Closed Bug 635164 Opened 13 years ago Closed 13 years ago

"Assertion failure: userbuf.base <= tokptr && tokptr <= userbuf.limit,"

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
blocking2.0 --- -

People

(Reporter: gkw, Unassigned)

References

Details

(Keywords: assertion, regression, testcase)

Attachments

(1 file)

stack
3.09 KB, text/plain
Details
Attached file stack 
Function("function(){};break\n")()

asserts xpcshell on TM changeset 2d44fc834071 without -m nor -j at Assertion failure: userbuf.base <= tokptr && tokptr <= userbuf.limit, tested on 64-bit Mac and Linux.

Nominating blocking2.0? because this shows up very often on fuzzers.

Not the smallest regression window: It didn't used to occur on changeset db8be4e3f373

http://hg.mozilla.org/tracemonkey/pushloghtml?fromchange=db8be4e3f373&tochange=2d44fc834071
Actually I've a testcase that asserts on 32-bit debug js shells too. Stay tuned.
Hardware: x86_64 → All
Summary: "Assertion failure: userbuf.base <= tokptr && tokptr <= userbuf.limit," with xpcshell → "Assertion failure: userbuf.base <= tokptr && tokptr <= userbuf.limit,"
(In reply to comment #1)
> Actually I've a testcase that asserts on 32-bit debug js shells too. Stay
> tuned.

Reflect.parse("<\n")

asserts js debug shells similarly.

autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   62719:2d44fc834071
tag:         tip
user:        Nicholas Nethercote
date:        Thu Feb 17 19:02:48 2011 -0800
summary:     Bug 634444 - Errors in long lines cause memory spikes when a console is in use.  r=brendan, a=blocking.

Fixed by follow-up fix:

http://hg.mozilla.org/tracemonkey/rev/0d4b01278890
Blocks: 634444
Flags: in-testsuite?
Whiteboard: fixed-in-tracemonkey
Don't think we'd block, but glad it's fixed and a=beltzner for merging this across.
blocking2.0: ? → -
This bug should be updated when bug 634444 is updated / fixed after Fx 4.
Whiteboard: fixed-in-tracemonkey
(In reply to comment #4)
> This bug should be updated when bug 634444 is updated / fixed after Fx 4.

But perhaps this bug should be resolved somehow since bug 634444 has been backed out..

Fixed by backout of bug 634444.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: