Closed
Bug 585314
Opened 14 years ago
Closed 14 years ago
JM: Crash [@ js::DefaultValue] or "Assertion failure: &obj != NULL,"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 585408
People
(Reporter: gkw, Unassigned)
References
Details
(4 keywords)
Crash Data
(function() { function a() {} a > a-- })() asserts js debug shell on JM changeset 787e35063545 with -m at Assertion failure: &obj != NULL, at ../../jsvalue.h:356 and crashes js opt shell at js::DefaultValue. Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000004 0x00085613 in js::DefaultValue () (gdb) bt #0 0x00085613 in js::DefaultValue () #1 0x0018f19b in js::mjit::stubs::GreaterThan () #2 0x002c921f in ?? () #3 0x0018a0d7 in js::mjit::JaegerShot () #4 0x0006ee0c in js::Execute () #5 0x00014828 in JS_ExecuteScript () #6 0x0000585c in Process () #7 0x00009147 in shell () #8 0x00009678 in main () (gdb) x/i $eip 0x85613 <_ZN2js12DefaultValueEP9JSContextP8JSObject6JSTypePNS_5ValueE+35>: mov 0x4(%esi),%eax (gdb) x/b $esi 0x0: Cannot access memory at address 0x0
Updated•14 years ago
|
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Updated•13 years ago
|
Crash Signature: [@ js::DefaultValue]
Comment 2•11 years ago
|
||
A testcase for this bug was already added in the original bug (bug 585408).
Flags: in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•