Closed
Bug 1813744
Opened 2 years ago
Closed 2 years ago
MOZ_CRASH(invalid UTF-8 string: ReportInvalidCharacter) at vm/CharacterEncoding.cpp:302
Categories
(Core :: JavaScript Engine, defect, P3)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
111 Branch
| Tracking | Status | |
|---|---|---|
| firefox111 | --- | fixed |
People
(Reporter: lukas.bernhard, Assigned: arai)
References
(Blocks 2 open bugs)
Details
Attachments
(1 file)
|
(deleted),
text/x-phabricator-request
|
Details |
Steps to reproduce:
The attached sample crashes the js-shell on commit fb1e6d6e5735dcf12d96fde70351aca305961b53 when invoked via commandline obj-x86_64-pc-linux-gnu/dist/bin/js --fuzzing-safe crash.js
Bisecting the issue points to commit 0216ea137eabafbb8e9fe7992298edd5c18b4836 related to bug 1782166
const v8 = InternalError();
v8.fileName = String.fromCharCode(3823486100);
evaluate("this.disassemble();", v8);
#0 0x000055555791a4a8 in InflateUTF8ToUTF16<(OnUTF8Error)3, JS::ConstUTF8CharsZ::validate(unsigned long)::$_1>(JSContext*,
JS::UTF8Chars, JS::ConstUTF8CharsZ::validate(unsigned long)::$_1) (cx=0x0, src=..., dst=...)
at js/src/vm/CharacterEncoding.cpp:302
#1 0x000055555791a2c4 in JS::ConstUTF8CharsZ::validate (this=0x7fffffff6ca8, aLength=1082)
at js/src/vm/CharacterEncoding.cpp:580
#2 0x000055555755e969 in JS::ConstUTF8CharsZ::ConstUTF8CharsZ (this=0x7fffffff6ca8,
aBytes=0x7ffff74c3800 "\n{\n \"file\": \"\224\",\n \"lineno\": 1,\n \"column\": 12,\n \"immutableFlags\": [\n ]\n}\
nloc line op\n----- ---- --\nmain:\n00000: 1 GlobalThis", ' ' <repeats 18 times>, "# this\n00001: 1 Dup", ' ' <rep
eats 25 times>..., aLength=1082)
at obj-x86_64-pc-linux-gnu/dist/include/js/CharacterEncoding.h:148
#3 0x00005555574fe623 in DisassembleToString (cx=0x7ffff742f100, argc=0, vp=0x7ffff4cfc130)
at js/src/shell/js.cpp:3269
#4 0x00005555576f209e in CallJSNative (cx=0x7ffff742f100,
native=0x5555574fe500 <DisassembleToString(JSContext*, unsigned int, JS::Value*)>, reason=js::CallReason::Call,
args=...) at js/src/vm/Interpreter.cpp:459
#5 0x00005555576f18dd in js::InternalCallOrConstruct (cx=0x7ffff742f100, args=..., construct=js::NO_CONSTRUCT,
reason=js::CallReason::Call) at js/src/vm/Interpreter.cpp:547
#6 0x00005555576f2c71 in InternalCall (cx=0x7ffff742f100, args=..., reason=js::CallReason::Call)
at js/src/vm/Interpreter.cpp:614
#7 0x00005555576f2a35 in js::CallFromStack (cx=0x7ffff742f100, args=..., reason=js::CallReason::Call)
at js/src/vm/Interpreter.cpp:619
#8 0x00005555576e3759 in Interpret (cx=0x7ffff742f100, state=...)
at js/src/vm/Interpreter.cpp:3362
#9 0x00005555576d5830 in js::RunScript (cx=0x7ffff742f100, state=...)
at js/src/vm/Interpreter.cpp:431
|
Reporter | |
Updated•2 years ago
|
|
||
Comment 1•2 years ago
|
||
Not sure what we'd like to do about this; seems unlikely to be a big issue tho. Arai, thoughts?
Severity: -- → S3
Flags: needinfo?(arai.unmht)
Priority: -- → P3
|
Assignee | |
Comment 2•2 years ago
|
||
This is JS shell only function and doesn't affect Firefox.
I'll make it to use lossy conversion.
Assignee: nobody → arai.unmht
Status: NEW → ASSIGNED
Flags: needinfo?(arai.unmht)
|
|
Assignee | |
Comment 3•2 years ago
|
||
Pushed by arai_a@mac.com:
https://hg.mozilla.org/integration/autoland/rev/beba3efda45f
Use lossy conversion in shell disassemble function. r=mgaudet
|
||
Comment 5•2 years ago
|
||
Backed out for causing SM bustages on disassemble-filename.js
- Backout link
- Push with failures
- Failure Log
- Failure line: TEST-UNEXPECTED-FAIL | js/src/jit-test/tests/basic/disassemble-filename.js | :2:1 ReferenceError: disassemble is not defined (code 3, args "") [0.0 s
Failure log 2: https://treeherder.mozilla.org/logviewer?job_id=405219419&repo=autoland
Flags: needinfo?(arai.unmht)
Pushed by arai_a@mac.com:
https://hg.mozilla.org/integration/autoland/rev/8eb056b0a1dc
Use lossy conversion in shell disassemble function. r=mgaudet
|
||
Comment 7•2 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox111:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 111 Branch
|
|
Assignee | |
Updated•2 years ago
|
Flags: needinfo?(arai.unmht)
You need to log in
before you can comment on or make changes to this bug.
Description
•