Closed Bug 1547136 Opened 5 years ago Closed 5 years ago

Assertion failure: DeclarationKindIsCatchParameter(kind), at js/src/frontend/ParseContext.cpp:190

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1547133
Tracking Flags:
Tracking Status
firefox68 --- disabled

People

(Reporter: decoder, Assigned: khyperia)

References

Details

(4 keywords, Whiteboard: [jsbugmon:update,bisect])

The following testcase crashes on mozilla-central revision 0ec836eceb96 (build with --enable-posix-nspr-emulation --enable-valgrind --enable-gczeal --disable-tests --disable-profiling --enable-debug --enable-optimize, run with --fuzzing-safe --ion-offthread-compile=off --enable-experimental-fields):

try {} catch ([ c = class { ["s"] }]) {}

Backtrace:

received signal SIGSEGV, Segmentation fault.
#0  js::frontend::ParseContext::Scope::addCatchParameters (this=this@entry=0x7fffffffb860, pc=<optimized out>, catchParamScope=...) at js/src/frontend/ParseContext.cpp:190
#1  0x0000555555f06513 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::catchBlockStatement (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, catchParamScope=...) at js/src/frontend/Parser.cpp:6677
#2  0x0000555555f11c63 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::tryStatement (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName) at js/src/frontend/Parser.cpp:6595
#3  0x0000555555f0578b in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::statementListItem (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName, canHaveDirectives=<optimized out>) at js/src/frontend/Parser.cpp:7920
#4  0x0000555555f05c88 in js::frontend::GeneralParser<js::frontend::FullParseHandler, char16_t>::statementList (this=this@entry=0x7fffffffc8d0, yieldHandling=yieldHandling@entry=js::frontend::YieldIsName) at js/src/frontend/Parser.cpp:3443
#5  0x0000555555f164ca in js::frontend::Parser<js::frontend::FullParseHandler, char16_t>::globalBody (this=0x7fffffffc8d0, globalsc=globalsc@entry=0x7fffffffcf18) at js/src/frontend/Parser.cpp:1437
#6  0x0000555555f46c74 in js::frontend::ScriptCompiler<char16_t>::compileScript (this=this@entry=0x7fffffffc3a0, info=..., environment=..., environment@entry=..., sc=sc@entry=0x7fffffffcf18) at js/src/frontend/BytecodeCompiler.cpp:548
#7  0x0000555555f39c84 in CreateGlobalScript<char16_t> (info=..., srcBuf=..., sourceObjectOut=sourceObjectOut@entry=0x0) at js/src/frontend/BytecodeCompiler.cpp:207
#8  0x0000555555f39e2a in js::frontend::CompileGlobalScript (info=..., srcBuf=..., sourceObjectOut=sourceObjectOut@entry=0x0) at js/src/frontend/BytecodeCompiler.cpp:219
#9  0x0000555555a102c6 in CompileSourceBuffer<char16_t> (cx=cx@entry=0x7ffff5f19000, options=..., srcBuf=...) at js/src/vm/CompilationAndEvaluation.cpp:69
#10 0x0000555555a1048b in CompileUtf8Inflating (cx=cx@entry=0x7ffff5f19000, options=..., srcBuf=...) at js/src/vm/CompilationAndEvaluation.cpp:91
#11 0x0000555555a105f6 in JS::CompileUtf8File (cx=0x7ffff5f19000, options=..., file=<optimized out>) at js/src/vm/CompilationAndEvaluation.cpp:124
[...]
#16 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at js/src/shell/js.cpp:11373
rax	0x555557c90360	93825033372512
rbx	0x555556bf6980	93825015966080
rcx	0x7ffff6c1c2dd	140737333281501
rdx	0x0	0
rsi	0x7ffff6eeb770	140737336227696
rdi	0x7ffff6eea540	140737336223040
rbp	0x7fffffffb810	140737488336912
rsp	0x7fffffffb6f0	140737488336624
r8	0x7ffff6eeb770	140737336227696
r9	0x7ffff7fe6cc0	140737354034368
r10	0x58	88
r11	0x7ffff6b927a0	140737332717472
r12	0x7fffffffb770	140737488336752
r13	0x7fffffffb860	140737488336992
r14	0x7fffffffb720	140737488336672
r15	0x3	3
rip	0x555555f72599 <js::frontend::ParseContext::Scope::addCatchParameters(js::frontend::ParseContext*, js::frontend::ParseContext::Scope&)+873>
=> 0x555555f72599 <js::frontend::ParseContext::Scope::addCatchParameters(js::frontend::ParseContext*, js::frontend::ParseContext::Scope&)+873>:	movl   $0x0,0x0
   0x555555f725a4 <js::frontend::ParseContext::Scope::addCatchParameters(js::frontend::ParseContext*, js::frontend::ParseContext::Scope&)+884>:	ud2

I think this is a duplicate of bug 1547133 - or at least, it's fixed by the same one-line change.

Assignee: nobody → khyperia
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.