698299 - "Assertion failure: !ret && cx->isExceptionPending()" in SecurityWrapper::nativeCall

Status: RESOLVED FIXED

(Core :: JavaScript Engine, defect)

Description

[Jesse Ruderman]

Assertion failure: !ret && cx->isExceptionPending(), at js/src/jswrapper.cpp:866

The code containing the assertion was added in:

changeset:   949c2cf4c772
user:        Luke Wagner
date:        Tue Oct 04 10:50:25 2011 -0700
summary:     Bug 690825 - Add a SecurityWrapper base between JS transparent wrappers and XPConnect security wrappers (r=mrbkap)

Comment 1

[Jesse Ruderman]

Attachment: testcase (asserts fatally when loaded)

Comment 2

[Jesse Ruderman]

Attachment: stack trace

Comment 3

[Johnny Stenback (:jst)]

Luke, can you look into this? Also, guessing sg:critical here, but I'm happy to downgrade this if it's not that severe.

Comment 4

[Luke Wagner [:luke]]

Ah, the assert is bogus: it asserts that, if we return false, an exception is pending.  This is not true if we have arrived without pushing a stack frame (in the testcase: via setTimeout + bound function object) in which case ReportError chooses not to throw but to instead report immediately (leaving no exception pending).

Comment 5

[Luke Wagner [:luke]]

Attachment: rm assert

Oops, my previous description of the assert ("it asserts that, if we return false, an exception is pending") is wrong; I should have said: "it asserts that we return false AND an exception is pending").  Same conclusion though: bogus assert.

Comment 6

[Luke Wagner [:luke]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/71046de4fb6a

Comment 7

[Marco Bonardo [:mak]]

https://hg.mozilla.org/mozilla-central/rev/71046de4fb6a