Closed
Bug 1252109
Opened 9 years ago
Closed 9 years ago
Crash [@ DebuggerObject_forceLexicalInitializationByName] or Assertion failure: isAtom(), at vm/String.h:457 with Debugger
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1246215
| Tracking | Status | |
|---|---|---|
| firefox47 | --- | fixed |
People
(Reporter: decoder, Assigned: mrrrgn)
Details
(4 keywords, Whiteboard: [jsbugmon:update,bisect])
Crash Data
The following testcase crashes on mozilla-central revision 5e0140b6d118 (build with --enable-optimize --enable-posix-nspr-emulation --enable-valgrind --enable-gczeal --target=i686-pc-linux-gnu --disable-tests --enable-simulator=arm --disable-debug, run with --fuzzing-safe --ion-offthread-compile=off min.js):
g = newGlobal();
dbg = new Debugger;
gw = dbg.addDebuggee(g);
function evalErrorStr(global, evalString) global.evaluate(evalString)
assertEq(evalErrorStr(g, "y = 1"), gw.forceLexicalInitializationByName("y"))
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
DebuggerObject_forceLexicalInitializationByName (cx=cx@entry=0xf7a72040, argc=1, vp=0xf4b1a070) at js/src/vm/Debugger.cpp:8067
#0 DebuggerObject_forceLexicalInitializationByName (cx=cx@entry=0xf7a72040, argc=1, vp=0xf4b1a070) at js/src/vm/Debugger.cpp:8067
#1 0x0848d6da in CallJSNative (args=..., native=0x8446320 <DebuggerObject_forceLexicalInitializationByName(JSContext*, unsigned int, JS::Value*)>, cx=0xf7a72040) at js/src/jscntxtinlines.h:235
[...]
#13 main (argc=4, argv=0xffffd8b4, envp=0xffffd8c8) at js/src/shell/js.cpp:7244
eax 0x155 341
ebx 0x9490960 155781472
ecx 0xa98 2712
edx 0x1 1
esi 0xf4d69040 -187264960
edi 0xf4d77a60 -187205024
ebp 0x153 339
esp 0xffffcba0 4294953888
eip 0x8446514 <DebuggerObject_forceLexicalInitializationByName(JSContext*, unsigned int, JS::Value*)+500>
=> 0x8446514 <DebuggerObject_forceLexicalInitializationByName(JSContext*, unsigned int, JS::Value*)+500>: mov (%ecx),%ebp
0x8446516 <DebuggerObject_forceLexicalInitializationByName(JSContext*, unsigned int, JS::Value*)+502>: mov %ebp,0x1c(%esp)
|
Reporter | |
Updated•9 years ago
|
Hardware: ARM → x86_64
|
||
Comment 1•9 years ago
|
||
Morgan, seems like something you might have been involved with? Can you take a look?
Flags: needinfo?(winter2718)
|
Assignee | |
Comment 2•9 years ago
|
||
Definitely on me. On it.
Assignee: nobody → winter2718
Flags: needinfo?(winter2718)
|
|
Assignee | |
Comment 3•9 years ago
|
||
So this bug has already been fixed: http://hg.mozilla.org/integration/mozilla-inbound/rev/c6437b3b18d7 It's not critical, but I can go ahead and request uplift.
|
|
Assignee | |
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
|
|
||
Updated•9 years ago
|
Resolution: FIXED → DUPLICATE
|
||
Updated•8 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•