Closed
Bug 1667682
Opened 5 years ago
Closed 5 years ago
[warp] monitorType issue
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
INVALID
| Tracking | Status | |
|---|---|---|
| firefox83 | --- | affected |
People
(Reporter: gkw, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: reporter-external, testcase)
try {
monitorType(undefined, 1, 0);
} catch (e) { print(e); }
$ ./js-dbg-64-dm-linux-x86_64-cb8232ebe212 --fuzzing-safe --no-threads --ion-eager --warp testcase.js
Error: Index out of range. Usage: monitorType(fun, index, val)
$
$ ./js-dbg-64-dm-linux-x86_64-cb8232ebe212 --fuzzing-safe --no-threads --ion-eager testcase.js
$
Compile with AR=ar sh ./configure --enable-debug --enable-more-deterministic --with-ccache --enable-gczeal --enable-debug-symbols --disable-tests, tested on m-c rev cb8232ebe212.
I think this goes back to m-c rev 3dbf9f9d69b4 when --warp was added.
I doubt this is s-s but I'll let Jan/other devs make the decision.
Flags: sec-bounty?
Flags: needinfo?(jdemooij)
|
||
Comment 1•5 years ago
|
||
Thanks for the report. This is harmless: monitorType is a TI thing and doesn't work without it (NumTypeSets returns 0 with Warp). This function will likely be removed in the next cycle.
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(jdemooij)
Resolution: --- → INVALID
|
||
Updated•5 years ago
|
Group: core-security
Flags: sec-bounty? → sec-bounty-
|
Reporter | |
Updated•1 year ago
|
Blocks: gkw-js-fuzzing
|
||
Updated•1 year ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•