Closed Bug 588558 Opened 14 years ago Closed 14 years ago

js_DumpStackFrame(cx) crashes (fatal JS_ASSERT) when cx->fp is null

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dbaron, Assigned: luke)

References

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

fix
632 bytes, patch
Waldo
: review+
Details | Diff | Splinter Review 
Since http://hg.mozilla.org/mozilla-central/rev/c96ba53e745f , js_DumpStackFrame(cx) has crashed when cx->fp is null.

Sometime in the past week or so this started being triggered by a debugging patch I have in my tree:
http://hg.mozilla.org/users/dbaron_mozilla.com/patches/raw-file/ab8577e31cf6/no-components-dump-stack

It crashes because of the following JS_ASSERT in the FrameRegsIter constructor:

#4  <signal handler called>
#5  0x00007f6105b6e7bb in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
#6  0x00007f61054f7a45 in FrameRegsIter (cx=0x7f60caf3ecd0, start=0x0)
    at /home/dbaron/builds/mozilla-central/mozilla/js/src/jscntxtinlines.h:331
#7  js_DumpStackFrame (cx=0x7f60caf3ecd0, start=0x0)
    at /home/dbaron/builds/mozilla-central/mozilla/js/src/jsobj.cpp:6352
Attached patch fixSplinter Review 
Embarrassing bug; the fix is included with the remove-slow-natives patch, but might as well fix early.
Assignee: general → lw
Status: NEW → ASSIGNED
Attachment #467161 - Flags: review?(jwalden+bmo)
Attachment #467161 - Flags: review?(jwalden+bmo) → review+
http://hg.mozilla.org/tracemonkey/rev/b5ef64f4655f
Whiteboard: fixed-in-tracemonkey
http://hg.mozilla.org/mozilla-central/rev/b5ef64f4655f
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: