Subj : Re: problems with error reporting
To : Brendan Eich
From : Silviu Trasca
Date : Wed Jun 22 2005 09:01 pm
This is a multi-part message in MIME format.
--------------080304070401010406030400
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hope this time I provide you complete information.
Thanks for your time,
Silviu
Spidermonkey source code:
http://ftp.mozilla.org/pub/mozilla.org/js/js-1.5-rc6a.tar.gz
I dug a litle bit in js sources and it seems that in this case
"report->tokenptr" has a wrong value so that "n" (the count of bytes)
goes over "report->linebuf" allocated area.
[silviu@silviu js]$ valgrind --db-attach=yes js
==8195== Memcheck, a memory error detector for x86-linux.
==8195== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==8195== Using valgrind-2.4.0, a program supervision framework for
x86-linux.
==8195== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==8195== For more details, rerun with: -v
==8195==
js>MM_preloadImages('/images/nav_catalog_f2.gif','/images/nav_new_f2.gif','/images/nav_acad_f2.gif','/images/nav_about_f2.gif','/images/top_contact_on.gif,'/images/top_booksellers_on.gif,'/images/top_map_on.gif,'/images/top_cart_on.gif,'/images/top_home_on.gif);
1: SyntaxError: unterminated string literal:
1: if);
1: ......==8195== Invalid read of size 1
==8195== at 0x804C216: my_ErrorReporter (js.c:1903)
==8195== by 0x805D66A: js_ReportErrorAgain (jscntxt.c:674)
==8195== by 0x8079493: js_ReportUncaughtException (jsexn.c:1073)
==8195== by 0x8054965: JS_CompileUCScriptForPrincipals (jsapi.c:3104)
==8195== by 0x80548E6: JS_CompileUCScript (jsapi.c:3082)
==8195== by 0x8054837: JS_CompileScript (jsapi.c:3052)
==8195== by 0x80496F1: Process (js.c:382)
==8195== by 0x8049CE6: ProcessArgs (js.c:568)
==8195== by 0x804C77A: main (js.c:2426)
==8195== Address 0x1B93D2EE is 0 bytes after a block of size 6 alloc'd
==8195== at 0x1B903298: malloc (vg_replace_malloc.c:130)
==8195== by 0x80CFAE2: js_DeflateString (jsstr.c:2805)
==8195== by 0x80CFE75: js_GetStringBytes (jsstr.c:2881)
==8195== by 0x8055ABE: JS_GetStringBytes (jsapi.c:3782)
==8195== by 0x80C095E: js_ReportCompileErrorNumber (jsscan.c:561)
==8195== by 0x80C220F: js_GetToken (jsscan.c:939)
==8195== by 0x80B3896: UnaryExpr (jsparse.c:2564)
==8195== by 0x80B359F: MulExpr (jsparse.c:2481)
==8195== by 0x80B34D8: AddExpr (jsparse.c:2463)
==8195== by 0x80B344A: ShiftExpr (jsparse.c:2448)
==8195== by 0x80B3359: RelExpr (jsparse.c:2416)
==8195== by 0x80B32B3: EqExpr (jsparse.c:2392)
==8195==
==8195== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y
starting debugger
==8195== starting debugger with cmd: /usr/bin/gdb -nw /proc/8198/fd/1015
8198
GNU gdb Red Hat Linux (6.1post-1.20040607.43rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host
libthread_db library "/lib/tls/libthread_db.so.1".
Attaching to program: /proc/8198/fd/1015, process 8198
0x0804c216 in my_ErrorReporter (cx=0x1b92b0e8, message=0x1b942ed0
"SyntaxError: unterminated string literal",
report=0x1b940ab0) at js.c:1903
1903 if (report->linebuf[i] == '\t') {
(gdb) list
1898 report->linebuf,
1899 (n > 0 && report->linebuf[n-1] == '\n') ? "" : "\n",
1900 prefix);
1901 n = PTRDIFF(report->tokenptr, report->linebuf, char);
1902 for (i = j = 0; i < n; i++) {
1903 if (report->linebuf[i] == '\t') {
1904 for (k = (j + 8) & ~7; j < k; j++) {
1905 fputc('.', gErrFile);
1906 }
1907 continue;
(gdb) info locals
i = 6
j = 6
k = 462696144
n = 233
prefix = 0x1b942f30 "1: "
tmp = 0x0
ctmp = 0x0
(gdb) p report->linebuf
$1 = 0x1b93d2e8 "if);\n"
(gdb) p report->tokenptr
$2 = 0x1b93d3d1 ""
(gdb)
Brendan Eich wrote:
> Silviu Trasca wrote:
>
>> js>MM_preloadImages('/images/nav_catalog_f2.gif','/images/nav_new_f2.gif','/images/nav_acad_f2.gif','/images/nav_about_f2.gif','/images/top_contact_on.gif,'/images/top_booksellers_on.gif,'/images/top_map_on.gif,'/images/top_cart_on.gif,'/images/top_home_on.gif);
>>
>> 1: SyntaxError: unterminated string literal:
>> 1: if);
>> 1: ......==13904== Invalid read of size 1
>> ==13904== at 0x804C216: my_ErrorReporter (js.c:1903)
>
>
>
> I don't know exactly what version of js.c you are using, so I don't
> know which line of my_ErrorReporter that is. Can you show me? Even
> better would be the values of local variables. Thanks,
>
> /be
--------------080304070401010406030400
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Hope this time I provide you complete information.
Thanks for your time,
Silviu
Spidermonkey source code:
http://ftp.mozilla.org/pub/mozilla.org/js/js-1.5-rc6a.tar.gz
I dug a litle bit in js sources and it seems that in this case
"report->tokenptr" has a wrong value so that "n" (the count of
bytes) goes over "report->linebuf"
allocated area.
[silviu@silviu js]$ valgrind --db-attach=yes js
==8195== Memcheck, a memory error detector for x86-linux.
==8195== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==8195== Using valgrind-2.4.0, a program supervision framework for
x86-linux.
==8195== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==8195== For more details, rerun with: -v
==8195==
js>MM_preloadImages('/images/nav_catalog_f2.gif','/images/nav_new_f2.gif','/images/nav_acad_f2.gif','/images/nav_about_f2.gif','/images/top_contact_on.gif,'/images/top_booksellers_on.gif,'/images/top_map_on.gif,'/images/top_cart_on.gif,'/images/top_home_on.gif);
1: SyntaxError: unterminated string literal:
1: if);
1: ......==8195== Invalid read of size 1
==8195== at 0x804C216: my_ErrorReporter (js.c:1903)
==8195== by 0x805D66A: js_ReportErrorAgain (jscntxt.c:674)
==8195== by 0x8079493: js_ReportUncaughtException (jsexn.c:1073)
==8195== by 0x8054965: JS_CompileUCScriptForPrincipals (jsapi.c:3104)
==8195== by 0x80548E6: JS_CompileUCScript (jsapi.c:3082)
==8195== by 0x8054837: JS_CompileScript (jsapi.c:3052)
==8195== by 0x80496F1: Process (js.c:382)
==8195== by 0x8049CE6: ProcessArgs (js.c:568)
==8195== by 0x804C77A: main (js.c:2426)
==8195== Address 0x1B93D2EE is 0 bytes after a block of size 6 alloc'd
==8195== at 0x1B903298: malloc (vg_replace_malloc.c:130)
==8195== by 0x80CFAE2: js_DeflateString (jsstr.c:2805)
==8195== by 0x80CFE75: js_GetStringBytes (jsstr.c:2881)
==8195== by 0x8055ABE: JS_GetStringBytes (jsapi.c:3782)
==8195== by 0x80C095E: js_ReportCompileErrorNumber (jsscan.c:561)
==8195== by 0x80C220F: js_GetToken (jsscan.c:939)
==8195== by 0x80B3896: UnaryExpr (jsparse.c:2564)
==8195== by 0x80B359F: MulExpr (jsparse.c:2481)
==8195== by 0x80B34D8: AddExpr (jsparse.c:2463)
==8195== by 0x80B344A: ShiftExpr (jsparse.c:2448)
==8195== by 0x80B3359: RelExpr (jsparse.c:2416)
==8195== by 0x80B32B3: EqExpr (jsparse.c:2392)
==8195==
==8195== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y
starting debugger
==8195== starting debugger with cmd: /usr/bin/gdb -nw
/proc/8198/fd/1015 8198
GNU gdb Red Hat Linux (6.1post-1.20040607.43rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host
libthread_db library "/lib/tls/libthread_db.so.1".
Attaching to program: /proc/8198/fd/1015, process 8198
0x0804c216 in my_ErrorReporter (cx=0x1b92b0e8, message=0x1b942ed0
"SyntaxError: unterminated string literal",
report=0x1b940ab0) at js.c:1903
1903 if (report->linebuf[i] == '\t') {
(gdb) list
1898 report->linebuf,
1899 (n > 0 && report->linebuf[n-1] ==
'\n') ? "" : "\n",
1900 prefix);
1901 n = PTRDIFF(report->tokenptr, report->linebuf, char);
1902 for (i = j = 0; i < n; i++) {
1903 if (report->linebuf[i] == '\t') {
1904 for (k = (j + 8) & ~7; j < k; j++) {
1905 fputc('.', gErrFile);
1906 }
1907 continue;
(gdb) info locals
i = 6
j = 6
k = 462696144
n = 233
prefix = 0x1b942f30 "1: "
tmp = 0x0
ctmp = 0x0
(gdb) p report->linebuf
$1 = 0x1b93d2e8 "if);\n"
(gdb) p report->tokenptr
$2 = 0x1b93d3d1 ""
(gdb)
Brendan Eich wrote:
Silviu
Trasca wrote:
js>MM_preloadImages('/images/nav_catalog_f2.gif','/images/nav_new_f2.gif','/images/nav_acad_f2.gif','/images/nav_about_f2.gif','/images/top_contact_on.gif,'/images/top_booksellers_on.gif,'/images/top_map_on.gif,'/images/top_cart_on.gif,'/images/top_home_on.gif);
1: SyntaxError: unterminated string literal:
1: if);
1: ......==13904== Invalid read of size 1
==13904== at 0x804C216: my_ErrorReporter (js.c:1903)
I don't know exactly what version of js.c you are using, so I don't
know which line of my_ErrorReporter that is. Can you show me? Even
better would be the values of local variables. Thanks,
/be
--------------080304070401010406030400--
.