"Assertion failure: !ret && cx->isExceptionPending()" in SecurityWrapper::nativeCall

RESOLVED FIXED in mozilla11

Status

()

Core
JavaScript Engine
--
critical
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Jesse Ruderman, Assigned: luke)

Tracking

(Blocks: 2 bugs, {assertion, testcase})

Trunk
mozilla11
x86_64
Mac OS X
assertion, testcase
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

(Reporter)

Description

6 years ago
Assertion failure: !ret && cx->isExceptionPending(), at js/src/jswrapper.cpp:866

The code containing the assertion was added in:

changeset:   949c2cf4c772
user:        Luke Wagner
date:        Tue Oct 04 10:50:25 2011 -0700
summary:     Bug 690825 - Add a SecurityWrapper base between JS transparent wrappers and XPConnect security wrappers (r=mrbkap)
(Reporter)

Comment 1

6 years ago
Created attachment 570570 [details]
testcase (asserts fatally when loaded)
(Reporter)

Comment 2

6 years ago
Created attachment 570571 [details]
stack trace
Luke, can you look into this? Also, guessing sg:critical here, but I'm happy to downgrade this if it's not that severe.
Assignee: general → luke
Whiteboard: [sg:critical]
(Assignee)

Comment 4

6 years ago
Ah, the assert is bogus: it asserts that, if we return false, an exception is pending.  This is not true if we have arrived without pushing a stack frame (in the testcase: via setTimeout + bound function object) in which case ReportError chooses not to throw but to instead report immediately (leaving no exception pending).
Group: core-security
Whiteboard: [sg:critical]
(Assignee)

Comment 5

6 years ago
Created attachment 572477 [details] [diff] [review]
rm assert

Oops, my previous description of the assert ("it asserts that, if we return false, an exception is pending") is wrong; I should have said: "it asserts that we return false AND an exception is pending").  Same conclusion though: bogus assert.
Attachment #572477 - Flags: review?(mrbkap)

Updated

6 years ago
Attachment #572477 - Flags: review?(mrbkap) → review+
(Assignee)

Comment 6

6 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/71046de4fb6a
Target Milestone: --- → mozilla11
https://hg.mozilla.org/mozilla-central/rev/71046de4fb6a
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.