Public bug reported:
Calls to JS_DefineFunctions do not work in 32bit builds, sometimes
leading to segmentation faults. Here is a sample backtrace from gdb
(when it segfaulted):
#0 0x4011c25b in strlen () from /lib/tls/i686/cmov/libc.so.6
#1 0x4082dd98 in JS_DefineFunction (cx=0x81f1eb0, obj=0x81f5830, name=0x1
<Address 0x1 out of bounds>,
call=0x4082ee20 <js_generic_native_method_dispatcher>, nargs=99, attrs=211)
at jsapi.c:3738
#2 0x4082ebb7 in JS_DefineFunctions (cx=0x81f1eb0, obj=0x81f5938,
fs=0x4093852c) at jsapi.c:3708
#3 0x4092fb44 in MY_InitFunctions (cx=0x81f1eb0) at core.c:1081
Some more investigation has show that JS_DefineFunctions loops over the
array that it is passed and calls JS_DefineFunction. The first call to
JS_DefineFunction works just fine. It is the second call where the
problem occurs.
Specifically, it appears to be a bug in the way the JSFunctionSpec is
defined
(https://developer.mozilla.org/En/SpiderMonkey/JSAPI_Reference/JSFunctionSpec)
When the following JSFunctionSpec is used, you get a segfault on the
32bit build (but not on the 64bit build):
static JSFunctionSpec global_funcs[] = {
{"a", TestFunc, 1, 0, 1},
{"b", TestFunc, 1, 0, 1},
{NULL,NULL,0,0,0}
};
I have attached a small sample program the demonstrates this bug. It can be
compiled with the following comand:
gcc -I/usr/include/mozjs -g -DXP_UNIX test.c -lmozjs -o test
** Affects: xulrunner-1.9 (Ubuntu)
Importance: Undecided
Status: New
--
JS_DefineFunctions Does Not Work in 32bit Build (SegFaults)
https://bugs.launchpad.net/bugs/339331
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
