Bug 669458 – immediate crash

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 669458 - immediate crash


Summary:	immediate crash


Status:	RESOLVED FIXED

Product:	gjs
Classification:	Bindings
Component:	general
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	gjs-maint
QA Contact:	gjs-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2012-02-06 09:58 UTC by Frederic Peters
Modified:	2012-02-06 19:15 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
GType: ensure that function and properties definitions are closed (1.22 KB, patch) 2012-02-06 15:30 UTC, Giovanni Campagna	committed	Details \| Review

Description Frederic Peters 2012-02-06 09:58:08 UTC

After a recent round of jhbuild updates, gnome-shell segfaults immediately:

gnome-shell: 39dd24310d7e79c50dca6891e39cc1a553709ac7
mutter: 7319b10d72b1fd6796c64bce1034c20f5ae2f101
gjs: 1292ae26b0fdb02113f302264e7d75c8cfb6ff2b

Core was generated by `gnome-shell --replace'.
Program terminated with signal 11, Segmentation fault.

+ Trace 229608

#0 __strlen_sse2
at ../sysdeps/x86_64/multiarch/../strlen.S line 43
#0 __strlen_sse2
at ../sysdeps/x86_64/multiarch/../strlen.S line 43
#1 JS_DefineFunction
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#2 JS_DefineFunctions
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#3 js::DefineConstructorAndPrototype(JSContext*, JSObject*, JSProtoKey, JSAtom*, JSObject*, js::Class*, int (*)(JSContext*, unsigned int, js::Value*), unsigned int, JSPropertySpec*, JSFunctionSpec*, JSPropertySpec*, JSFunctionSpec*)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#4 js_InitClass(JSContext*, JSObject*, JSObject*, js::Class*, int (*)(JSContext*, unsigned int, js::Value*), unsigned int, JSPropertySpec*, JSFunctionSpec*, JSPropertySpec*, JSFunctionSpec*)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#5 gjs_gtype_create_proto
at gi/gtype.c line 36
#6 gjs_gtype_create_gtype_wrapper
at gi/gtype.c line 127
#7 gjs_value_from_g_argument
at gi/arg.c line 2327
#8 gjs_invoke_c_function
at gi/function.c line 974
#9 function_call
at gi/function.c line 1231
#10 js::Invoke(JSContext*, js::CallArgs const&, unsigned int)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#11 js::Interpret(JSContext*, JSStackFrame*, unsigned int, JSInterpMode)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#12 js::RunScript(JSContext*, JSScript*, JSStackFrame*)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#13 js::Invoke(JSContext*, js::CallArgs const&, unsigned int)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#14 js::ExternalInvoke(JSContext*, js::Value const&, js::Value const&, unsigned int, js::Value*, js::Value*)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#15 JS_CallFunctionValue
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#16 resolve_namespace_object
at gi/repo.c line 124
#17 repo_new_resolve
at gi/repo.c line 184
#18 CallResolveOp(JSContext*, JSObject*, JSObject*, long, unsigned int, JSObject**, JSProperty**, bool*)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#19 js_GetProperty(JSContext*, JSObject*, JSObject*, long, js::Value*)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#20 JS_GetPropertyById
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#21 JS_GetProperty
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#22 gjs_object_require_property
at gjs/jsapi-util.c line 421
#23 gjs_lookup_namespace_object_by_name
at gi/repo.c line 631
#24 gjs_lookup_namespace_object
at gi/repo.c line 548
#25 gjs_define_object_class
at gi/object.c line 1494
#26 gjs_lookup_object_prototype
at gi/object.c line 1081
#27 gjs_define_object_class
at gi/object.c line 1601
#28 gjs_define_info
at gi/repo.c line 482
#29 ns_new_resolve
at gi/ns.c line 114
#30 CallResolveOp(JSContext*, JSObject*, JSObject*, long, unsigned int, JSObject**, JSProperty**, bool*)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#31 js_GetPropertyHelper(JSContext*, JSObject*, long, unsigned int, js::Value*)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#32 js::Interpret(JSContext*, JSStackFrame*, unsigned int, JSInterpMode)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#33 js::RunScript(JSContext*, JSScript*, JSStackFrame*)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#34 js::Execute(JSContext*, JSObject*, JSScript*, JSStackFrame*, unsigned int, js::Value*)
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#35 JS_EvaluateUCScriptForPrincipals
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#36 JS_EvaluateUCScript
from /scratch/jhbuild/lib/libmozjs185.so.1.0
#37 gjs_context_eval
#38 gnome_shell_plugin_start
at gnome-shell-plugin.c line 180
#39 meta_plugin_manager_initialize
at compositor/meta-plugin-manager.c line 129
#40 meta_compositor_manage_screen
at compositor/compositor.c line 562
#41 enable_compositor
at core/display.c line 378
#42 meta_display_open
at core/display.c line 820
#43 meta_run
at core/main.c line 552
#44 main
at main.c line 352

Comment 1 Giovanni Campagna 2012-02-06 15:30:07 UTC

It's a gjs bug (caused by a missing NULL at the end of function definitions), so reassigning.

Comment 2 Giovanni Campagna 2012-02-06 15:30:28 UTC

Created attachment 206900 [details] [review]
GType: ensure that function and properties definitions are closed

The JSAPI expects to find a NULL name at the end of property and
function definitions in JS_InitClass, and not finding it it will
handle bogus memory to string.h functions (which is a secure crash)

Comment 3 Jasper St. Pierre (not reading bugmail) 2012-02-06 16:00:39 UTC

Review of attachment 206900 [details] [review]:

Yep.

Comment 4 Colin Walters 2012-02-06 16:15:26 UTC

Review of attachment 206900 [details] [review]:

Looks right.

Comment 5 Giovanni Campagna 2012-02-06 19:15:19 UTC

Attachment 206900 [details] pushed as b5ba02d - GType: ensure that function and properties definitions are closed