See attached program that reproduces the bug.

Output using a recent tarball of SpiderMonkey 68:

$ ./linearstring 
length: 1953719668
Segmentation fault: 11

Examining lstr with a debugger seems to show that the characters are stored correctly in the inline storage, but the characters in chars are off by a number of bytes (past the end of the inline storage).

To get the program to work on ESR 60, change JSAutoRealm to JSAutoCompartment and add a JSAutoRequest at the beginning of RunExample(). When compiled against ESR60, the output is

$ ./linearstring
length: 4
test

I'm able to reproduce this and in gdb, I see that JS::shadow::String::length() is miscompiled somehow. The JSString::length() function is almost identical but generates reasonable code (with a shr in debug).

Looking again, I've discovered the issue is that JS_64BIT needs to be defined. This is defined in js-confdefs.h.

I'm not clear what the normal flow is supposed to be to make it work, but the spidermonkey-embedding-examples are also busted here.

The problem appeared because the definition of JSString was changed between the ESR releases and requires JS_BITS_PER_WORD to be accurately defined.

A first step would be to make the build system install js-confdefs.h, since it seems to be generated, but not installed, in a standalone build.

Ideally, there should still be another way to make it work without having to remember to include the header. The pkg-config file already specifies to add -include $PKGINCLUDEDIR/js/RequiredDefines.h to the compile command line, so maybe another easy step would be to change that to -include $PKGINCLUDEDIR/js-config.h -include $PKGINCLUDEDIR/js-confdefs.h (since js-confdefs.h already brings in js/RequiredDefines.h)?

We should consider using static_assert or #error in one of the public headers to help catch issues...

js-confdefs.h contains defines that affect the size and layout of public
structures, so it should always be included. It already brings in
js/RequiredDefines.h itself, so that no longer needs to be explicitly
included.

I went ahead and posted a patch with my proposed workaround above.

I noticed that the output of js-config is quite out of date, I fixed this particular issue in it as well as in the pkg-config file, but it still doesn't agree everywhere with the pkg-config file, and it seems like it should. Does anyone use js-config anymore instead of the pkg-config file? Could it be removed?

https://hg.mozilla.org/mozilla-central/rev/91aaa403ff83

Comment on attachment 9073057 [details]
Bug 1553938 - Ensure js-confdefs.h is installed and included. r?tcampbell

ESR Uplift Approval Request

• If this is not a sec:{high,crit} bug, please state case for ESR consideration: This bug prevents examining the characters of a JSString, a common operation, for SpiderMonkey embedders.
• User impact if declined: SpiderMonkey compiled for embedders will crash and be unusable for some common purposes, downstreams will have to carry a patch.
• Fix Landed on Version: 70
• Risk to taking this patch: Low
• Why is the change risky/not risky? (and alternatives if risky): No risk because the only changes are in make install, the pkg-config file, and the js-config script which as far as I'm aware aren't used in the Firefox build.
• String or UUID changes made by this patch: None

Comment on attachment 9073057 [details]
Bug 1553938 - Ensure js-confdefs.h is installed and included. r?tcampbell

Fix-up for Spidermonkey embedders which doesn't affect Firefox. Approved for 68.1esr.

https://hg.mozilla.org/releases/mozilla-esr68/rev/fc7915e1e645