Closed
Bug 707747
Opened 13 years ago
Closed 13 years ago
Crash [@ js::PutEscapedStringImpl] with findReferences
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 708261
People
(Reporter: decoder, Unassigned)
Details
(Keywords: crash, testcase, Whiteboard: js-triage-needed)
Crash Data
The following test crashes on mozilla-central revision cb70391c86d9 (options -m -n -a):
function C() {}
findReferences(C.prototype);
The first bad revision is:
changeset: 81282:e414b516fd92
user: Brian Hackett
date: Sat Oct 29 19:45:51 2011 -0700
summary: Fix misuse of shape->slot() in debugging code, bug 690396.
Because findReferences is shell only and the change was in debug-only code, I assume this is not S-s.
Backtrace:
(gdb) bt
#0 0x00000000005932ae in js::PutEscapedStringImpl (buffer=0x0, bufferSize=199, fp=0x0, str=0x7ffff60069c0, quote=0) at /srv/repos/mozilla-central/js/src/jsstr.cpp:4169
#1 0x000000000041303a in js::PutEscapedString (
buffer=0xbc2180 "\\u6040\\uF600\\u7FFF\\x00\\x01\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\u5020\\uF600\\u7FFF\\x00\\u3060\\uF600\\u7FFF\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\", size=200, str=0x7ffff60069c0, quote=0) at ../../jsstr.h:323
#2 0x00000000004bbd60 in js::gc::PrintPropertyId (
buf=0xbc2180 "\\u6040\\uF600\\u7FFF\\x00\\x01\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\u5020\\uF600\\u7FFF\\x00\\u3060\\uF600\\u7FFF\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\", bufsize=200, propid=..., label=0x76f4d2 "getter")
at /srv/repos/mozilla-central/js/src/jsgcmark.cpp:683
#3 0x00000000004bbea8 in js::gc::PrintPropertyGetterOrSetter (trc=0x7fffffffc840,
buf=0xbc2180 "\\u6040\\uF600\\u7FFF\\x00\\x01\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\u5020\\uF600\\u7FFF\\x00\\u3060\\uF600\\u7FFF\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\", bufsize=200) at /srv/repos/mozilla-central/js/src/jsgcmark.cpp:699
#4 0x000000000041a6da in HeapReverser::getEdgeDescription (this=0x7fffffffc840) at /srv/repos/mozilla-central/js/src/shell/jsheaptools.cpp:341
#5 0x000000000041a290 in HeapReverser::traverseEdge (this=0x7fffffffc840, cell=0x7ffff600a600, kind=JSTRACE_OBJECT) at /srv/repos/mozilla-central/js/src/shell/jsheaptools.cpp:278
#6 0x000000000041bfbf in HeapReverser::traverseEdgeWithThis (tracer=0x7fffffffc840, cell=0x7ffff600a600, kind=JSTRACE_OBJECT)
at /srv/repos/mozilla-central/js/src/shell/jsheaptools.cpp:254
#7 0x00000000004bf03d in js::gc::Mark<JSObject> (trc=0x7fffffffc840, thing=0x7ffff600a600) at /srv/repos/mozilla-central/js/src/jsgcmark.cpp:141
#8 0x00000000004ba741 in js::gc::MarkObjectWithPrinterUnbarriered (trc=0x7fffffffc840, obj=0x7ffff600a600,
printer=0x4bbe19 <js::gc::PrintPropertyGetterOrSetter(JSTracer*, char*, size_t)>, arg=0x7ffff6001a18, index=0) at /srv/repos/mozilla-central/js/src/jsgcmark.cpp:194
#9 0x00000000004bcc35 in js::gc::MarkChildren (trc=0x7fffffffc840, base=0x7ffff6001a18) at /srv/repos/mozilla-central/js/src/jsgcmark.cpp:959
#10 0x00000000004bd33b in js::TraceChildren (trc=0x7fffffffc840, thing=0x7ffff6001a18, kind=JSTRACE_BASE_SHAPE) at /srv/repos/mozilla-central/js/src/jsgcmark.cpp:1101
#11 0x000000000043507d in JS_TraceChildren (trc=0x7fffffffc840, thing=0x7ffff6001a18, kind=JSTRACE_BASE_SHAPE) at /srv/repos/mozilla-central/js/src/jsapi.cpp:2324
#12 0x000000000041a57c in HeapReverser::reverseHeap (this=0x7fffffffc840) at /srv/repos/mozilla-central/js/src/shell/jsheaptools.cpp:315
#13 0x000000000041aeed in FindReferences (cx=0xb2b930, argc=1, vp=0x7ffff63fb090) at /srv/repos/mozilla-central/js/src/shell/jsheaptools.cpp:598
#14 0x0000000000502883 in js::CallJSNative (cx=0xb2b930, native=0x41adbf <FindReferences(JSContext*, uintN, jsval*)>, args=...) at ../jscntxtinlines.h:297
|
||
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
|
Reporter | |
Comment 2•12 years ago
|
||
A testcase for this bug was already added in the original bug (bug 708261).
Flags: in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•