Closed Bug 721935 Opened 12 years ago Closed 12 years ago

Crash [@ js::LookupPropertyWithFlags] or [@ js_CheckForStringIndex]

Tracking

()

Status:

VERIFIED FIXED

People

(Reporter: gkw, Unassigned)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(1 file)

stack 12 years ago Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now) 12.33 KB, text/plain		Details

Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)

Reporter

Description

•

12 years ago

Attached file stack — Details

function tryItOut(code) {
    f = eval("(function(){" + code + "})")
    try {
        f()
    } catch (e) {}
}
tryItOut("x=7");
tryItOut("\"use strict\";for(d in[x=arguments]){}");
tryItOut("for(v in((Object.seal)(x)));x.length=Function")

crashes js opt shell on m-c changeset 8a59519e137e without any CLI arguments at js::LookupPropertyWithFlags and crashes js debug shell at js_CheckForStringIndex

This seems like a too much recursion crash.

Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)

Reporter

Comment 1

•

12 years ago

Fix and test landed in bug 779215. -> RESOLVED / VERIFIED FIXED

Status: NEW → RESOLVED

Closed: 12 years ago

Flags: in-testsuite+

Resolution: --- → FIXED

Whiteboard: js-triage-needed

Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)

Reporter

Updated

•

12 years ago

Status: RESOLVED → VERIFIED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Crash [@ js::LookupPropertyWithFlags] or [@ js_CheckForStringIndex]

Categories

(Core :: JavaScript Engine, defect)

Tracking

()

People

(Reporter: gkw, Unassigned)

References

Details

(Keywords: crash, testcase)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Attachment

General

Description

File Name

Content Type