Closed Bug 456667 Opened 14 years ago Closed 14 years ago
TM: crash logging into Zimbra with JITs on
+++ This bug was initially created as a clone of Bug #455137 +++ Cloning original bug due to separate crash problem now.
14 years ago
Assignee: general → danderson
Priority: -- → P1
This test case attempts to reproduce the same conditions as the crash: caller has nargs=1,argc=1 and callee (lr->callDepth=1) has nargs=4,argc=1 Looks like something is going wrong in either js_SynthesizeFrame or FlushNativeStackFrame though I haven't diagnosed it yet. This isn't the same exact crash but the situations are very similar.
Pushed fix as changeset http://hg.mozilla.org/tracemonkey/rev/437331f166fe. This reveals another bug, crashing in js_FastNewObject. Will clone again.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Fix landed on m-c: http://hg.mozilla.org/mozilla-central/rev/437331f166fe /be
verified fixed using Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b2pre) Gecko/20081013 Minefield/3.1b2pre and Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b2pre) Gecko/20081013 Minefield/3.1b2pre.
Status: RESOLVED → VERIFIED
test already in js1_8_1/trace/trace-test.js
You need to log in before you can comment on or make changes to this bug.