Closed
Bug 1941503
Opened 1 month ago
Closed 1 month ago
Assertion failure: cx->isExceptionPending
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
136 Branch
Tracking | Status | |
---|---|---|
firefox136 | --- | fixed |
People
(Reporter: katoshi1337, Assigned: jandem)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
Steps to reproduce:
gecko-dev commit: e46f8390a67732e08d6c04729f27631edec98aeb
./js ./poc.js
then CTRL+D to exit the program
Actual results:
#0 0x5555572f5c50 in AssertExceptionResult(JSContext*) /home/fuzzer/ff/gecko-dev-master/js/src/vm/Interpreter.cpp:439:3
#1 0x5555572f5c50 in CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) /home/fuzzer/ff/gecko-dev-master/js/src/vm/Interpreter.cpp:537:5
#2 0x5555572f4b2c in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /home/fuzzer/ff/gecko-dev-master/js/src/vm/Interpreter.cpp:628:12
#3 0x55555730e664 in js::CallFromStack(JSContext*, JS::CallArgs const&, js::CallReason) /home/fuzzer/ff/gecko-dev-master/js/src/vm/Interpreter.cpp:700:10
#4 0x55555730e664 in js::Interpret(JSContext*, js::RunState&) /home/fuzzer/ff/gecko-dev-master/js/src/vm/Interpreter.cpp:3338:16
#5 0x5555572f3989 in js::RunScript(JSContext*, js::RunState&) /home/fuzzer/ff/gecko-dev-master/js/src/vm/Interpreter.cpp:502:13
#6 0x5555572f8e91 in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) /home/fuzzer/ff/gecko-dev-master/js/src/vm/Interpreter.cpp:893:13
#7 0x5555572f969c in js::Execute(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::MutableHandle<JS::Value>) /home/fuzzer/ff/gecko-dev-master/js/src/vm/Interpreter.cpp:926:10
#8 0x5555574f1ec9 in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::MutableHandle<JS::Value>) /home/fuzzer/ff/gecko-dev-master/js/src/vm/CompilationAndEvaluation.cpp:601:10
#9 0x5555574f2147 in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>) /home/fuzzer/ff/gecko-dev-master/js/src/vm/CompilationAndEvaluation.cpp:625:10
#10 0x555557250719 in RunFile(JSContext*, char const*, _IO_FILE*, CompileUtf8, bool, bool) /home/fuzzer/ff/gecko-dev-master/js/src/shell/js.cpp:1311:10
#11 0x55555724fab0 in Process(JSContext*, char const*, bool, FileKind) /home/fuzzer/ff/gecko-dev-master/js/src/shell/js.cpp
#12 0x5555572098ce in ProcessArgs(JSContext*, js::cli::OptionParser*) /home/fuzzer/ff/gecko-dev-master/js/src/shell/js.cpp:11745:10
#13 0x5555572098ce in Shell(JSContext*, js::cli::OptionParser*) /home/fuzzer/ff/gecko-dev-master/js/src/shell/js.cpp:11999:12
#14 0x5555572005aa in main /home/fuzzer/ff/gecko-dev-master/js/src/shell/js.cpp:12414:12
#15 0x7ffff7a34d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#16 0x7ffff7a34e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#17 0x5555571c75b8 in _start (/home/fuzzer/ff/gecko-dev-master/obj-fuzzbuild/dist/bin/js+0x1c735b8) (BuildId: 647321a1822f8c9ef193ff04e9774887)
Expected results:
Exist normally
Updated•1 month ago
|
Group: firefox-core-security → core-security
Component: Untriaged → JavaScript Engine
Product: Firefox → Core
Version: other → unspecified
Updated•1 month ago
|
Group: core-security → javascript-core-security
Assignee | ||
Comment 1•1 month ago
|
||
In DisassFile
we have:
if (JSScript::dump(cx, script, p.options, &sprinter)) {
return false;
}
This should be if (! ..
.
Assignee: nobody → jdemooij
Group: javascript-core-security
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Assignee | ||
Comment 2•1 month ago
|
||
Updated•1 month ago
|
Pushed by jdemooij@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e660944b0c1f
Fix disfile testing function. r=arai
Status: ASSIGNED → RESOLVED
Closed: 1 month ago
status-firefox136:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 136 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•