Closed
Bug 1604787
Opened 5 years ago
Closed 5 years ago
Assertion failure: (lazy & MatchedFlagsMask) == (nonLazy & MatchedFlagsMask), at /builds/worker/workspace/build/src/js/src/frontend/BytecodeCompiler.cpp:977
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
DUPLICATE
of bug 1604792
| Tracking | Status | |
|---|---|---|
| firefox73 | --- | fixed |
People
(Reporter: bc, Unassigned)
References
()
Details
(Keywords: assertion, regression, reproducible)
Attachments
(1 file)
|
15.00 KB,
text/plain
|
Details |
Nightly Linux (Fedora) at least. Does not reproduce on Beta. This may be a recent regression but I haven't checked.
- Assertion failure: (lazy & MatchedFlagsMask) == (nonLazy & MatchedFlagsMask), at /builds/worker/workspace/build/src/js/src/frontend/BytecodeCompiler.cpp:977
Assertion failure: (lazy & MatchedFlagsMask) == (nonLazy & MatchedFlagsMask), at /builds/worker/workspace/build/src/js/src/frontend/BytecodeCompiler.cpp:977
Program /mozilla/builds/nightly/mozilla/firefox-debug/dist/bin/firefox-bin (pid = 14446) received signal 11.
Stack:
[Parent 14336, Main Thread] WARNING: IPC message discarded: actor cannot send: file /builds/worker/workspace/build/src/ipc/glue/ProtocolUtils.cpp, line 481
[Parent 14336, Main Thread] WARNING: IPC message discarded: actor cannot send: file /builds/worker/workspace/build/src/ipc/glue/ProtocolUtils.cpp, line 481
#01: WasmTrapHandler(int, siginfo*, void*) (/mozilla/builds/nightly/mozilla/firefox-debug/dist/bin/libxul.so)
#02: __restore_rt (sigaction.c:?)
#03: js::frontend::CompileLazyFunction(JSContext*, JS::Handle<js::LazyScript*>, char16_t const*, unsigned long) (/mozilla/builds/nightly/mozilla/firefox-debug/dist/bin/libxul.so)
#04: JSFunction::delazifyLazilyInterpretedFunction(JSContext*, JS::Handle<JSFunction*>) (/mozilla/builds/nightly/mozilla/firefox-debug/dist/bin/libxul.so)
#05: JSFunction::getOrCreateScript(JSContext*, JS::Handle<JSFunction*>) (/mozilla/builds/nightly/mozilla/firefox-debug/dist/bin/libxul.so)
...
Security Sensitive just in case.
|
||
Updated•5 years ago
|
Group: core-security → javascript-core-security
|
||
Comment 1•5 years ago
|
||
Ted, could you take a look? It looks like you just added this assert in bug 1604064. Thanks.
Flags: needinfo?(tcampbell)
|
|
||
Comment 2•5 years ago
|
||
I won't rate this now, because I'm not sure what the security implications are. Also, these sorts of things often turn out to be overly tight assertions.
|
Reporter | |
Comment 3•5 years ago
|
||
This is probably a dupe of bug 1604792 which has a patch and which is public.
|
||
Comment 4•5 years ago
|
||
Thanks for the report. I was able to reproduce this and confirm it is Bug 1604792 (and fixed on autoland).
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(tcampbell)
Resolution: --- → DUPLICATE
|
|
||
Updated•5 years ago
|
Group: javascript-core-security
|
|
||
Updated•5 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•