Closed
Bug 780027
Opened 12 years ago
Closed 12 years ago
Crash [@ js::gc::MarkInternal<JSString>] or [@ js::gc::MarkIdRootRange] or "Assertion failure: thing,"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla17
People
(Reporter: gkw, Assigned: billm)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(3 files)
x = y = [0,,0] print(uneval) for (z = 0; z < 89; ++z) { x = x.concat(y) } schedulegc(8) uneval(x) asserts js debug shell on m-i changeset 1924fe55fb6e without any CLI arguments at Assertion failure: thing, and crashes js opt shell at js::gc::MarkInternal<JSString> with js::gc::MarkIdRootRange somewhere on the stack.
Reporter | ||
Comment 1•12 years ago
|
||
autoBisect is running, but incremental GC stuff seem to be on the stack, cc'ing iGC folks.
Assignee | ||
Updated•12 years ago
|
Assignee: general → wmccloskey
Reporter | ||
Comment 2•12 years ago
|
||
Reporter | ||
Comment 3•12 years ago
|
||
I won't have the regressing bug pointed at by autoBisect because in the range in comment 2, some changesets don't compile, so it's about the best one can have for the moment.
Assignee | ||
Comment 4•12 years ago
|
||
We're asserting because we try to mark a NULL jsid. That happens because we aren't properly initializing an AutoIdVector after reserving space out of it.
Attachment #649894 -
Flags: review?(terrence)
Assignee | ||
Comment 5•12 years ago
|
||
Not sensitive because it only affects JS_MORE_DETERMINISTIC builds.
Group: core-security
Reporter | ||
Comment 6•12 years ago
|
||
This is likely fallout from bug 779393 which in turn likely was fallout from bug 776579.
Blocks: 779393
Updated•12 years ago
|
Attachment #649894 -
Flags: review?(terrence) → review+
Assignee | ||
Comment 7•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/475b2318e182
Comment 8•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/475b2318e182
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla17
You need to log in
before you can comment on or make changes to this bug.
Description
•