Closed Bug 386680 Opened 18 years ago Closed 17 years ago

"Assertion failure: !OBJ_GET_PROTO(cx, ctor)" after messing with __proto__ and friends

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jruderman, Unassigned)

Details

(Keywords: assertion, testcase)

Attachments

(1 file)

testcase
240 bytes, text/html
Details
Attached file testcase
Assertion failure: !OBJ_GET_PROTO(cx, ctor), at mozilla/js/src/jsapi.c:2716 This assertion also appears in several other bugs (e.g. bug 352604) but the testcase for this one seems different.
I can confirm that this testcase crashes also my Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.8.1.12) Gecko/20080325 SeaMonkey/1.1.8 (see bug 425104 for details) #0 0x000000080390ac9c in thr_kill () from /lib/libc.so.7 #1 0x0000000807c1dd8c in nsProfileLock::FatalSignalHandler (signo=6) at nsProfileLock.cpp:206 #2 <signal handler called> #3 0x000000080390ac9c in thr_kill () from /lib/libc.so.7 #4 0x0000000803991b83 in abort () from /lib/libc.so.7 #5 0x0000000800a143d1 in JS_Assert (s=Variable "s" is not available. ) at jsutil.c:63 #6 0x0000000800989420 in JS_InitClass (cx=0x4078800, obj=0x3ef1be0, parent_proto=0x3ef1b70, clasp=0x800b3c220, constructor=Variable "constructor" is not available. ) at jsapi.c:2219 #7 0x00000008009b6549 in js_InitFunctionClass (cx=0x4078800, obj=0x3ef1be0) at jsfun.c:2086 #8 0x000000080098a999 in js_InitFunctionAndObjectClasses (cx=0x4078800, obj=0x3ef1be0) at jsapi.c:1182 #9 0x0000000800986e8a in JS_ResolveStandardClass (cx=0x4078800, obj=0x3ef1be0, id=Variable "id" is not available. ) at jsapi.c:1487 #10 0x0000000806b80465 in nsWindowSH::NewResolve (this=0x1783340, wrapper=0x571d5f0, cx=0x4078800, obj=0x3ef1be0, id=7386276, flags=32768, objp=0x7fffffffc3b0, _retval=0x7fffffffc3cc) at nsDOMClassInfo.cpp:5932 #11 0x0000000805937fec in XPC_WN_Helper_NewResolve (cx=0x4078800, obj=0x3ef1be0, idval=7386276, flags=32768, objp=0x7fffffffc498) at xpcwrappednativejsops.cpp:1068 #12 0x00000008009de0ba in js_LookupPropertyWithFlags (cx=0x4078800, obj=0x3ef1be0, id=Variable "id" is not available. ) at jsobj.c:3269 #13 0x00000008009e07b2 in js_LookupHiddenProperty (cx=0x4078800, obj=0x3ef1150, id=89556992, objp=0x7fffffffc568, propp=0x7fffffffc560) at jsobj.c:2924 #14 0x00000008009b3f72 in call_resolve (cx=0x4078800, obj=0x3eefcb0, id=7386276, flags=Variable "flags" is not available. ) at jsfun.c:873 #15 0x00000008009de0ba in js_LookupPropertyWithFlags (cx=0x4078800, obj=0x3eefcb0, id=Variable "id" is not available. ) at jsobj.c:3269 #16 0x00000008009de514 in js_LookupProperty (cx=Variable "cx" is not available. ) at jsobj.c:3174 #17 0x00000008009db986 in js_FindProperty (cx=0x4078800, id=7840640, objp=0x7fffffffc968, pobjp=0x7fffffffc960, propp=0x7fffffffc920) at jsobj.c:3383 #18 0x00000008009ca3ca in js_Interpret (cx=0x4078800, pc=0x57d5f5d ";", result=0x7fffffffca98) at jsinterp.c:4009 #19 0x00000008009be509 in js_Invoke (cx=0x4078800, argc=1, flags=dwarf2_read_address: Corrupted DWARF expression. ) at jsinterp.c:1398 #20 0x00000008009d4380 in js_InternalInvoke (cx=0x4078800, obj=0x3ef1be0, fval=65999168, flags=0, argc=1, argv=0x7fffffffce70, rval=0x7fffffffce50) at jsinterp.c:1473 #21 0x00000008009856f8 in JS_CallFunctionValue (cx=0x4078800, obj=Variable "obj" is not available. ) at jsapi.c:4353 #22 0x0000000806b23c69 in nsJSContext::CallEventHandler (this=0x3d0d6d0, aTarget=0x3ef1be0, aHandler=0x3ef1140, argc=1, argv=0x7fffffffce70, rval=0x7fffffffce50) at nsJSEnvironment.cpp:1493 #23 0x0000000806b86b63 in nsJSEventListener::HandleEvent (this=0x587f1b0, aEvent=0x5740860) at nsJSEventListener.cpp:186 #24 0x00000008069d83d1 in nsEventListenerManager::HandleEventSubType (this=0x587f160, aListenerStruct=Variable "aListenerStruct" is not available. ) at nsEventListenerManager.cpp:1655 #25 0x00000008069d89ea in nsEventListenerManager::HandleEvent (this=0x587f160, aPresContext=Variable "aPresContext" is not available. ) at nsEventListenerManager.cpp:1759 #26 0x0000000806b48113 in nsGlobalWindow::HandleDOMEvent (this=0x5839e00, aPresContext=0x5619400, aEvent=0x7fffffffd2c0, aDOMEvent=0x7fffffffd270, aFlags=7, aEventStatus=dwarf2_read_address: Corrupted DWARF expression. ) at nsGlobalWindow.cpp:1732 #27 0x000000080670f8da in DocumentViewerImpl::LoadComplete (this=0x57b3ff0, aStatus=0) at nsDocumentViewer.cpp:1017 #28 0x000000080869f8dc in nsDocShell::EndPageLoad (this=0x3ec7800, aProgress=Variable "aProgress" is not available. ) at nsDocShell.cpp:4872 #29 0x00000008086b732e in nsWebShell::EndPageLoad (this=0x3ec7800, aProgress=0x3ec7828, channel=0x54eac50, aStatus=0) at nsWebShell.cpp:668 #30 0x00000008086a181c in nsDocShell::OnStateChange (this=0x3ec7800, aProgress=0x3ec7828, aRequest=0x54eac50, aStateFlags=Variable "aStateFlags" is not available. ) at nsDocShell.cpp:4787 #31 0x00000008086c8bab in nsDocLoader::FireOnStateChange (this=0x3ec7800, aProgress=0x3ec7828, aRequest=0x54eac50, aStateFlags=131088, aStatus=0) at nsDocLoader.cpp:1210 #32 0x00000008086c8ff8 in nsDocLoader::doStopDocumentLoad (this=0x3ec7800, request=0x54eac50, aStatus=0) at nsDocLoader.cpp:833 #33 0x00000008086c9269 in nsDocLoader::DocLoaderIsEmpty (this=0x3ec7800) at nsDocLoader.cpp:739 #34 0x00000008086c9c49 in nsDocLoader::OnStopRequest (this=0x3ec7800, aRequest=0x55696a0, aCtxt=Variable "aCtxt" is not available. ) at nsDocLoader.cpp:662 #35 0x0000000805f5d96a in nsLoadGroup::RemoveRequest (this=0x3c338d0, request=0x55696a0, ctxt=0x0, aStatus=0) at nsLoadGroup.cpp:732 #36 0x0000000806735abe in PresShell::RemoveDummyLayoutRequest (this=0x55b8800) at nsPresShell.cpp:7318 #37 0x0000000806735c2c in HandleDummyLayoutRequestPLEvent (aEvent=Variable "aEvent" is not available. ) at nsPresShell.cpp:7217 #38 0x0000000800800158 in PL_HandleEvent (self=0x33489d0) at plevent.c:688 #39 0x000000080080049f in PL_ProcessPendingEvents (self=0x6b9330) at plevent.c:623 #40 0x000000080080326a in nsEventQueueImpl::ProcessPendingEvents (this=0x6d7140) at nsEventQueue.cpp:448 #41 0x0000000807650502 in event_processor_callback (source=0x186e1, condition=6, data=0x0) at nsAppShell.cpp:67 #42 0x0000000802f2ec86 in g_io_unix_dispatch (source=0xbfd500, callback=0x8076504f0 <event_processor_callback>, user_data=0x6d7140) at giounix.c:162 #43 0x0000000802ef3830 in g_main_dispatch (context=0x629c40) at gmain.c:2061 #44 0x0000000802ef4fba in IA__g_main_context_dispatch (context=0x629c40) at gmain.c:2613 ---Type <return> to continue, or q <return> to quit--- #45 0x0000000802ef55e4 in g_main_context_iterate (context=0x629c40, block=1, dispatch=1, self=0x60e440) at gmain.c:2694 #46 0x0000000802ef5dee in IA__g_main_loop_run (loop=0xc06eb0) at gmain.c:2898 #47 0x0000000801091904 in IA__gtk_main () at gtkmain.c:1146 #48 0x000000080765081a in nsAppShell::Run (this=0x7d5b80) at nsAppShell.cpp:139
WFM, Mac trunk debug.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
Crashtest checked in.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: