Control: severity -1 serious
On Wed, 28 Sep 2016 14:51:23 +0800 Zheng Xu <zheng.xu@linaro.org> wrote:
> Package: libmozjs185-1.0
>
> root@3aeb83a7878f:~# cat a.js
> print("hello")
> root@3aeb83a7878f:~# couchjs a.js
> Segmentation fault (core dumped)
>
> couchjs is in couchdb-bin, but the issues is caused by a bug in mozjs.
> There is an assumption that the VA bits is less equal than 47 bits in
> mozjs. But it is not true any more when we compile the kernel with 48 VA
> bits.
>
> Patch is attached which should fix the problem.
>
> Reference links :
> 1. upstream fix : https://bugzilla.mozilla.org/show_bug.cgi?id=1143022
> 2. redhat fix : https://bugzilla.redhat.com/show_bug.cgi?id=1242326
>
> Note : Upstream patch limit the heap in the 47 bits world so that we won't
> break the assumption. But the attached patch uses a different fix. It uses
> less tag bits so that we can live with 48 VA bits. Because the old mozjs
> may take JS objects from C code which is not allocated from JS heap.
We have a temporary workaround for this in the kernel in unstable, but
I want to remove that before releasing stretch. This must be fixed in
mozjs.
Ben.
--
Ben Hutchings
Nothing is ever a complete failure; it can always serve as a bad
example.
Attachment:
signature.asc
Description: This is a digitally signed message part