Closed
Bug 1900740
Opened 4 months ago
Closed 4 months ago
Assertion failure: state == Type2State<T>::result, at dist/include/mozilla/MaybeOneOf.h:60
Categories
(Core :: JavaScript: WebAssembly, defect, P1)
Core
JavaScript: WebAssembly
Tracking
()
RESOLVED
FIXED
128 Branch
Tracking | Status | |
---|---|---|
firefox128 | --- | fixed |
People
(Reporter: nils.bars, Assigned: jandem)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
Steps to reproduce:
Checkout commit d9496bfef09039b2642da45585ca821c36917c6d and invoke the js shell as follows:
./js-spidermonkey-shell --fast-warmup --fuzzing-safe frameptr_has_cached_saved_frame.js
Actual results:
Assertion failure: state == Type2State<T>::result, at dist/include/mozilla/MaybeOneOf.h:60
Group: firefox-core-security → core-security
Component: Untriaged → JavaScript Engine
Product: Firefox → Core
Updated•4 months ago
|
Group: core-security → javascript-core-security
Assignee | ||
Comment 1•4 months ago
|
||
Problem with Wasm debugger support.
function c() {
var dbg = newGlobal({newCompartment: true}).Debugger(this);
dbg.getNewestFrame().older.offset;
}
function b() {
var bin = wasmTextToBinary(`(module(import "m" "f" (func $f))(func (export "test")call $f))`);
var mod = new WebAssembly.Module(bin);
var inst = new WebAssembly.Instance(mod, {m: {f: c}});
inst.exports.test()
inst.exports.test()
}
for (var i = 0; i < 5; i++) {
b();
}
Status: UNCONFIRMED → NEW
Component: JavaScript Engine → JavaScript: WebAssembly
Ever confirmed: true
Assignee | ||
Updated•4 months ago
|
Group: javascript-core-security
Assignee | ||
Comment 2•4 months ago
|
||
Updated•4 months ago
|
Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Pushed by jdemooij@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/8669629f6d9e
Skip non-Wasm frames in FrameIter::wasmUpdateBytecodeOffset. r=yury
Updated•4 months ago
|
Severity: -- → S3
Priority: -- → P1
Status: ASSIGNED → RESOLVED
Closed: 4 months ago
status-firefox128:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 128 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•