Closed
Bug 1971067
Opened 11 months ago
Closed 11 months ago
Assertion failure: !cx->isExceptionPending() in CheckForInterrupt()
Categories
(Core :: JavaScript Engine: JIT, defect)
Core
JavaScript Engine: JIT
Tracking
()
RESOLVED
DUPLICATE
of bug 1966657
People
(Reporter: baksmali404, Unassigned)
Details
(Keywords: assertion)
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0
Steps to reproduce:
version:master
$ git clone https://github.com/mozilla/gecko-dev
$ cd gecko-dev
$ git show
commit 3d294b119bf2add880f615a0fc61a5d54bcd6264 (HEAD -> master, origin/master, origin/HEAD)
Author: Akhil Pindiprolu <apindiprolu@mozilla.com>
Date: Tue May 13 13:53:03 2025 +0000
Bug 1959169 - Update Headline 5 line height from 24 to 32 r=android-reviewers,007
Differential Revision: https://phabricator.services.mozilla.com/D248960
Reproduce
./dist/bin/js --fuzzing-safe pocfile.js
pocfile.js
const v0 = [];
for (let i3 = 0, i4 = 10;
i4--, i3 < i4;
(() => {
for (let i11 = 0, i12 = 10; i12--, i11 < i12;) {
}
for (let i21 = 0, i22 = 10; i22; i22--) {
}
for (let i30 = 0, i31 = 10; i30 < i31; i31--) {
}
for (let i40 = 0, i41 = 10; i40 < i41; i41--) {
}
for (let i50 = 0, i51 = 10; i50 < i51; i51--) {
}
for (let [i70, i71] = (() => {
for (let i60 = 0, i61 = 10; i61--, i60 != i61;) {
}
return [0, 10];
})();
(() => {
const v72 = i70 <= i71;
for (let i75 = 0, i76 = 10; i76; i76--) {
}
return v72;
})();
i71--) {
}
for (let [i122, i123] = (() => {
class C87 {
}
const v88 = new C87();
for (let [i101, i102] = (() => {
for (let i93 = 0, i94 = 10; i93 < i94; i94--) {
}
return [4, 10];
})();
(() => {
let v103 = i101 / i101;
const v104 = v103--;
const v105 = v103 < i102;
for (let i107 = 0, i108 = v104; i108-- < v88;) {
}
return v105;
})();
i102--) {
}
return [0, 10];
})();
i122 < i123;
i123--) {
}
for (let i132 = 0, i133 = 10; i132 < i133; i133--) {
}
})()) {
}
const v142 = `
for (let i145 = 0, i146 = 10; i145 < i146; i146--) {
}
for (let i155 = 0, i156 = 10;
i156--, i155 < i156;
(() => {
for (let i163 = 0, i164 = 10; i163 < i164; i164--) {
}
})()) {
}
for (let [i183, i184] = (() => {
async function f175(a176, a177, a178, a179) {
await Reflect;
}
f175();
return [0, 10];
})();
i183 < i184;
i184--) {
}
for (let v191 = 0; v191 < 5; v191++) {
v0 > v191;
}
`;
this.newGlobal(v142, this, v0).evalInWorker(v142);
for (let v196 = 0; v196 < 5; v196++) {
}
gc();
// CRASH INFO
// ==========
// TERMSIG: 11
// STDERR:
// [1958361] Assertion failure: !cx->isExceptionPending(), at /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/JSContext-inl.h:253
// #01: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x1d4ab8f]
// #02: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x1dd746c]
// #03: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x1dcad30]
// #04: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x1dcbd8c]
// #05: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x1dcd82b]
// #06: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x231916c]
// #07: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x1f35d7f]
// #08: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x225e9a3]
// #09: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x1dcc89f]
// #10: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x1dcbe63]
// #11: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x1dcd82b]
// #12: JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>)[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x1f8192f]
// #13: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x20d4fa2]
// #14: js::RunJobs(JSContext*)[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x20d4618]
// #15: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x1cf4e88]
// #16: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x1d1d1ab]
// #17: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js +0x1d4540a]
// #18: ???[/lib/x86_64-linux-gnu/libc.so.6 +0x94ac3]
// #19: ???[/lib/x86_64-linux-gnu/libc.so.6 +0x126850]
// #20: ??? (???:???)
// STDOUT:
//
// FUZZER ARGS: .build/x86_64-unknown-linux-gnu/release/FuzzilliCli --profile=spidermonkey --storagePath=Targets/Spidermonkey/out /home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js --resume
// TARGET ARGS: /home/gandalf/fuzz/fuzz_spm/gecko-dev/obj-fuzzbuild/dist/bin/js --baseline-warmup-threshold=10 --ion-warmup-threshold=100 --ion-check-range-analysis --ion-extra-checks --fuzzing-safe --disable-oom-functions --reprl
// CONTRIBUTORS: ClassStaticElementGenerator, TypedArrayGenerator, OperationMutator, ObjectConstructorGenerator, ClassInstanceComputedPropertyGenerator, SpliceMutator, ClassDefinitionGenerator, ClassPrivateInstancePropertyGenerator, ClassInstanceMethodGenerator
// EXECUTION TIME: 81ms
Actual results:
asan report
$ /home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js --fuzzing-safe /home/gandalf/fuzz/fuzzilli/Targets/Spidermonkey/out/crashes/program_20250604111639_19661E82-C17F-4093-9655-5B791E630B75_flaky.js
[3687593] Assertion failure: !cx->isExceptionPending(), at /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/JSContext-inl.h:253
#01: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x2e37436]
#02: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x2f346b9]
#03: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x2f116f5]
#04: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x2f12e66]
#05: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x2f14bce]
#06: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x3712bd6]
#07: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x31186d9]
#08: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x35e9ee9]
#09: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x2f598b6]
#10: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x2f12e41]
#11: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x2f14bce]
#12: JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>)[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x3185ceb]
#13: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x339c6b5]
#14: js::RunJobs(JSContext*)[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x339b7e3]
#15: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x2d90868]
#16: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x2dd1f87]
#17: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x2e2a3be]
#18: ???[/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/js +0x2d01807]
#19: ???[/lib/x86_64-linux-gnu/libc.so.6 +0x94ac3]
#20: ???[/lib/x86_64-linux-gnu/libc.so.6 +0x126850]
#21: ??? (???:???)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3687593==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x642c59749462 bp 0x7343ba5fc430 sp 0x7343ba5fc3f0 T10)
==3687593==The signal is caused by a WRITE memory access.
==3687593==Hint: address points to the zero page.
#0 0x642c59749462 in MOZ_CrashSequence(void*, long) /home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/include/mozilla/Assertions.h:248:3
#1 0x642c59749462 in js::CheckForInterrupt(JSContext*) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/JSContext-inl.h:253:3
#2 0x642c598466b8 in js::Interpret(JSContext*, js::RunState&) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/Interpreter.cpp:2180:7
#3 0x642c598236f4 in js::RunScript(JSContext*, js::RunState&) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/Interpreter.cpp:464:13
#4 0x642c59824e65 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/Interpreter.cpp:622:13
#5 0x642c59826bcd in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/Interpreter.cpp:689:8
#6 0x642c5a024bd5 in js::CallSelfHostedFunction(JSContext*, JS::Handle<js::PropertyName*>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/SelfHosting.cpp:1412:10
#7 0x642c59a2a6d8 in AsyncFunctionResume(JSContext*, JS::Handle<js::AsyncFunctionGeneratorObject*>, ResumeKind, JS::Handle<JS::Value>) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/AsyncFunction.cpp:156:8
#8 0x642c59efbee8 in AsyncFunctionPromiseReactionJob(JSContext*, JS::Handle<PromiseReactionRecord*>) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/builtin/Promise.cpp:2225:12
#9 0x642c59efbee8 in PromiseReactionJob(JSContext*, unsigned int, JS::Value*) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/builtin/Promise.cpp:2288:12
#10 0x642c5986b8b5 in CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/Interpreter.cpp:494:13
#11 0x642c59824e40 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/Interpreter.cpp:590:12
#12 0x642c59826bcd in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/Interpreter.cpp:689:8
#13 0x642c59a97cea in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/CallAndConstruct.cpp:119:10
#14 0x642c59cae6b4 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JSObject*>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/include/js/CallAndConstruct.h:110:10
#15 0x642c59cae6b4 in js::InternalJobQueue::runJobs(JSContext*) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/JSContext.cpp:877:14
#16 0x642c59cad7e2 in js::RunJobs(JSContext*) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/JSContext.cpp:813:17
#17 0x642c596a2867 in RunShellJobs(JSContext*) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/shell/js.cpp:1412:5
#18 0x642c596e3f86 in WorkerMain(mozilla::UniquePtr<WorkerInput, JS::DeletePolicy<WorkerInput>>) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/shell/js.cpp:4674:5
#19 0x642c5973c3bd in void js::detail::ThreadTrampoline<void (&)(mozilla::UniquePtr<WorkerInput, JS::DeletePolicy<WorkerInput>>), mozilla::UniquePtr<WorkerInput, JS::DeletePolicy<WorkerInput>>>::callMain<0ul>(std::integer_sequence<unsigned long, 0ul>) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/threading/Thread.h:228:5
#20 0x642c5973c3bd in js::detail::ThreadTrampoline<void (&)(mozilla::UniquePtr<WorkerInput, JS::DeletePolicy<WorkerInput>>), mozilla::UniquePtr<WorkerInput, JS::DeletePolicy<WorkerInput>>>::Start(void*) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/threading/Thread.h:217:11
#21 0x642c59613806 in asan_thread_start(void*) /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:239:28
#22 0x7343bdc94ac2 in start_thread nptl/pthread_create.c:442:8
#23 0x7343bdd2684f misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
==3687593==Register values:
rax = 0x0000000000000000 rbx = 0x000051f00001f880 rcx = 0x00000000000000fd rdx = 0x0000000000000000
rdi = 0x0000642c5d92c290 rsi = 0x00007343ba5fc3a8 rbp = 0x00007343ba5fc430 rsp = 0x00007343ba5fc3f0
r8 = 0x0000000000000000 r9 = 0x0000000000000000 r10 = 0xffffff0000000000 r11 = 0x4000000000000000
r12 = 0xfff9800000000000 r13 = 0x00000e68f74b78a0 r14 = 0x00000000000000a4 r15 = 0x0000642c5d09f900
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/include/mozilla/Assertions.h:248:3 in MOZ_CrashSequence(void*, long)
Thread T10 created by T0 here:
/home/gandalf/fuzz/fuzz_spm/gecko-dev/build_asan/dist/bin/llvm-symbolizer: error: '[anon:js-executable-memory]': No such file or directory
#0 0x642c595fcde1 in pthread_create /builds/worker/fetches/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:250:3
#1 0x642c599ef40d in js::Thread::create(void* (*)(void*), void*) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/threading/posix/PosixThread.cpp:57:7
#2 0x642c5973b822 in bool js::Thread::init<void (&)(mozilla::UniquePtr<WorkerInput, JS::DeletePolicy<WorkerInput>>), mozilla::UniquePtr<WorkerInput, JS::DeletePolicy<WorkerInput>>>(void (&)(mozilla::UniquePtr<WorkerInput, JS::DeletePolicy<WorkerInput>>), mozilla::UniquePtr<WorkerInput, JS::DeletePolicy<WorkerInput>>&&) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/threading/Thread.h:90:16
#3 0x642c596b214d in EvalInWorker(JSContext*, unsigned int, JS::Value*) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/shell/js.cpp:4748:29
#4 0x642c5986b8b5 in CallJSNative(JSContext*, bool (*)(JSContext*, unsigned int, JS::Value*), js::CallReason, JS::CallArgs const&) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/Interpreter.cpp:494:13
#5 0x642c59824e40 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/Interpreter.cpp:590:12
#6 0x642c5b1e77b8 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICFallbackStub*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/jit/BaselineIC.cpp:1705:10
#7 0x120f9e5bbf7e ([anon:js-executable-memory]+0xbf7e)
#8 0x120f9e5e0833 ([anon:js-executable-memory]+0x833)
#9 0x120f9e5e771e ([anon:js-executable-memory]+0x771e)
#10 0x120f9e5b0d80 ([anon:js-executable-memory]+0xd80)
#11 0x642c5b896d9a in EnterBaseline(JSContext*, EnterJitData&) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/jit/BaselineJIT.cpp:145:5
#12 0x642c5b896d9a in js::jit::EnterBaselineInterpreterAtBranch(JSContext*, js::InterpreterFrame*, unsigned char*) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/jit/BaselineJIT.cpp:201:26
#13 0x642c598475cd in js::Interpret(JSContext*, js::RunState&) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/Interpreter.cpp:2040:17
#14 0x642c598236f4 in js::RunScript(JSContext*, js::RunState&) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/Interpreter.cpp:464:13
#15 0x642c598299fa in js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, js::AbstractFramePtr, JS::MutableHandle<JS::Value>) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/Interpreter.cpp:855:13
#16 0x642c5982a2a9 in js::Execute(JSContext*, JS::Handle<JSScript*>, JS::Handle<JSObject*>, JS::MutableHandle<JS::Value>) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/Interpreter.cpp:888:10
#17 0x642c59addb7a in ExecuteScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::MutableHandle<JS::Value>) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/CompilationAndEvaluation.cpp:601:10
#18 0x642c59addf1c in JS_ExecuteScript(JSContext*, JS::Handle<JSScript*>) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/vm/CompilationAndEvaluation.cpp:625:10
#19 0x642c596fdb6b in RunFile(JSContext*, char const*, _IO_FILE*, CompileUtf8, bool, bool) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/shell/js.cpp:1314:10
#20 0x642c596fc800 in Process(JSContext*, char const*, bool, FileKind) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/shell/js.cpp
#21 0x642c596818c2 in ProcessArgs(JSContext*, js::cli::OptionParser*) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/shell/js.cpp:11813:10
#22 0x642c596818c2 in Shell(JSContext*, js::cli::OptionParser*) /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/shell/js.cpp:12067:12
#23 0x642c5967034f in main /home/gandalf/fuzz/fuzz_spm/gecko-dev/js/src/shell/js.cpp:12470:12
#24 0x7343bdc29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
==3687593==ABORTING
Expected results:
Expected results:
SEGV or crash
| Comment hidden (obsolete) |
| Comment hidden (obsolete) |
|
||
Updated•11 months ago
|
Group: core-security → javascript-core-security
| Comment hidden (obsolete) |
|
|
||
Updated•11 months ago
|
Keywords: assertion
Summary: SEGV at /include/mozilla/Assertions.h:248:3 in MOZ_CrashSequence(void*, long) → Assertion failure: !cx->isExceptionPending() in CheckForInterrupt()
|
||
Comment 4•11 months ago
|
||
This is a duplicate of bug 1966657. The description indicates that the bug was found in a revision from May 12. The fix for bug 1966657 landed May 22. I can't reproduce the bug on an up-to-date build.
Before reporting a bug, please test on the most recent version, to make sure we haven't already fixed it.
Group: javascript-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 months ago
Duplicate of bug: 1966657
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•