Persona is no longer an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 721935 - Crash [@ js::LookupPropertyWithFlags] or [@ js_CheckForStringIndex]
: Crash [@ js::LookupPropertyWithFlags] or [@ js_CheckForStringIndex]
: crash, testcase
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86 Mac OS X
: -- critical (vote)
: ---
Assigned To: general
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: jsfunfuzz
  Show dependency treegraph
Reported: 2012-01-27 18:14 PST by Gary Kwong [:gkw] [:nth10sd]
Modified: 2012-07-31 22:21 PDT (History)
3 users (show)
gary: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

stack (12.33 KB, text/plain)
2012-01-27 18:14 PST, Gary Kwong [:gkw] [:nth10sd]
no flags Details

Description Gary Kwong [:gkw] [:nth10sd] 2012-01-27 18:14:45 PST
Created attachment 592337 [details]

function tryItOut(code) {
    f = eval("(function(){" + code + "})")
    try {
    } catch (e) {}
tryItOut("\"use strict\";for(d in[x=arguments]){}");
tryItOut("for(v in((Object.seal)(x)));x.length=Function")

crashes js opt shell on m-c changeset 8a59519e137e without any CLI arguments at js::LookupPropertyWithFlags and crashes js debug shell at js_CheckForStringIndex

This seems like a too much recursion crash.
Comment 1 Gary Kwong [:gkw] [:nth10sd] 2012-07-31 22:21:16 PDT
Fix and test landed in bug 779215. -> RESOLVED / VERIFIED FIXED

Note You need to log in before you can comment on or make changes to this bug.