TM: Crash due to call stack overflow [@ js_ValueToString]

RESOLVED FIXED

Status

()

Core
JavaScript Engine
--
critical
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: decoder, Unassigned)

Tracking

(Blocks: 1 bug, {crash, testcase})

Trunk
x86_64
Linux
crash, testcase
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

(Reporter)

Description

6 years ago
The following testcase crashes on TI revision 74a8fb1bbec5 (works with most option combinations), tested on 64 bit:

throw {toString: parseInt.call};


This looks like a call stack overflow.
TM tip is busted on this testcase too, not a TI bug.
No longer blocks: 619415
Summary: TI: Crash due to call stack overflow [@ js_ValueToString] → TM: Crash due to call stack overflow [@ js_ValueToString]
autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   64672:0906d9490eaf
user:        Jeff Walden
date:        Mon Mar 28 20:01:53 2011 -0700
summary:     Bug 645468 - Remove js_TryMethod: its semantics aren't what most of its users want, and its utility is limited.  r=luke
Blocks: 645468
Can't reproduce against latest TM tip, am I doing it wrong or did this go away?

Comment 4

6 years ago
Went away:

The first good revision is:
changeset:   43cef42964d7
user:        Tom Schuster (evilpies)
date:        Mon Apr 11 01:38:27 2011 -0700
summary:     Bug 601709 - Remove the misnomer InstanceOf variant methods by replacing their uses with clearer if-not-class-then-report code.  r=jwalden
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Crash Signature: [@ js_ValueToString]
(Reporter)

Updated

6 years ago
Blocks: 676763
(Reporter)

Comment 5

5 years ago
Automatically extracted testcase for this bug was committed:

https://hg.mozilla.org/mozilla-central/rev/efaf8960a929
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.