Closed Bug 1496330 Opened 3 years ago Closed 2 years ago
Assertion failure: JSID
_IS _ATOM(id) && frontend::Is Identifier(JSID _TO _ATOM(id)), at js/src/vm/String Type .cpp:2229
tested on m-i 21b67d2084a6 Configure flags: --enable-warnings-as-errors --disable-optimize --enable-debug Runtime flag: -B is_atom.binjs Result: Assertion failure: JSID_IS_ATOM(id) && frontend::IsIdentifier(JSID_TO_ATOM(id)), at js/src/vm/StringType.cpp:2229
encoded from js/src/jit-test/tests/basic/bug660597.js I'll add all testcase in bug 1495611, so no need to add it here
I'm not sure if this assertion is handled in the code below it or not. at least part of it is. What's an appropriate rating here?
the assertion failure itself in the function is safe (just that the behavior seems to be wrong), but the underlying issue is that internal `.this` binding is missing in the environment, which shouldn't happen. that results in throwing an error for undefined variable for internal thing (and it results in hitting the assertion failure), that also shouldn't happen. I haven't yet found any way that this hits more critical issue than just wrong behavior, but there might be issue around dereferencing wrong pointer in scope object etc. I'm afraid I'm not sure which rating will be suitable. then, this code is used only when BinAST is enabled, which is disabled by default in pref, so this shouldn't affect much users. this applies all bugs under bug 1495611.
Gonna take a look.
Assignee: nobody → efaustbmo
.this was not set aliased, because the with block didn't properly pollute the outer scope.
Attachment #9015363 - Flags: review?(arai.unmht)
Comment on attachment 9015363 [details] [diff] [review] Fix Review of attachment 9015363 [details] [diff] [review]: ----------------------------------------------------------------- thanks!
Attachment #9015363 - Flags: review?(arai.unmht) → review+
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
You need to log in before you can comment on or make changes to this bug.