Closed Bug 579359 Opened 15 years ago Closed 15 years ago

Crash [@ js_Call]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 579273
Tracking Flags:
Tracking Status
blocking2.0 --- betaN+

People

(Reporter: gkw, Unassigned)

References

Details

(Keywords: crash, regression, testcase, Whiteboard: [ccbr])

Crash Data

x = evalcx('') Object.defineProperty(x, "x", ({ get: wrap }))(x.x) crashes js opt shell on TM tip without -j at js_Call Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000030 0x0007d1b2 in js_Call () (gdb) bt #0 0x0007d1b2 in js_Call () #1 0x0006eec6 in js::Invoke () #2 0x0006fa13 in js::InternalInvoke () #3 0x0006fae2 in js::InternalGetOrSet () #4 0x000851d9 in js_NativeGet () #5 0x000855cc in js_GetPropertyHelper () #6 0x00085a1e in js_GetProperty () #7 0x0000f18e in JS_GetPropertyById () #8 0x0011a2d2 in JSCrossCompartmentWrapper::get () #9 0x000c251b in js::proxy_GetProperty () #10 0x0006a701 in js::Interpret () #11 0x0006e72b in js::Execute () #12 0x00014a58 in JS_ExecuteScript () #13 0x0000600c in Process () #14 0x00009866 in shell () #15 0x00009d77 in main () (gdb) x/i $eip 0x7d1b2 <_Z7js_CallP9JSContextjPN2js5ValueE+50>: mov 0x30(%ecx),%eax (gdb) x/b $ecx 0x0: Cannot access memory at address 0x0
autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 47546:9c869e64ee26 user: Luke Wagner date: Wed Jul 14 23:19:36 2010 -0700 summary: Bug 549143 - fatvals
Blocks: fatvals
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
blocking2.0: ? → betaN+
Crash Signature: [@ js_Call]
You need to log in before you can comment on or make changes to this bug.