Regression in examining JSLinearString chars and length
Categories
(Core :: JavaScript Engine, defect, P3)
Tracking
()
People
(Reporter: ptomato, Assigned: ptomato)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
(deleted),
text/plain
|
Details | |
(deleted),
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-esr68+
|
Details |
See attached program that reproduces the bug.
Output using a recent tarball of SpiderMonkey 68:
$ ./linearstring
length: 1953719668
Segmentation fault: 11
Examining lstr
with a debugger seems to show that the characters are stored correctly in the inline storage, but the characters in chars
are off by a number of bytes (past the end of the inline storage).
To get the program to work on ESR 60, change JSAutoRealm
to JSAutoCompartment
and add a JSAutoRequest
at the beginning of RunExample()
. When compiled against ESR60, the output is
$ ./linearstring
length: 4
test
Comment 1•5 years ago
|
||
I'm able to reproduce this and in gdb, I see that JS::shadow::String::length() is miscompiled somehow. The JSString::length() function is almost identical but generates reasonable code (with a shr in debug).
Comment 2•5 years ago
|
||
Looking again, I've discovered the issue is that JS_64BIT needs to be defined. This is defined in js-confdefs.h.
I'm not clear what the normal flow is supposed to be to make it work, but the spidermonkey-embedding-examples are also busted here.
The problem appeared because the definition of JSString was changed between the ESR releases and requires JS_BITS_PER_WORD to be accurately defined.
Updated•5 years ago
|
Assignee | ||
Comment 3•5 years ago
|
||
A first step would be to make the build system install js-confdefs.h, since it seems to be generated, but not installed, in a standalone build.
Ideally, there should still be another way to make it work without having to remember to include the header. The pkg-config file already specifies to add -include $PKGINCLUDEDIR/js/RequiredDefines.h
to the compile command line, so maybe another easy step would be to change that to -include $PKGINCLUDEDIR/js-config.h -include $PKGINCLUDEDIR/js-confdefs.h
(since js-confdefs.h already brings in js/RequiredDefines.h)?
Comment 4•5 years ago
|
||
We should consider using static_assert
or #error
in one of the public headers to help catch issues...
Assignee | ||
Comment 5•5 years ago
|
||
js-confdefs.h contains defines that affect the size and layout of public
structures, so it should always be included. It already brings in
js/RequiredDefines.h itself, so that no longer needs to be explicitly
included.
Assignee | ||
Comment 6•5 years ago
|
||
I went ahead and posted a patch with my proposed workaround above.
I noticed that the output of js-config is quite out of date, I fixed this particular issue in it as well as in the pkg-config file, but it still doesn't agree everywhere with the pkg-config file, and it seems like it should. Does anyone use js-config anymore instead of the pkg-config file? Could it be removed?
Comment 8•5 years ago
|
||
bugherder |
Updated•5 years ago
|
Assignee | ||
Comment 9•5 years ago
|
||
Comment on attachment 9073057 [details]
Bug 1553938 - Ensure js-confdefs.h is installed and included. r?tcampbell
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: This bug prevents examining the characters of a JSString, a common operation, for SpiderMonkey embedders.
- User impact if declined: SpiderMonkey compiled for embedders will crash and be unusable for some common purposes, downstreams will have to carry a patch.
- Fix Landed on Version: 70
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): No risk because the only changes are in
make install
, the pkg-config file, and the js-config script which as far as I'm aware aren't used in the Firefox build. - String or UUID changes made by this patch: None
Comment 10•5 years ago
|
||
Comment on attachment 9073057 [details]
Bug 1553938 - Ensure js-confdefs.h is installed and included. r?tcampbell
Fix-up for Spidermonkey embedders which doesn't affect Firefox. Approved for 68.1esr.
Updated•5 years ago
|
Comment 11•5 years ago
|
||
bugherder uplift |
Description
•