Closed
Bug 591450
Opened 14 years ago
Closed 14 years ago
crash parsing destructuring function with rebound non-destructuring arg
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: dherman, Unassigned)
Details
js> function f(a,[x,y],b,[w,z],c) { function b() { } }
Assertion failure: entry->localKind == JSLOCAL_ARG && localKind == JSLOCAL_ARG, at ../jsfun.cpp:3242
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
0x000000010016f5cc in JS_Assert (s=0x100231e20 "entry->localKind == JSLOCAL_ARG && localKind == JSLOCAL_ARG", file=0x100231990 "../jsfun.cpp", ln=3242) at ../jsutil.cpp:80
80 *((int *) NULL) = 0; /* To continue from here in GDB: "return" then "continue". */
(gdb) bt
#0 0x000000010016f5cc in JS_Assert (s=0x100231e20 "entry->localKind == JSLOCAL_ARG && localKind == JSLOCAL_ARG", file=0x100231990 "../jsfun.cpp", ln=3242) at ../jsutil.cpp:80
#1 0x00000001000777d2 in HashLocalName (cx=0x1006128c0, map=0x1006151f0, name=0x100301c70, localKind=JSLOCAL_VAR, index=4) at ../jsfun.cpp:3242
#2 0x0000000100077d82 in js_AddLocal (cx=0x1006128c0, fun=0x101609f00, atom=0x100301c70, kind=JSLOCAL_VAR) at ../jsfun.cpp:3364
#3 0x000000010010e5f3 in js::Parser::functionDef (this=0x7fff5fbfefa0, funAtom=0x100301c70, type=js::Parser::GENERAL, lambda=0) at ../jsparse.cpp:2796
#4 0x0000000100115f8c in js::Parser::functionStmt (this=0x7fff5fbfefa0) at ../jsparse.cpp:3011
#5 0x000000010010a18e in js::Parser::statement (this=0x7fff5fbfefa0) at ../jsparse.cpp:4555
#6 0x000000010010dd40 in js::Parser::statements (this=0x7fff5fbfefa0) at ../jsparse.cpp:3091
#7 0x000000010010df18 in js::Parser::functionBody (this=0x7fff5fbfefa0) at ../jsparse.cpp:1249
#8 0x000000010010e838 in js::Parser::functionDef (this=0x7fff5fbfefa0, funAtom=0x100301cf0, type=js::Parser::GENERAL, lambda=0) at ../jsparse.cpp:2848
#9 0x0000000100115f8c in js::Parser::functionStmt (this=0x7fff5fbfefa0) at ../jsparse.cpp:3011
#10 0x000000010010a18e in js::Parser::statement (this=0x7fff5fbfefa0) at ../jsparse.cpp:4555
#11 0x000000010010dd40 in js::Parser::statements (this=0x7fff5fbfefa0) at ../jsparse.cpp:3091
#12 0x0000000100116007 in js::Parser::parse (this=0x7fff5fbfefa0, chain=0x101603000) at ../jsparse.cpp:685
#13 0x000000010001c65e in JS_BufferIsCompilableUnit (cx=0x1006128c0, obj=0x101603000, bytes=0x100614240 "function f(a,[x,y],b,[w,z],c) { function b() { } }", length=50) at ../jsapi.cpp:4493
#14 0x000000010000b2f5 in Process (cx=0x1006128c0, obj=0x101603000, filename=0x0, forceTTY=0) at ../../shell/js.cpp:464
#15 0x000000010000bc87 in ProcessArgs (cx=0x1006128c0, obj=0x101603000, argv=0x7fff5fbff6c8, argc=0) at ../../shell/js.cpp:855
#16 0x000000010000bd6f in shell (cx=0x1006128c0, argc=0, argv=0x7fff5fbff6c8, envp=0x7fff5fbff6d0) at ../../shell/js.cpp:5065
#17 0x000000010000be6b in main (argc=0, argv=0x7fff5fbff6c8, envp=0x7fff5fbff6d0) at ../../shell/js.cpp:5152
Dave
|
Reporter | |
Comment 1•14 years ago
|
||
This appears to be fixed. Anyone know what did it? Should I close out the bug? Dave
|
|
Reporter | |
Comment 2•14 years ago
|
||
This bug appears to have disappeared, so I'm marking INVALID. Dave
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
|
|
Reporter | |
Comment 3•14 years ago
|
||
Added a test case: http://hg.mozilla.org/tracemonkey/rev/68f2d2c81145
|
||
Comment 4•14 years ago
|
||
Fixed by patch for bug 619003, right? If the bug did bite but over time some unknown change fixed things, then the bug becomes WORKSFORME not INVALID -- just FYI. /be
Resolution: INVALID → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•