Closed
Bug 1904637
Opened 3 months ago
Closed 3 months ago
Assertion failure: !cx->isExceptionPending(), at js/src/vm/JSContext-inl.h:253
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
INVALID
People
(Reporter: nils.bars, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: reporter-external)
Attachments
(1 file)
|
630 bytes,
application/x-javascript
|
Details |
Steps to reproduce:
Checkout commit 9fcc11127fbfbdc88cbf37489dac90542e141c77 and invoke the js shell as follows:
js --fuzzing-safe <test-case>
Actual results:
Assertion failure: !cx->isExceptionPending(), at js/src/vm/JSContext-inl.h:253
Blocks: 1903968
Group: firefox-core-security → core-security
Component: Untriaged → JavaScript Engine
Product: Firefox → Core
|
||
Updated•3 months ago
|
Group: core-security → javascript-core-security
Keywords: reporter-external
|
||
Comment 1•3 months ago
|
||
Is this the right test case? I get Error: Second argument must be a non-negative integer. Usage: wasmGcReadField(obj, index).
Flags: needinfo?(nils.bars)
Hm, interesting. Did you use the commit mentioned? I probably messed up my JS shell used for reproduction. I will check later today.
|
|
||
Comment 3•3 months ago
|
||
Yes same commit. 9fcc11127fbfbdc88cbf37489dac90542e141c77 is a Git commit that matches my Mercurial fc0f7d3e6a3d.
It looks like noping out DefineHelpProperty (and using that version by accident for reproduction :D) has side effects that I did not anticipate. I just expect it to remove help messages.
Status: UNCONFIRMED → RESOLVED
Closed: 3 months ago
Flags: needinfo?(nils.bars)
Resolution: --- → INVALID
|
|
||
Updated•3 months ago
|
Group: javascript-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•