Closed Bug 633043 Opened 9 years ago Closed 9 years ago

"Assertion failure: !vp->isPrimitive() && callee != &vp[0].toObject()" with InstallTrigger

Categories

(Core :: XPConnect, defect, critical)

x86
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: jruderman, Assigned: gal)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase, Whiteboard: fixed-in-tracemonkey)

Attachments

(3 files)

Assertion failure: !vp->isPrimitive() && callee != &vp[0].toObject(), at js/src/jscntxtinlines.h:732

This is the same assertion as in bug 621420, but the testcases are very different, and I think this bug a regression from the last few days.
Attached file stack trace
Filed as security-sensitive because this seems to involve a chrome-content boundary. Please let me know if it's actually a security bug.
Andreas says he'll have a look.
Assignee: nobody → gal
Just a bad assert. I will fix (NPOTB).
Group: core-security
Attached patch patchSplinter Review
Attachment #511265 - Flags: review?(lw)
Attachment #511265 - Flags: review?(lw) → review+
http://hg.mozilla.org/tracemonkey/rev/9ecbccbaff7b
Whiteboard: fixed-in-tracemonkey
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.