Closed
Bug 656228
Opened 13 years ago
Closed 13 years ago
TI: "Assertion failure: lval.isNull() || lval.isUndefined(),"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 655950
People
(Reporter: gkw, Unassigned)
References
Details
(Keywords: assertion, testcase)
new(function() {})().s()
asserts js debug shell on JM changeset fd1abc43d698 with -m, -a and -n at Assertion failure: lval.isNull() || lval.isUndefined(),
(gdb) bt
#0 0xf7fdf430 in __kernel_vsyscall ()
#1 0xf7fb5ba0 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
#2 0x081fda8d in JS_Assert (s=0x845de44 "lval.isNull() || lval.isUndefined()", file=0x845d290 "/home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69167-fd1abc43d698/compilePath/js/src/jsinterp.cpp", ln=4183)
at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69167-fd1abc43d698/compilePath/js/src/jsutil.cpp:89
#3 0x0839703f in js::Interpret (cx=0x84e4028, entryFrame=0xf76e4030, inlineCallCount=0, interpMode=js::JSINTERP_SAFEPOINT)
at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69167-fd1abc43d698/compilePath/js/src/jsinterp.cpp:4183
#4 0x08354b19 in js_InternalInterpret (returnData=0xf750f048, returnType=0xffff0007, returnReg=0x82b6370, f=...)
at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69167-fd1abc43d698/compilePath/js/src/methodjit/InvokeHelpers.cpp:1621
#5 0x082b6348 in JaegerInterpoline () at /home/fuzz1/Desktop/jsfunfuzz-dbg-32-jm-69167-fd1abc43d698/compilePath/js/src/methodjit/MethodJIT.cpp:152
#6 0x000f4240 in ?? ()
#7 0x00000000 in ?? ()
|
||
Comment 1•13 years ago
|
||
WFM, and this hits the busted cast fixed in bug 655950, so I'm guessing that's the problem. Reopen if you can still repro.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
|
||
Comment 2•11 years ago
|
||
A testcase for this bug was already added in the original bug (bug 655950).
Flags: in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•