Bug 1923389 Comment 0 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by

Nils Bars

on 2024-10-08 08:32:44 PDT

Steps to reproduce:

Version: `488d81581a9142d532bf814efa60564ff11599ca`
Flags:
```
js --fuzzing-safe <test-case>
```
Test case:
```
a = principal = this
newGlobal(a).createMappedArrayBuffer(a)
```



Actual results:

```
Assertion failure: cx->isExceptionPending() || cx->isPropagatingForcedReturn() || cx->hadUncatchableException(), at js/src/vm/Interpreter.cpp:439
#0 0x557a3675a1a9 in AssertExceptionResult(JSContext*) js/src/vm/Interpreter.cpp:438:3
#1 0x557a3675b5cf in CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) js/src/vm/Interpreter.cpp:532:5
#2 0x557a3675a7af in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) js/src/vm/Interpreter.cpp:623:12
#3 0x557a367729a4 in js::CallFromStack(JSContext*, JS::CallArgs const&, js::CallReason) js/src/vm/Interpreter.cpp:695:10
#4 0x557a367729a4 in js::Interpret(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:3520:16
#5 0x557a367595e0 in js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:497:13
#6 0x557a3675e991 in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp:888:13
#7 0x557a3675f19c in js::Execute(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp:921:10
#8 0x557a369aa479 in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::MutableHandle<JS::Value>) js/src/vm/CompilationAndEvaluation.cpp:495:10
#9 0x557a369aa6f7 in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>) js/src/vm/CompilationAndEvaluation.cpp:519:10
#10 0x557a366c31be in RunFile(JSContext*, char const*, _IO_FILE*, CompileUtf8, bool, bool) js/src/shell/js.cpp:1316:10
#11 0x557a366c2525 in Process(JSContext*, char const*, bool, FileKind) js/src/shell/js.cpp
#12 0x557a3667d53e in ProcessArgs(JSContext*, js::cli::OptionParser*) js/src/shell/js.cpp:11417:10
#13 0x557a3667d53e in Shell(JSContext*, js::cli::OptionParser*) js/src/shell/js.cpp:11669:12
#14 0x557a366747bd in main js/src/shell/js.cpp:12226:12
#15 0x7fa32b430d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#16 0x7fa32b430e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#17 0x557a3663dda8 in _start (reproducebuild/dist/bin/js+0x1c3bda8) (BuildId: 62459495c6e31cf3b7e66d4f41a060e5)

```

Revision 1 by

Nils Bars

on 2024-10-08 08:33:39 PDT

Steps to reproduce:

Version: `488d81581a9142d532bf814efa60564ff11599ca`
Flags:
```
js --fuzzing-safe <test-case>
```
Test case:
```js
a = principal = this
newGlobal(a).createMappedArrayBuffer(a)
```



Actual results:

```
Assertion failure: cx->isExceptionPending() || cx->isPropagatingForcedReturn() || cx->hadUncatchableException(), at js/src/vm/Interpreter.cpp:439
#0 0x557a3675a1a9 in AssertExceptionResult(JSContext*) js/src/vm/Interpreter.cpp:438:3
#1 0x557a3675b5cf in CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) js/src/vm/Interpreter.cpp:532:5
#2 0x557a3675a7af in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) js/src/vm/Interpreter.cpp:623:12
#3 0x557a367729a4 in js::CallFromStack(JSContext*, JS::CallArgs const&, js::CallReason) js/src/vm/Interpreter.cpp:695:10
#4 0x557a367729a4 in js::Interpret(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:3520:16
#5 0x557a367595e0 in js::RunScript(JSContext*, js::RunState&) js/src/vm/Interpreter.cpp:497:13
#6 0x557a3675e991 in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp:888:13
#7 0x557a3675f19c in js::Execute(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::MutableHandle<JS::Value>) js/src/vm/Interpreter.cpp:921:10
#8 0x557a369aa479 in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::MutableHandle<JS::Value>) js/src/vm/CompilationAndEvaluation.cpp:495:10
#9 0x557a369aa6f7 in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>) js/src/vm/CompilationAndEvaluation.cpp:519:10
#10 0x557a366c31be in RunFile(JSContext*, char const*, _IO_FILE*, CompileUtf8, bool, bool) js/src/shell/js.cpp:1316:10
#11 0x557a366c2525 in Process(JSContext*, char const*, bool, FileKind) js/src/shell/js.cpp
#12 0x557a3667d53e in ProcessArgs(JSContext*, js::cli::OptionParser*) js/src/shell/js.cpp:11417:10
#13 0x557a3667d53e in Shell(JSContext*, js::cli::OptionParser*) js/src/shell/js.cpp:11669:12
#14 0x557a366747bd in main js/src/shell/js.cpp:12226:12
#15 0x7fa32b430d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#16 0x7fa32b430e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#17 0x557a3663dda8 in _start (reproducebuild/dist/bin/js+0x1c3bda8) (BuildId: 62459495c6e31cf3b7e66d4f41a060e5)

```

Back to Bug 1923389 Comment 0