Closed
Bug 817365
Opened 12 years ago
Closed 12 years ago
"Assertion failure: slot < numFixedSlots(),"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 817002
Tracking | Status | |
---|---|---|
firefox20 | --- | affected |
People
(Reporter: gkw, Unassigned)
Details
(Keywords: assertion, regression, testcase)
Attachments
(1 file)
11.59 KB,
text/plain
|
Details |
+++ This bug was initially created as a clone of Bug #817002 +++ The attached testcase asserts js debug shell on m-c changeset abb39d1df815 without any CLI arguments at Assertion failure: slot < numFixedSlots(), https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2012-11-30-mozilla-central-debug/jsshell-mac64.zip Happens everytime. s-s because gc is on the stack. Stack: Assertion failure: slot < numFixedSlots(), at ../../../js/src/vm/ObjectImpl.h:1243 Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000 0x000000010016540f in js::ArrayBufferObject::obj_trace () (gdb) bt #0 0x000000010016540f in js::ArrayBufferObject::obj_trace () #1 0x0000000100208e8c in js::ObjectImpl::markChildren () #2 0x0000000100099623 in IncrementalCollectSlice () #3 0x0000000100098cfe in GCCycle () #4 0x0000000100097e1c in Collect () #5 0x00000001000654d6 in js::DestroyContext () #6 0x0000000100002ecf in main () (gdb)
Reporter | ||
Comment 1•12 years ago
|
||
I really think this is bug 817002, so duping. Please undupe if it's incorrect.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Updated•12 years ago
|
tracking-firefox20:
? → ---
Updated•9 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•