Persona is no longer an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 649973 - TI+JM: crash in mjit-generated code
: TI+JM: crash in mjit-generated code
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: general
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: infer-regress
  Show dependency treegraph
Reported: 2011-04-14 06:11 PDT by Jan de Mooij [:jandem]
Modified: 2011-04-14 17:30 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description Jan de Mooij [:jandem] 2011-04-14 06:11:57 PDT
x = 2147483647;
(x+10, false) ? [x % x] : [2 * x];
Crashes with -n -a -m, revision f3acaebac193, 32 bit.
Comment 1 Brian Hackett (:bhackett) 2011-04-14 17:30:43 PDT
We called linkExit() without a subsequent leave() for the negative zero helper in JSOP_MOD (any way to assert the correctness of these leave calls rather than get random corruption?).

Note You need to log in before you can comment on or make changes to this bug.