Closed Bug 658215 Opened 14 years ago Closed 14 years ago

TI: Assertion failure: addr % Cell::CellSize == 0, at ../jsgc.h:424

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 650673

People

(Reporter: decoder, Unassigned)

References

Details

(Keywords: assertion, testcase)

The following testcase asserts on TI revision 4dff743ec04d (run with -j -m -n -a), tested on 64 bit. S-s because this could be a duplicate of 650673 which affects TM. If so, then the test here is much much easier. function summary( ) { } gczeal(2); eval("\ function exploit() {\ var obj = this, args = null;\ } catch(ex) {}\ }");
Nice testcase! I was seeing this assert too but the testcases were unreliable in reproduction..
Yeah, this is a dupe of 650673 (and, yeah, this is a really nice testcase). I'll put together a patch for this tonight (would be good to get in before bug 650978, as that will make this bug really obvious).
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Group: core-security
You need to log in before you can comment on or make changes to this bug.