[Webkit-unassigned] [Bug 16026] New: GC: Using != when comparing pointers when marking stack objects can cause segfaults

Fri Nov 16 21:54:31 PST 2007

http://bugs.webkit.org/show_bug.cgi?id=16026

           Summary: GC: Using != when comparing pointers when marking stack
                    objects can cause segfaults
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: Other
        OS/Version: Other
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P3
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: leavengood at gmail.com

When testing JSC on Haiku I got segfaults in certain JavaScript tests. It
turned out that the p and e pointers used in markStackObjectsConservatively
were not aligned perfectly, so when the GC ran the != check failed and the loop
continued into invalid memory.

Using < is safer and works just the same as !=, stopping the loop when
appropriate.

See attached patch.

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.