Closed
Bug 635805
Opened 13 years ago
Closed 13 years ago
"Assertion failure: fp->isFunctionFrame() && !fp->isEvalFrame()"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | betaN+ |
People
(Reporter: jruderman, Assigned: luke)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: [hardblocker])
Attachments
(3 files)
Assertion failure: fp->isFunctionFrame() && !fp->isEvalFrame(), at js/src/jsinterpinlines.h:530 I think this started within the last few hours. I guess it's a regression from bug 634542. That patch added a call from RunScript to PutActivationObjects, which is seen in this bug's stack trace.
|
Reporter | |
Comment 1•13 years ago
|
||
|
|
Reporter | |
Updated•13 years ago
|
blocking2.0: --- → ?
|
Assignee | |
Comment 2•13 years ago
|
||
Ah, d'oh! Thanks Jesse. Bug 635805 is going to make all this explicit PutActivationObjects business unnecessary, but might as well fix the temporary fix first.
|
|
||
Updated•13 years ago
|
Attachment #514120 -
Flags: review?(gal) → review+
|
|
Assignee | |
Comment 3•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/102927bff6de Erg, I just realized I forgot the most excellent test case. I will add that to my follow-up work in bug 635811. OOC Jesse, have you specifically trained your fuzzers to hammer on this function-in-cleared-global corner case, or did this just naturally occur?
|
|
Assignee | |
Updated•13 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•