Closed Bug 635805 Opened 14 years ago Closed 14 years ago

"Assertion failure: fp->isFunctionFrame() && !fp->isEvalFrame()"

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
blocking2.0 --- betaN+

People

(Reporter: jruderman, Assigned: luke)

References

Details

(Keywords: assertion, regression, testcase, Whiteboard: [hardblocker])

Attachments

(3 files)

testcase (asserts fatally when loaded)
326 bytes, text/html
Details
stack trace
10.92 KB, text/plain
Details
fix
948 bytes, patch
dvander
: review+
Details | Diff | Splinter Review
Assertion failure: fp->isFunctionFrame() && !fp->isEvalFrame(), at js/src/jsinterpinlines.h:530 I think this started within the last few hours. I guess it's a regression from bug 634542. That patch added a call from RunScript to PutActivationObjects, which is seen in this bug's stack trace.
Attached file stack trace
blocking2.0: --- → ?
Attached patch fixSplinter Review
Ah, d'oh! Thanks Jesse. Bug 635805 is going to make all this explicit PutActivationObjects business unnecessary, but might as well fix the temporary fix first.
Assignee: general → lw
Status: NEW → ASSIGNED
Attachment #514120 - Flags: review?(gal)
http://hg.mozilla.org/mozilla-central/rev/102927bff6de Erg, I just realized I forgot the most excellent test case. I will add that to my follow-up work in bug 635811. OOC Jesse, have you specifically trained your fuzzers to hammer on this function-in-cleared-global corner case, or did this just naturally occur?
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
(bookkeeping changes)
blocking2.0: ? → betaN+
Whiteboard: [hardblocker]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: