 = 16
(gdb) print aoff
$7 = 2354
(gdb) print extra
$8 = 8
(gdb) print hdrsz
$9 = 31
(gdb) print gross
$10 = 2385
(gdb) print size
$12 = 2
(gdb) print *pool
$13 = {first = {next = 0x412b26ac, base = 1076551432, limit =
1076551432, avail = 1076551432}, current = 0x412b26ac,
  arenasize = 1024, mask = 7}


hope this helps
karme

.