Closed Bug 677589 Opened 8 years ago Closed 8 years ago

[jsdbg2] Crash [@ JSObject::getClass] when cloning null

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: decoder, Assigned: jorendorff)

References

(Blocks 1 open bug)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(1 file)

v1 8 years ago Jason Orendorff [:jorendorff] 1.83 KB, patch	jimb : review+	Details \| Diff \| Splinter Review

Christian Holler (:decoder)

Reporter

Description

•

8 years ago

The following code crashes on jsdbg2 branch (revision f189dd6316eb, options -j -m -a -d):

var g2 = newGlobal('new-compartment');
g2.clone(null);


Looks like a simple null-pointer deref, probably a minor problem.

Jason Orendorff [:jorendorff]

Assignee

Comment 1

•

8 years ago

Attached patch v1 — Details — Splinter Review

Assignee: general → jorendorff

Attachment #551852 - Flags: review?(jimb)

Jim Blandy :jimb

Updated

•

8 years ago

Attachment #551852 - Flags: review?(jimb) → review+

Jason Orendorff [:jorendorff]

Assignee

Comment 2

•

8 years ago

http://hg.mozilla.org/users/jblandy_mozilla.com/jsdbg2/rev/7333f4075063

Status: NEW → RESOLVED

Closed: 8 years ago

Resolution: --- → FIXED

Christian Holler (:decoder)

Reporter

Comment 3

•

7 years ago

A testcase for this bug was automatically identified at js/src/tests/js1_8_5/extensions/regress-677589.js.

Flags: in-testsuite+

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[jsdbg2] Crash [@ JSObject::getClass] when cloning null

Categories

(Core :: JavaScript Engine, defect, critical)

Tracking

()

People

(Reporter: decoder, Assigned: jorendorff)

References

(Blocks 1 open bug)

Details

(Keywords: crash, testcase)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 2

Comment 3