Closed Bug 417893 Opened 17 years ago Closed 17 years ago

Crash [@ JS_Enumerate]

Categories

(Core :: JavaScript Engine, defect, P1)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.9beta4

People

(Reporter: jruderman, Assigned: brendan)

References

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(1 file, 2 obsolete files)

generic-primitive methods in jsstr.c needed help too, plus a few others
60.38 KB, patch
mrbkap
: review+
Details | Diff | Splinter Review
(function() { var s = function(){}.prototype.toSource; s(); })() Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000 Thread 0 Crashed: 0 js 0x0001a3d1 JS_Enumerate + 29 (jsapi.c:3821) 1 js 0x00086a08 MarkSharpObjects + 240 (jsobj.c:370) 2 js 0x00086dda js_EnterSharpObject + 293 (jsobj.c:467) 3 js 0x00087356 obj_toSource + 285 (jsobj.c:636) 4 js 0x0007440c js_Interpret + 83825 (jsinterp.c:4654) 5 js 0x0005e822 js_Execute + 794 (jsinterp.c:1653) 6 js 0x0001c295 JS_ExecuteScript + 54 (jsapi.c:4805) 7 js 0x00002339 Process + 883 (js.c:306) 8 js 0x00002c2b ProcessArgs + 2005 (js.c:537) 9 js 0x000086c3 main + 617 (js.c:3628) 10 js 0x00001cc6 _start + 216 11 js 0x00001bed start + 41
I'm surprised the js testsuite never hit these cases. Jesse, thanks for catching and please suppress any dup bugs. /be
Assignee: general → brendan
Status: NEW → ASSIGNED
Attachment #303818 - Flags: review?(mrbkap)
Flags: blocking1.9+
OS: Mac OS X → All
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.9beta4
Since fast natives haven't shipped in a standalone SpiderMonkey release, my INCOMPATIBILITY NOTICE comment in jsapi.h is overblown. I'll adjust it, but please review (and let me know if you think it should stand). /be
Comment on attachment 303818 [details] [diff] [review] fast natives must use JS_THIS/JS_THIS_OBJECT and check for errors While you're here, want to patch IteratorNext in XPCWrapper.cpp as well? Thanks.
Attachment #303818 - Flags: review?(mrbkap) → review+
Attached patch with XPCWrapper.cpp per mrbkap (obsolete) — Splinter Review
Attachment #303818 - Attachment is obsolete: true
Attachment #303894 - Flags: review+
Attachment #303894 - Flags: approval1.9+
Flags: in-testsuite?
Attachment #303894 - Attachment is obsolete: true
Attachment #303925 - Flags: review?(mrbkap)
Attachment #303925 - Flags: review?(mrbkap) → review+
Attachment #303894 - Flags: approval1.9+
Fixed: js/src/jsapi.c 3.416 js/src/jsapi.h 3.184 js/src/jsarray.c 3.156 js/src/jsdate.c 3.101 js/src/jsexn.c 3.97 js/src/jsfun.c 3.260 js/src/jsiter.c 3.91 js/src/jsobj.c 3.435 js/src/jsregexp.c 3.188 js/src/jsscript.c 3.170 js/src/jsstr.c 3.194 js/src/jsxml.c 3.193 js/src/xpconnect/src/XPCWrapper.cpp 1.20 /be
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Checking in regress-417893.js; /cvsroot/mozilla/js/tests/js1_5/Regress/regress-417893.js,v <-- regress-417893.js initial revision: 1.1
Flags: in-testsuite? → in-testsuite+
Status: RESOLVED → VERIFIED
Crash Signature: [@ JS_Enumerate]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: