Closed
Bug 1334573
Opened 7 years ago
Closed 7 years ago
Assertion failure: slot.toObject().is<PluralRulesObject>(), at js/src/builtin/Intl.cpp:3504
Categories
(Core :: JavaScript: Internationalization API, defect)
Tracking
()
RESOLVED
FIXED
mozilla54
| Tracking | Status | |
|---|---|---|
| firefox52 | --- | unaffected |
| firefox53 | --- | unaffected |
| firefox54 | --- | fixed |
People
(Reporter: decoder, Assigned: anba)
References
Details
(4 keywords, Whiteboard: [fuzzblocker] [jsbugmon:update])
Attachments
(1 file)
|
1.49 KB,
patch
|
Waldo
:
review+
|
Details | Diff | Splinter Review |
The following testcase crashes on mozilla-central revision 8dbe89935366 (build with --enable-posix-nspr-emulation --enable-valgrind --enable-gczeal --disable-tests --enable-debug --enable-optimize, run with --fuzzing-safe --ion-offthread-compile=off min.js): addIntlExtras(Intl); addIntlExtras(Intl); Backtrace: received signal SIGSEGV, Segmentation fault. 0x0000000000572468 in js::GlobalObject::addPluralRulesConstructor (cx=cx@entry=0x7ffff6946000, intl=...) at js/src/builtin/Intl.cpp:3504 #0 0x0000000000572468 in js::GlobalObject::addPluralRulesConstructor (cx=cx@entry=0x7ffff6946000, intl=...) at js/src/builtin/Intl.cpp:3504 #1 0x000000000057264a in js::AddPluralRulesConstructor (cx=cx@entry=0x7ffff6946000, intl=..., intl@entry=...) at js/src/builtin/Intl.cpp:3523 #2 0x00000000004490eb in AddIntlExtras (cx=0x7ffff6946000, argc=<optimized out>, vp=<optimized out>) at js/src/shell/js.cpp:913 #3 0x000000000053512d in js::CallJSNative (cx=cx@entry=0x7ffff6946000, native=0x449000 <AddIntlExtras(JSContext*, unsigned int, JS::Value*)>, args=...) at js/src/jscntxtinlines.h:239 [...] #16 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at js/src/shell/js.cpp:7960 Marking fuzzblocker as this is happening frequently.
|
||
Updated•7 years ago
|
Whiteboard: [jsbugmon:update,bisect][fuzzblocker] → [fuzzblocker] [jsbugmon:update]
|
|
||
Comment 1•7 years ago
|
||
JSBugMon: Bisection requested, result: autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: https://hg.mozilla.org/mozilla-central/rev/a67ac2fe858f user: André Bargull date: Thu Jan 26 04:56:40 2017 -0800 summary: Bug 1332604 - Part 1: Change Intl prototypes to plain objects. r=Waldo This iteration took 254.397 seconds to run.
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → andrebargull
|
|
Assignee | |
Updated•7 years ago
|
Component: JavaScript Engine → JavaScript: Internationalization API
|
|
Assignee | |
Comment 2•7 years ago
|
||
Attachment #8831418 -
Flags: review?(jwalden+bmo)
|
||
Comment 3•7 years ago
|
||
Comment on attachment 8831418 [details] [diff] [review] bug1334573.patch Review of attachment 8831418 [details] [diff] [review]: ----------------------------------------------------------------- Ugh.
Attachment #8831418 -
Flags: review?(jwalden+bmo) → review+
|
|
Assignee | |
Updated•7 years ago
|
Keywords: checkin-needed
Pushed by cbook@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/58e48aa02dce Remove assertion that Intl.PluralRules.prototype is an Intl.PluralRules instance. r=Waldo
Keywords: checkin-needed
|
||
Comment 5•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/58e48aa02dce
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
|
||
Updated•7 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•