Closed
Bug 696492
Opened 13 years ago
Closed 13 years ago
Crash [@ JSObject::getPrivate]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: gkw, Unassigned)
References
Details
(Keywords: crash, regression, testcase, Whiteboard: js-triage-needed)
Crash Data
Attachments
(1 file)
4.04 KB,
text/plain
|
Details |
The attached testcase crashes 64-bit js debug shell on Mac 10.6 on m-c changeset 6cd262091470 with -m, -a and -d at JSObject::getPrivate. This was found using a combination of jsfunfuzz and jandem's method fuzzer. autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 73034:938c1a177114 user: Jason Orendorff date: Tue Jul 19 11:00:43 2011 -0500 summary: Bug 648175 - Remove JSOP_FOR*. Second second landing, to coin a phrase. r=dvander.
Reporter | ||
Updated•13 years ago
|
Crash Signature: [@ JSObject::getPrivate]
Reporter | ||
Comment 2•13 years ago
|
||
Seems to be WFM.
Reporter | ||
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
Updated•13 years ago
|
Flags: in-testsuite?
Reporter | ||
Comment 3•13 years ago
|
||
Not needed in test suite for this, the testcase was huge and totally unreduced and contained substantial elements of fuzzer code.
Flags: in-testsuite? → in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•