Closed Bug 762324 Opened 9 years ago Closed 9 years ago
"Assertion failure: pc == bce->code(top + table
The attached testcase asserts js debug shell on m-c changeset f918d74f736c without any CLI arguments at Assertion failure: pc == bce->code(top + tableSize),
Unfortunately I was not able to get a bisection in time.
Tested on 64-bit Windows 7.
Hardware: x86 → x86_64
autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 95044:699a613bf616 user: Benjamin Peterson date: Sat May 26 09:33:53 2012 -0400 summary: Bug 757676 - Implement JS default parameters. r=jorendorff
9 years ago
Assignee: general → bpeterson
Attachment #636033 - Flags: review?(jorendorff)
The security sensitivity of this bug comes from its potential to write to memory not owned by the JS engine.
9 years ago
Attachment #636033 - Flags: review?(jorendorff) → review+
Comment on attachment 636033 [details] [diff] [review] don't let the memory change under us [Approval Request Comment] Bug caused by (feature/regressing bug #): Bug 757676 User impact if declined: JS can potentially write to random memory Testing completed (on m-c, etc.): Features is well tested by js engine tests. Risk to taking this patch (and alternatives if risky): None; only sane solution really. String or UUID changes made by this patch: None
Attachment #636033 - Flags: approval-mozilla-aurora?
Comment on attachment 636033 [details] [diff] [review] don't let the memory change under us [Triage Comment] Low risk sg:crit fix for Aurora 15.
Attachment #636033 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Target Milestone: --- → mozilla16
Removed checkin-needed for the moment; we should let it bake on inbound / central for at least a few days before landing on aurora.
JSBugMon: This bug has been automatically verified fixed.
Whiteboard: [js:p1] → [js:p1][advisory-tracking-]
Automatically extracted testcase for this bug was committed: https://hg.mozilla.org/mozilla-central/rev/efaf8960a929
You need to log in before you can comment on or make changes to this bug.