Closed Bug 635531 Opened 13 years ago Closed 9 years ago

Crash [@ js::Shape::hasSetterValue] NULL pointer dereference with watchpoints, setters

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
All
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
status1.9.2 --- unaffected

People

(Reporter: jandem, Assigned: jorendorff)

References

Details

(4 keywords, Whiteboard: [sg:dos])

Crash Data

Attachments

(2 files)

Test case
214 bytes, application/x-javascript
Details
Stack trace
2.05 KB, text/plain
Details
Attached file Test case 
Attached testcase crashes in debug and release builds.
Summary: NULL-ptr dereference with watchpoints, setters → NULL pointer dereference with watchpoints, setters
Attached file Stack trace 
Looks like some shape pointer is NULL.
The first bad revision is:
changeset:   62175:589bb166be02
user:        Jason Orendorff <jorendorff@mozilla.com>
date:        Tue Feb 08 16:09:33 2011 -0600
summary:     Bug 627984 - Tighten up assertions in JSObject::methodReadBarrier. r=brendan.
Blocks: 627984
Keywords: regression
Assignee: general → jorendorff
Whiteboard: [sg:dos]
Summary: NULL pointer dereference with watchpoints, setters → Crash [@ js::Shape::hasSetterValue] NULL pointer dereference with watchpoints, setters
Version: unspecified → Trunk
Crash Signature: [@ js::Shape::hasSetterValue]
any reason to keep this closed if it is sg:dos?
Group: core-security
status1.9.2: --- → unaffected
WFM as of m-c rev e537a1ba501b.
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: in-testsuite?
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: