michael@0: /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: //----------------------------------------------------------------------------- michael@0: var BUGNUMBER = 360681; michael@0: var summary = 'Regression from bug 224128'; michael@0: var actual = ''; michael@0: var expect = ''; michael@0: michael@0: michael@0: //----------------------------------------------------------------------------- michael@0: test(); michael@0: //----------------------------------------------------------------------------- michael@0: michael@0: function test() michael@0: { michael@0: enterFunc ('test'); michael@0: printBugNumber(BUGNUMBER); michael@0: printStatus (summary); michael@0: michael@0: expect = actual = 'No Crash'; michael@0: michael@0: var N = 1000; michael@0: michael@0: // Make an array with a hole at the end michael@0: var a = Array(N); michael@0: for (i = 0; i < N - 1; ++i) michael@0: a[i] = 1; michael@0: michael@0: // array_sort due for array with N elements with allocates a temporary vector michael@0: // with 2*N. Lets create strings that on 32 and 64 bit CPU cause allocation michael@0: // of the same amount of memory + 1 word for their char arrays. After we GC michael@0: // strings with a reasonable malloc implementation that memory will be most michael@0: // likely reused in array_sort for the temporary vector. Then the bug causes michael@0: // accessing the one-beyond-the-aloocation word and re-interpretation of michael@0: // 0xFFF0FFF0 as GC thing. michael@0: michael@0: var str1 = Array(2*(2*N + 1) + 1).join(String.fromCharCode(0xFFF0)); michael@0: var str2 = Array(4*(2*N + 1) + 1).join(String.fromCharCode(0xFFF0)); michael@0: gc(); michael@0: str1 = str2 = null; michael@0: gc(); michael@0: michael@0: var firstCall = true; michael@0: a.sort(function (a, b) { michael@0: if (firstCall) { michael@0: firstCall = false; michael@0: gc(); michael@0: } michael@0: return a - b; michael@0: }); michael@0: michael@0: reportCompare(expect, actual, summary); michael@0: michael@0: exitFunc ('test'); michael@0: }