Last Comment Bug 677589 - [jsdbg2] Crash [@ JSObject::getClass] when cloning null
: [jsdbg2] Crash [@ JSObject::getClass] when cloning null
Status: RESOLVED FIXED
: crash, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Other Branch
: x86_64 Linux
: -- critical (vote)
: ---
Assigned To: Jason Orendorff [:jorendorff]
:
Mentors:
Depends on:
Blocks: langfuzz
  Show dependency treegraph
 
Reported: 2011-08-09 10:23 PDT by Christian Holler (:decoder)
Modified: 2013-01-04 13:22 PST (History)
5 users (show)
choller: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Attachments
v1 (1.83 KB, patch)
2011-08-09 12:26 PDT, Jason Orendorff [:jorendorff] 		jimb: review+
Details | Diff | Splinter Review
View All Add an attachment (proposed patch, testcase, etc.)

Description Christian Holler (:decoder) 2011-08-09 10:23:13 PDT 
The following code crashes on jsdbg2 branch (revision f189dd6316eb, options -j -m -a -d):

var g2 = newGlobal('new-compartment');
g2.clone(null);


Looks like a simple null-pointer deref, probably a minor problem.
Comment 1 Jason Orendorff [:jorendorff] 2011-08-09 12:26:52 PDT 
Created attachment 551852 [details] [diff] [review]
v1
Comment 2 Jason Orendorff [:jorendorff] 2011-08-09 14:26:39 PDT 
http://hg.mozilla.org/users/jblandy_mozilla.com/jsdbg2/rev/7333f4075063
Comment 3 Christian Holler (:decoder) 2013-01-04 13:22:21 PST 
A testcase for this bug was automatically identified at js/src/tests/js1_8_5/extensions/regress-677589.js.
Note You need to log in before you can comment on or make changes to this bug.