Note: There are a few cases of duplicates in user autocompletion which are being worked on.

[jsdbg2] Crash [@ JSObject::getClass] when cloning null

RESOLVED FIXED

Status

()

Product:
Core
Component:
JavaScript Engine
--
critical
RESOLVED FIXED
Reported:
6 years ago
Modified:
5 years ago

People

(Reporter: decoder, Assigned: jorendorff)

Tracking

(Blocks: 1 bug, {crash, testcase})

Version:
Other Branch
x86_64
Linux
Keywords:
crash, testcase
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment)

v1
1.83 KB, patch
jimb
: review+
Details | Diff | Splinter Review
(Reporter)

Description

6 years ago 
The following code crashes on jsdbg2 branch (revision f189dd6316eb, options -j -m -a -d):

var g2 = newGlobal('new-compartment');
g2.clone(null);


Looks like a simple null-pointer deref, probably a minor problem.
(Assignee)

Comment 1

6 years ago 
Created attachment 551852 [details] [diff] [review]
v1
Assignee: general → jorendorff
Attachment #551852 - Flags: review?(jimb)

Updated

6 years ago
Attachment #551852 - Flags: review?(jimb) → review+
 (Assignee)

Comment 2

6 years ago 
http://hg.mozilla.org/users/jblandy_mozilla.com/jsdbg2/rev/7333f4075063
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
 (Reporter)

Comment 3

5 years ago 
A testcase for this bug was automatically identified at js/src/tests/js1_8_5/extensions/regress-677589.js.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.