Closed
Bug 649263
Opened 13 years ago
Closed 13 years ago
TI: Crash [@ JSObject::getClass] // Null pointer dereference
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 649261
People
(Reporter: decoder, Unassigned)
References
Details
(Keywords: crash, testcase)
Crash Data
The following testcase crashes on TI revision 23a746dac370 (run with -m -n -a), tested on 64 bit: try { BUGNUMBER; var o = {}; } catch(e) {} eval("actual = uneval(o);"); Backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fbf7a0d7720 (LWP 26426)] 0x000000000041319a in JSObject::getClass (this=0x0) at ./jsobj.h:442 442 js::Class *getClass() const { return clasp; } (gdb) bt #0 0x000000000041319a in JSObject::getClass (this=0x0) at ./jsobj.h:442 #1 0x00000000004131b8 in JSObject::getOps (this=0x0) at ./jsobj.h:450 #2 0x00000000005273fa in js_GetMethod (cx=0x2b3edb0, obj=0x0, id={asBits = 140460339239552}, getHow=2, vp=0x7fffb5914650) at jsobj.cpp:5675 #3 0x00000000005beb1a in js_ValueToSource (cx=0x2b3edb0, v=@0x7fffb59146b0) at jsstr.cpp:3933 #4 0x00000000005b71d0 in str_uneval (cx=0x2b3edb0, argc=1, vp=0x7fbf78b86170) at jsstr.cpp:673 #5 0x000000000050038a in js::CallJSNative (cx=0x2b3edb0, native=0x5b718a <str_uneval>, argc=1, vp=0x7fbf78b86170) at jscntxtinlines.h:716 #6 0x000000000071ab87 in CallCompiler::generateNativeStub (this=0x7fffb5915150) at ./methodjit/MonoIC.cpp:818 #7 0x00000000007156ee in js::mjit::ic::NativeCall (f=@0x7fffb5915190, ic=0x2ba97b0) at ./methodjit/MonoIC.cpp:1077 #8 0x00007fbf79f3893b in ?? () #9 0x00007fbf79f38430 in ?? () #10 0x0000000002ba8b80 in ?? () #11 0x00007fffb59156d0 in ?? () #12 0x0000000000000000 in ?? ()
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Updated•13 years ago
|
Crash Signature: [@ JSObject::getClass]
Reporter | ||
Comment 2•11 years ago
|
||
A testcase for this bug was already added in the original bug (bug 649261).
Flags: in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•