Last Comment Bug 649017 - TM: Crash due to call stack overflow [@ js_ValueToString]
: TM: Crash due to call stack overflow [@ js_ValueToString]
Status: RESOLVED FIXED
: crash, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86_64 Linux
: -- critical (vote)
: ---
Assigned To: general
:
:
Mentors:
Depends on:
Blocks: langfuzz 645468
  Show dependency treegraph
 
Reported: 2011-04-11 08:48 PDT by Christian Holler (:decoder)
Modified: 2013-01-19 14:21 PST (History)
8 users (show)
choller: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Christian Holler (:decoder) 2011-04-11 08:48:14 PDT
The following testcase crashes on TI revision 74a8fb1bbec5 (works with most option combinations), tested on 64 bit:

throw {toString: parseInt.call};


This looks like a call stack overflow.
Comment 1 Brian Hackett (:bhackett) 2011-04-11 08:57:40 PDT
TM tip is busted on this testcase too, not a TI bug.
Comment 2 Gary Kwong [:gkw] [:nth10sd] 2011-04-11 18:37:26 PDT
autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   64672:0906d9490eaf
user:        Jeff Walden
date:        Mon Mar 28 20:01:53 2011 -0700
summary:     Bug 645468 - Remove js_TryMethod: its semantics aren't what most of its users want, and its utility is limited.  r=luke
Comment 3 Jeff Walden [:Waldo] (remove +bmo to email) 2011-04-26 12:19:43 PDT
Can't reproduce against latest TM tip, am I doing it wrong or did this go away?
Comment 4 Jesse Ruderman 2011-04-26 14:05:02 PDT
Went away:

The first good revision is:
changeset:   43cef42964d7
user:        Tom Schuster (evilpies)
date:        Mon Apr 11 01:38:27 2011 -0700
summary:     Bug 601709 - Remove the misnomer InstanceOf variant methods by replacing their uses with clearer if-not-class-then-report code.  r=jwalden
Comment 5 Christian Holler (:decoder) 2013-01-19 14:21:24 PST
Automatically extracted testcase for this bug was committed:

https://hg.mozilla.org/mozilla-central/rev/efaf8960a929

Note You need to log in before you can comment on or make changes to this bug.