Closed Bug 639591 Opened 13 years ago Closed 13 years ago

TI+JM: GC-related crash

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: jandem, Unassigned)

References

Details

(Whiteboard: fixed-in-jaegermonkey)

Attachments

(1 file)

Stack trace 13 years ago Jan de Mooij [:jandem] 6.36 KB, text/plain		Details

Jan de Mooij [:jandem]

Reporter

Description

•

13 years ago

--
gczeal(2);
var x;
[eval("x")] ? eval("x") : 3;
eval("Object()");
--
Crashes debug shell with -a -m -n, somewhere in GC code.

Jan de Mooij [:jandem]

Reporter

Comment 1

•

13 years ago

Attached file Stack trace — Details

(gdb) p obj
$1 = (JSObject *) 0x70fff0
(gdb) p obj->type
$2 = (class js::types::TypeObject *) 0x0

Brian Hackett [Laid off!]

Comment 2

•

13 years ago

eval scripts that are awaiting GC can also be entrained on the list of scripts in a compartment (had a forlorn :FIXME: wondering if this was possible, but no assertion).

http://hg.mozilla.org/projects/jaegermonkey/rev/38c06cbd6993

Status: NEW → RESOLVED

Closed: 13 years ago

Resolution: --- → FIXED

Whiteboard: fixed-in-jaegermonkey

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

TI+JM: GC-related crash

Categories

(Core :: JavaScript Engine, defect)

Tracking

()

People

(Reporter: jandem, Unassigned)

References

Details

(Whiteboard: fixed-in-jaegermonkey)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Attachment

General

Description

File Name

Content Type