Closed Bug 677589 Opened 9 years ago Closed 9 years ago

[jsdbg2] Crash [@ JSObject::getClass] when cloning null

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
Other Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: decoder, Assigned: jorendorff)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(1 file)

v1
1.83 KB, patch
jimb
: review+
Details | Diff | Splinter Review 
The following code crashes on jsdbg2 branch (revision f189dd6316eb, options -j -m -a -d):

var g2 = newGlobal('new-compartment');
g2.clone(null);


Looks like a simple null-pointer deref, probably a minor problem.
Attached patch v1Splinter Review
Assignee: general → jorendorff
Attachment #551852 - Flags: review?(jimb)
Attachment #551852 - Flags: review?(jimb) → review+
http://hg.mozilla.org/users/jblandy_mozilla.com/jsdbg2/rev/7333f4075063
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
A testcase for this bug was automatically identified at js/src/tests/js1_8_5/extensions/regress-677589.js.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.