Control: severity -1 serious On Wed, 28 Sep 2016 14:51:23 +0800 Zheng Xu <zheng...@linaro.org> wrote: > Package: libmozjs185-1.0 > > root@3aeb83a7878f:~# cat a.js > print("hello") > root@3aeb83a7878f:~# couchjs a.js > Segmentation fault (core dumped) > > couchjs is in couchdb-bin, but the issues is caused by a bug in mozjs. > There is an assumption that the VA bits is less equal than 47 bits in > mozjs. But it is not true any more when we compile the kernel with 48 VA > bits. > > Patch is attached which should fix the problem. > > Reference links : > 1. upstream fix : https://bugzilla.mozilla.org/show_bug.cgi?id=1143022 > 2. redhat fix : https://bugzilla.redhat.com/show_bug.cgi?id=1242326 > > Note : Upstream patch limit the heap in the 47 bits world so that we won't > break the assumption. But the attached patch uses a different fix. It uses > less tag bits so that we can live with 48 VA bits. Because the old mozjs > may take JS objects from C code which is not allocated from JS heap.
We have a temporary workaround for this in the kernel in unstable, but I want to remove that before releasing stretch. This must be fixed in mozjs. Ben. -- Ben Hutchings Nothing is ever a complete failure; it can always serve as a bad example.
signature.asc
Description: This is a digitally signed message part