Closed
Bug 1263882
Opened 9 years ago
Closed 9 years ago
Crash [@ ??] with Wasm.instantiateModule
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla48
| Tracking | Status | |
|---|---|---|
| firefox48 | --- | fixed |
People
(Reporter: decoder, Unassigned)
Details
(Keywords: crash, testcase, Whiteboard: [jsbugmon:update])
Crash Data
Attachments
(1 file)
The following testcase crashes on mozilla-central revision d62963756d9a (build with --enable-optimize --enable-posix-nspr-emulation --enable-valgrind --enable-gczeal --target=i686-pc-linux-gnu --disable-tests --enable-debug, run with --fuzzing-safe --ion-offthread-compile=off):
evaluate(`Wasm.instantiateModule(wasmTextToBinary('(module )')) `, {
fileName: null
})
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
0xf7d1e236 in ?? () from /lib32/libc.so.6
#0 0xf7d1e236 in ?? () from /lib32/libc.so.6
#1 0x0812198e in strdup (src=0x0) at memory/build/mozmemory_wrap.c:86
#2 0x0860befe in js_strdup (s=0x0) at js/src/debug32/dist/include/js/Utility.h:281
#3 js::DuplicateString (s=0x0) at js/src/jsstr.cpp:3104
#4 0x081e5622 in js::wasm::Eval (cx=cx@entry=0xf7a73020, code=code@entry=..., importObj=importObj@entry=..., instance=instance@entry=...) at js/src/asmjs/Wasm.cpp:1624
#5 0x081e63e2 in InstantiateModule (cx=0xf7a73020, argc=1, vp=0xf4c250c0) at js/src/asmjs/Wasm.cpp:1690
#6 0x0871dfca in js::CallJSNative (cx=0xf7a73020, native=0x81e61c0 <InstantiateModule(JSContext*, unsigned int, JS::Value*)>, args=...) at js/src/jscntxtinlines.h:235
[...]
#27 main (argc=4, argv=0xffffd8b4, envp=0xffffd8c8) at js/src/shell/js.cpp:7443
eax 0x0 0
ebx 0x98a9af4 160078580
ecx 0x0 0
edx 0xffffc310 -15600
esi 0x0 0
edi 0x0 0
ebp 0xffffc258 4294951512
esp 0xffffc234 4294951476
eip 0xf7d1e236 4157727286
=> 0xf7d1e236: movdqu (%edi),%xmm1
0xf7d1e23a: pcmpeqb %xmm1,%xmm0
|
||
Updated•9 years ago
|
Whiteboard: [jsbugmon:update,bisect] → [jsbugmon:update]
|
|
||
Comment 1•9 years ago
|
||
JSBugMon: Bisection requested, result:
=== Treeherder Build Bisection Results by autoBisect ===
The "good" changeset has the timestamp "20160314064830" and the hash "ec1879bdc5dc04d4a810c5177be94eb9b3218b9b".
The "bad" changeset has the timestamp "20160314064944" and the hash "2b83147ead2695427cd346eb80cf8c33a2210ba7".
Likely regression window: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=ec1879bdc5dc04d4a810c5177be94eb9b3218b9b&tochange=2b83147ead2695427cd346eb80cf8c33a2210ba7
|
||
Comment 2•9 years ago
|
||
Looking.
|
|
||
Comment 3•9 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/47169/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/47169/
Attachment #8742378 -
Flags: review?(luke)
|
||
Comment 4•9 years ago
|
||
Comment on attachment 8742378 [details]
MozReview Request: Bug 1263882: Set a default value in DescribeScriptedCaller if the filename is null; r?luke
https://reviewboard.mozilla.org/r/47169/#review43707
Oh null filename, my old nemesis.
Attachment #8742378 -
Flags: review?(luke) → review+
|
||
Comment 6•9 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
You need to log in
before you can comment on or make changes to this bug.
Description
•