Closed Bug 550045 Opened 14 years ago Closed 14 years ago

js1_7/extensions/regress-429266.js fails, writing to member of the empty script

Categories

(Core :: JavaScript Engine, defect)

x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: luke, Assigned: brendan)

References

Details

(Keywords: regression, Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

Shows in Linux on js1_7/extensions/regress-429266.js

> bt

#0  0x080f8a93 in JSCompiler::compileScript (cx=0x827e5b0, scopeChain=0xb7afe600, callerFrame=0x82a2b74, principals=0x0, tcflags=8192, chars=0x824e2c0, 
    length=0, file=0x0, filename=0x8287f79 "./js1_7/extensions/regress-429266.js", lineno=58, source=0x0, staticLevel=16) at ../jsparse.cpp:1060
#1  0x08089493 in JS_EvaluateUCInStackFrame (cx=0x827e5b0, fp=0x82a2b74, chars=0x824e2c0, length=0, 
    filename=0x8287f79 "./js1_7/extensions/regress-429266.js", lineno=58, rval=0xbffff054) at ../jsdbgapi.cpp:1371
#2  0x0804ce23 in TrapHandler (cx=0x827e5b0, script=0x8265b20, pc=0x8265b64 "S", <incomplete sequence \307>, rval=0xbffff054, closure=0xb7b00000)
    at ../../shell/js.cpp:1460
#3  0x080874e2 in JS_HandleTrap (cx=0x827e5b0, script=0x8265b20, pc=0x8265b64 "S", <incomplete sequence \307>, rval=0xbffff054) at ../jsdbgapi.cpp:341
#4  0x081f633e in js_Interpret (cx=0x827e5b0) at ../jsops.cpp:2597
#5  0x080bec74 in js_Execute (cx=0x827e5b0, chain=0xb7afe000, script=0x82880f8, down=0x0, flags=0, result=0x0) at ../jsinterp.cpp:1666
#6  0x0806a4bf in JS_ExecuteScript (cx=0x827e5b0, obj=0xb7afe000, script=0x82880f8, rval=0x0) at ../jsapi.cpp:4808
#7  0x0804ac3a in Process (cx=0x827e5b0, obj=0xb7afe000, filename=0xbffff611 "./js1_7/extensions/regress-429266.js", forceTTY=0)
    at ../../shell/js.cpp:447
#8  0x0804b7e5 in ProcessArgs (cx=0x827e5b0, obj=0xb7afe000, argv=0xbffff428, argc=8) at ../../shell/js.cpp:792
#9  0x08052dfe in main (argc=8, argv=0xbffff428, envp=0xbffff44c) at ../../shell/js.cpp:4878
Latent bug, biting only on Linux (not Windows? Not Mac, for sure) because only there does the emptyScriptConst static in JSScript, which is const, get put in readonly memory.

/be
Assignee: general → brendan
Blocks: 549617
Status: NEW → ASSIGNED
Attached patch fixSplinter Review
Attachment #430173 - Flags: review?(mrbkap)
Attachment #430173 - Flags: review?(mrbkap) → review+
http://hg.mozilla.org/tracemonkey/rev/9cc15753efc8

/be
Whiteboard: fixed-in-tracemonkey
http://hg.mozilla.org/mozilla-central/rev/9cc15753efc8

/be
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Keywords: regression
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: