Hi guys,
I discovered another V8 crash, which happens only on my WinXP /
MinGW / GCC box. It also happens even with older versions of V8 (may
2010), which are not subject to http://code.google.com/p/v8/issues/detail?id=950
or http://code.google.com/p/v8/issues/detail?id=951 .
This time, the crash happens in an accessor of my custom object. The
problematic JS code implements reading from a socket:
var received = new Buffer(0);
do {
var part = s.receive(1024);
var tmp = new Buffer(received.length + part.length);
tmp.copyFrom(received);
tmp.copyFrom(part, 0, received.length);
received = tmp;
} while (part.length > 0);
In this code:
- Buffer is my custom class (its implementation does not seem
relevant to this case);
- Buffer.length is the problematic getter;
- s.receive returns data retrieved from socket in a buffer.
I stepped through this code in GDB and summarized my observations in
the following table:
https://spreadsheets.google.com/ccc?key=0Arh5AbqXfUQpdGkzOXZmeXprTWY3LUtiNFowclUwQVE&hl=en&authkey=CKKqq40J
. As you can see, the segfault happens in 9th attempt to read .length;
more specifically, in the GetInstanceType check (address 0x33a02f1
seems to be bogus).
My questions are:
1) is the JS code above okay? Please leave out any performance-related
discussion; I just want to make sure there are no errors.
2) how can I further assist in debugging this? My c++/gdb skills are
not very high, so I am not sure what is the correct direction now...
Thanks,
Ondrej
--
v8-users mailing list
[email protected]
http://groups.google.com/group/v8-users
