Subj : Re: problems with error reporting
To : Brendan Eich
From : Silviu Trasca
Date : Wed Jun 29 2005 05:13 pm
This is a multi-part message in MIME format.
--------------010101010302000200020600
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hello Brendan,
Do you have an opinion about behavior I described in the previous posts ?
Could you tell me what is wrong :
1) error reporting in js.c OR
2) some internal code from SpiderMonkey ?
Thanks,
Silviu
Silviu Trasca wrote:
> Hope this time I provide you complete information.
> Thanks for your time,
> Silviu
>
> Spidermonkey source code:
> http://ftp.mozilla.org/pub/mozilla.org/js/js-1.5-rc6a.tar.gz
>
> I dug a litle bit in js sources and it seems that in this case
> "report->tokenptr" has a wrong value so that "n" (the count of bytes)
> goes over "report->linebuf" allocated area.
>
> [silviu@silviu js]$ valgrind --db-attach=yes js
> ==8195== Memcheck, a memory error detector for x86-linux.
> ==8195== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
> ==8195== Using valgrind-2.4.0, a program supervision framework for
> x86-linux.
> ==8195== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
> ==8195== For more details, rerun with: -v
> ==8195==
> js>MM_preloadImages('/images/nav_catalog_f2.gif','/images/nav_new_f2.gif','/images/nav_acad_f2.gif','/images/nav_about_f2.gif','/images/top_contact_on.gif,'/images/top_booksellers_on.gif,'/images/top_map_on.gif,'/images/top_cart_on.gif,'/images/top_home_on.gif);
> 1: SyntaxError: unterminated string literal:
> 1: if);
> 1: ......==8195== Invalid read of size 1
> ==8195== at 0x804C216: my_ErrorReporter (js.c:1903)
> ==8195== by 0x805D66A: js_ReportErrorAgain (jscntxt.c:674)
> ==8195== by 0x8079493: js_ReportUncaughtException (jsexn.c:1073)
> ==8195== by 0x8054965: JS_CompileUCScriptForPrincipals (jsapi.c:3104)
> ==8195== by 0x80548E6: JS_CompileUCScript (jsapi.c:3082)
> ==8195== by 0x8054837: JS_CompileScript (jsapi.c:3052)
> ==8195== by 0x80496F1: Process (js.c:382)
> ==8195== by 0x8049CE6: ProcessArgs (js.c:568)
> ==8195== by 0x804C77A: main (js.c:2426)
> ==8195== Address 0x1B93D2EE is 0 bytes after a block of size 6 alloc'd
> ==8195== at 0x1B903298: malloc (vg_replace_malloc.c:130)
> ==8195== by 0x80CFAE2: js_DeflateString (jsstr.c:2805)
> ==8195== by 0x80CFE75: js_GetStringBytes (jsstr.c:2881)
> ==8195== by 0x8055ABE: JS_GetStringBytes (jsapi.c:3782)
> ==8195== by 0x80C095E: js_ReportCompileErrorNumber (jsscan.c:561)
> ==8195== by 0x80C220F: js_GetToken (jsscan.c:939)
> ==8195== by 0x80B3896: UnaryExpr (jsparse.c:2564)
> ==8195== by 0x80B359F: MulExpr (jsparse.c:2481)
> ==8195== by 0x80B34D8: AddExpr (jsparse.c:2463)
> ==8195== by 0x80B344A: ShiftExpr (jsparse.c:2448)
> ==8195== by 0x80B3359: RelExpr (jsparse.c:2416)
> ==8195== by 0x80B32B3: EqExpr (jsparse.c:2392)
> ==8195==
> ==8195== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y
> starting debugger
> ==8195== starting debugger with cmd: /usr/bin/gdb -nw
> /proc/8198/fd/1015 8198
> GNU gdb Red Hat Linux (6.1post-1.20040607.43rh)
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and
> you are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for
> details.
> This GDB was configured as "i386-redhat-linux-gnu"...Using host
> libthread_db library "/lib/tls/libthread_db.so.1".
>
> Attaching to program: /proc/8198/fd/1015, process 8198
> 0x0804c216 in my_ErrorReporter (cx=0x1b92b0e8, message=0x1b942ed0
> "SyntaxError: unterminated string literal",
> report=0x1b940ab0) at js.c:1903
> 1903 if (report->linebuf[i] == '\t') {
> (gdb) list
> 1898 report->linebuf,
> 1899 (n > 0 && report->linebuf[n-1] == '\n') ? "" : "\n",
> 1900 prefix);
> 1901 n = PTRDIFF(report->tokenptr, report->linebuf, char);
> 1902 for (i = j = 0; i < n; i++) {
> 1903 if (report->linebuf[i] == '\t') {
> 1904 for (k = (j + 8) & ~7; j < k; j++) {
> 1905 fputc('.', gErrFile);
> 1906 }
> 1907 continue;
> (gdb) info locals
> i = 6
> j = 6
> k = 462696144
> n = 233
> prefix = 0x1b942f30 "1: "
> tmp = 0x0
> ctmp = 0x0
> (gdb) p report->linebuf
> $1 = 0x1b93d2e8 "if);\n"
> (gdb) p report->tokenptr
> $2 = 0x1b93d3d1 ""
> (gdb)
>
--------------010101010302000200020600
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Hello Brendan,
Do you have an opinion about behavior I described in the previous posts
?
Could you tell me what is wrong :
1) error reporting in js.c OR
2) some internal code from SpiderMonkey ?
Thanks,
Silviu
Silviu Trasca wrote:
Hope this time I provide you complete information.
Thanks for your time,
Silviu
Spidermonkey source code:
http://ftp.mozilla.org/pub/mozilla.org/js/js-1.5-rc6a.tar.gz
I dug a litle bit in js sources and it seems that in this case
"report->tokenptr" has a wrong value so that "n" (the count of
bytes) goes over "report->linebuf"
allocated area.
[silviu@silviu js]$ valgrind --db-attach=yes js
==8195== Memcheck, a memory error detector for x86-linux.
==8195== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==8195== Using valgrind-2.4.0, a program supervision framework for
x86-linux.
==8195== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==8195== For more details, rerun with: -v
==8195==
js>MM_preloadImages('/images/nav_catalog_f2.gif','/images/nav_new_f2.gif','/images/nav_acad_f2.gif','/images/nav_about_f2.gif','/images/top_contact_on.gif,'/images/top_booksellers_on.gif,'/images/top_map_on.gif,'/images/top_cart_on.gif,'/images/top_home_on.gif);
1: SyntaxError: unterminated string literal:
1: if);
1: ......==8195== Invalid read of size 1
==8195== at 0x804C216: my_ErrorReporter (js.c:1903)
==8195== by 0x805D66A: js_ReportErrorAgain (jscntxt.c:674)
==8195== by 0x8079493: js_ReportUncaughtException (jsexn.c:1073)
==8195== by 0x8054965: JS_CompileUCScriptForPrincipals (jsapi.c:3104)
==8195== by 0x80548E6: JS_CompileUCScript (jsapi.c:3082)
==8195== by 0x8054837: JS_CompileScript (jsapi.c:3052)
==8195== by 0x80496F1: Process (js.c:382)
==8195== by 0x8049CE6: ProcessArgs (js.c:568)
==8195== by 0x804C77A: main (js.c:2426)
==8195== Address 0x1B93D2EE is 0 bytes after a block of size 6 alloc'd
==8195== at 0x1B903298: malloc (vg_replace_malloc.c:130)
==8195== by 0x80CFAE2: js_DeflateString (jsstr.c:2805)
==8195== by 0x80CFE75: js_GetStringBytes (jsstr.c:2881)
==8195== by 0x8055ABE: JS_GetStringBytes (jsapi.c:3782)
==8195== by 0x80C095E: js_ReportCompileErrorNumber (jsscan.c:561)
==8195== by 0x80C220F: js_GetToken (jsscan.c:939)
==8195== by 0x80B3896: UnaryExpr (jsparse.c:2564)
==8195== by 0x80B359F: MulExpr (jsparse.c:2481)
==8195== by 0x80B34D8: AddExpr (jsparse.c:2463)
==8195== by 0x80B344A: ShiftExpr (jsparse.c:2448)
==8195== by 0x80B3359: RelExpr (jsparse.c:2416)
==8195== by 0x80B32B3: EqExpr (jsparse.c:2392)
==8195==
==8195== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y
starting debugger
==8195== starting debugger with cmd: /usr/bin/gdb -nw
/proc/8198/fd/1015 8198
GNU gdb Red Hat Linux (6.1post-1.20040607.43rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host
libthread_db library "/lib/tls/libthread_db.so.1".
Attaching to program: /proc/8198/fd/1015, process 8198
0x0804c216 in my_ErrorReporter (cx=0x1b92b0e8, message=0x1b942ed0
"SyntaxError: unterminated string literal",
report=0x1b940ab0) at js.c:1903
1903 if (report->linebuf[i] == '\t') {
(gdb) list
1898 report->linebuf,
1899 (n > 0 && report->linebuf[n-1] ==
'\n') ? "" : "\n",
1900 prefix);
1901 n = PTRDIFF(report->tokenptr, report->linebuf, char);
1902 for (i = j = 0; i < n; i++) {
1903 if (report->linebuf[i] == '\t') {
1904 for (k = (j + 8) & ~7; j < k; j++) {
1905 fputc('.', gErrFile);
1906 }
1907 continue;
(gdb) info locals
i = 6
j = 6
k = 462696144
n = 233
prefix = 0x1b942f30 "1: "
tmp = 0x0
ctmp = 0x0
(gdb) p report->linebuf
$1 = 0x1b93d2e8 "if);\n"
(gdb) p report->tokenptr
$2 = 0x1b93d3d1 ""
(gdb)
--------------010101010302000200020600--
.