Closed
Bug 678211
Opened 13 years ago
Closed 13 years ago
Assertion failure: isScriptFrame(), at ../vm/Stack.h:538 with dummy frame
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla8
People
(Reporter: decoder, Assigned: jorendorff)
Details
(Keywords: assertion, testcase)
Attachments
(1 file)
|
1.14 KB,
patch
|
dvander
:
review+
|
Details | Diff | Splinter Review |
The following code crashes on jsdbg2 branch (revision 48e43edc8834, options -j -m -a):
var g = newGlobal('new-compartment');
var N = g.N = 9;
g.eval("function f(i) { if (i < N) f(i + 1); }");
var dbg = Debugger(g);
var arr = [];
dbg.onEnterFrame = function (frame) {
var i;
var j = i;
for (; frame; frame = frame.older)
this . onEnterFrame(arr[j--], frame);
};
g.f(0);
Not sure if this might be related to bug 678086, the assert is similar but not the same.
|
Assignee | |
Comment 1•13 years ago
|
||
This also exists in mozilla-central (that is, even without jsdbg2). With -j, this asserts the same way:
var g = newGlobal('new-compartment');
g.eval("function f(n) { for (var i = 0; i < n; i++) f(0); }");
g.f(10);
I think this will be pretty easy to patch. Trying it now.Summary: [jsdbg2] Assertion failure: isScriptFrame(), at ../vm/Stack.h:538 → Assertion failure: isScriptFrame(), at ../vm/Stack.h:538 with dummy frame
|
|
Assignee | |
Comment 2•13 years ago
|
||
Assignee: general → jorendorff
Attachment #552535 -
Flags: review?(dvander)
|
||
Updated•13 years ago
|
Attachment #552535 -
Flags: review?(dvander) → review+
http://hg.mozilla.org/mozilla-central/rev/d71ffe484d24
Status: NEW → RESOLVED
Closed: 13 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla8
You need to log in
before you can comment on or make changes to this bug.
Description
•