Closed
Bug 1496335
Opened 6 years ago
Closed 6 years ago
Assertion failure: scope->firstFrameSlot() == firstFrameSlot, at js/src/vm/Scope.cpp:592
Categories
(Core :: JavaScript Engine, defect, P3)
Core
JavaScript Engine
Tracking
()
RESOLVED
DUPLICATE
of bug 1496330
| Tracking | Status | |
|---|---|---|
| firefox64 | --- | disabled |
People
(Reporter: arai, Unassigned)
References
Details
(Keywords: assertion, sec-high, testcase)
Attachments
(1 file)
|
399 bytes,
application/octet-stream
|
Details |
tested on m-i 21b67d2084a6 Configure flags: --enable-warnings-as-errors --disable-optimize --enable-debug Runtime flag: -B slot.binjs Result: Assertion failure: scope->firstFrameSlot() == firstFrameSlot, at js/src/vm/Scope.cpp:592
|
Reporter | |
Comment 1•6 years ago
|
||
encoded from js/src/jit-test/tests/basic/bug601401.js I'll add all testcase in bug 1495611, so no need to add it here
|
||
Updated•6 years ago
|
Group: core-security → javascript-core-security
|
||
Comment 2•6 years ago
|
||
IIRC BinAST is off by default in Firefox 64? setting from 'affected' to 'disabled' for that release but please correct me if I'm wrong. I don't know what this assertion means so I'll guess "bad" and rate this sec-high. Please correct me on that, too, if wrong.
|
||
Comment 3•6 years ago
|
||
BinAST is nightly-only for the time being. Any uplifted branch is not affected.
|
|
Reporter | |
Comment 4•6 years ago
|
||
already fixed in latest m-c
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
|
||
Comment 5•4 years ago
|
||
Removing employee no longer with company from CC list of private bugs.
|
|
||
Updated•1 year ago
|
Group: javascript-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•