The default bug view has changed. See this FAQ.

Crash [@ GetElement] or "Assertion failure: index >= 0,"

RESOLVED FIXED

Status

()

Core
JavaScript Engine
--
critical
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: gkw, Unassigned)

Tracking

(Blocks: 1 bug, {assertion, crash, testcase})

Trunk
x86
Linux
assertion, crash, testcase
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [ccbr], crash signature)

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
Created attachment 540226 [details]
stack

(Array(2415838199)).reduceRight(function(){})

crashes js opt shell on JM changeset 9ff00d53b5a5 without any CLI arguments at GetElement and asserts js debug shell at Assertion failure: index >= 0,

May be related to bug 663468 or bug 664009 ?
(Reporter)

Comment 1

6 years ago
Also reproduces on TM changeset e59b1d2a2f79.
(Reporter)

Comment 2

6 years ago
autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   26356:7f7722d3a2dc
user:        Jeff Walden
date:        Mon Jan 12 13:07:48 2009 -0800
summary:     Bug 465980 - Some array methods don't work right on ginormous arrays.  r=brendan
Blocks: 465980
I didn't land the fix for bug 664009 in TM, only in m-c and a bunch of beta and release branches.  I'm pretty sure this goes away with a m-c->TM merge.

Updated

6 years ago
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 663468

Updated

6 years ago
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---

Updated

6 years ago
Duplicate of this bug: 663468

Comment 6

6 years ago
sorry for the noise.
(Reporter)

Comment 7

6 years ago
(In reply to comment #3)
> I didn't land the fix for bug 664009 in TM, only in m-c and a bunch of beta
> and release branches.  I'm pretty sure this goes away with a m-c->TM merge.

Confirmed to be fixed in a later TM changeset 0428dbdf3d58.
Status: REOPENED → RESOLVED
Last Resolved: 6 years ago6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.