Closed Bug 633043 Opened 9 years ago Closed 9 years ago

"Assertion failure: !vp->isPrimitive() && callee != &vp[0].toObject()" with InstallTrigger

Categories

(Core :: XPConnect, defect, critical)

Product:
Core
Component:
XPConnect
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jruderman, Assigned: gal)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase, Whiteboard: fixed-in-tracemonkey)

Attachments

(3 files)

testcase (asserts fatally when loaded)
70 bytes, text/html
Details
stack trace
10.18 KB, text/plain
Details
patch
3.42 KB, patch
luke
: review+
Details | Diff | Splinter Review 
Assertion failure: !vp->isPrimitive() && callee != &vp[0].toObject(), at js/src/jscntxtinlines.h:732

This is the same assertion as in bug 621420, but the testcases are very different, and I think this bug a regression from the last few days.
Attached file stack trace 
Filed as security-sensitive because this seems to involve a chrome-content boundary. Please let me know if it's actually a security bug.
Andreas says he'll have a look.
Assignee: nobody → gal
Just a bad assert. I will fix (NPOTB).
Group: core-security
Attached patch patchSplinter Review
Attachment #511265 - Flags: review?(lw)
Attachment #511265 - Flags: review?(lw) → review+
http://hg.mozilla.org/tracemonkey/rev/9ecbccbaff7b
Whiteboard: fixed-in-tracemonkey
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.