If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Assertion failure: addr % Cell::CellSize == 0, at ../../jsgc.h:711

RESOLVED DUPLICATE of bug 684619

Status

()

Core
JavaScript Engine
--
critical
RESOLVED DUPLICATE of bug 684619
6 years ago
6 years ago

People

(Reporter: decoder, Unassigned)

Tracking

(Blocks: 1 bug, {assertion, testcase})

Trunk
x86
Linux
assertion, testcase
Points:
---

Firefox Tracking Flags

(firefox8- wontfix)

Details

(Reporter)

Description

6 years ago
The following test asserts on mozilla-central revision 921e1db5cf11 (options -m -n -a):


function referencesVia(from, edge, to) {
    var edges = findReferences(to);
    var alternatives = [];
    for (var e in edges) {
        if (edges[e].indexOf(from) != -1)
        uneval(alternatives);
    }
}
(function f() {
    (f)(referencesVia(arguments, 'callee', f), true);
})();


Marking this s-s because this involves GC. Unless the issue is a bug in the internal "findReferences" function, this should be sg:critical.
(Reporter)

Comment 1

6 years ago
This could be a duplicate of 684619, in that case the problem would be internal to findReferences. Someone needs to investigate this and confirm that.

In any case, this and other bugs that might be internal to findReferences should be fixed so the function can be reliably used during testing.
Assuming the worst pending the invetigation finding out it wasn't.
Whiteboard: [sg:critical] js-triage-needed

Updated

6 years ago
status-firefox10: --- → affected
status-firefox11: --- → affected
status-firefox8: --- → wontfix
status-firefox9: --- → affected
tracking-firefox10: --- → +
tracking-firefox11: --- → +
tracking-firefox8: --- → -
tracking-firefox9: --- → +
This might be related to bug 684619, which has a patch that just landed on mozilla-inbound.
This WFM now. Christian, would you mind retesting just to make sure I'm running it right?
(Reporter)

Comment 5

6 years ago
(In reply to David Mandelin from comment #4)
> This WFM now. Christian, would you mind retesting just to make sure I'm
> running it right?

I can confirm the WFM, but the test is also wrongly labeled to be 64 bit while it only works on 32 bit. I did a bisect and found out it's indeed a duplicate of bug 684619 which is not s-s.
Group: core-security
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Hardware: x86_64 → x86
Resolution: --- → DUPLICATE
Duplicate of bug: 684619
(Reporter)

Updated

6 years ago
Whiteboard: [sg:critical] js-triage-needed

Comment 6

6 years ago
Tracking original.
status-firefox10: affected → ---
status-firefox11: affected → ---
status-firefox9: affected → ---
tracking-firefox10: + → ---
tracking-firefox11: + → ---
tracking-firefox9: + → ---
You need to log in before you can comment on or make changes to this bug.