Closed Bug 698299 Opened 8 years ago Closed 8 years ago

"Assertion failure: !ret && cx->isExceptionPending()" in SecurityWrapper::nativeCall

Categories

(Core :: JavaScript Engine, defect, critical)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla11

People

(Reporter: jruderman, Assigned: luke)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, testcase)

Attachments

(3 files)

Assertion failure: !ret && cx->isExceptionPending(), at js/src/jswrapper.cpp:866

The code containing the assertion was added in:

changeset:   949c2cf4c772
user:        Luke Wagner
date:        Tue Oct 04 10:50:25 2011 -0700
summary:     Bug 690825 - Add a SecurityWrapper base between JS transparent wrappers and XPConnect security wrappers (r=mrbkap)
Attached file stack trace
Luke, can you look into this? Also, guessing sg:critical here, but I'm happy to downgrade this if it's not that severe.
Assignee: general → luke
Whiteboard: [sg:critical]
Ah, the assert is bogus: it asserts that, if we return false, an exception is pending.  This is not true if we have arrived without pushing a stack frame (in the testcase: via setTimeout + bound function object) in which case ReportError chooses not to throw but to instead report immediately (leaving no exception pending).
Group: core-security
Whiteboard: [sg:critical]
Attached patch rm assertSplinter Review
Oops, my previous description of the assert ("it asserts that, if we return false, an exception is pending") is wrong; I should have said: "it asserts that we return false AND an exception is pending").  Same conclusion though: bogus assert.
Attachment #572477 - Flags: review?(mrbkap)
Attachment #572477 - Flags: review?(mrbkap) → review+
https://hg.mozilla.org/mozilla-central/rev/71046de4fb6a
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.