Closed
Bug 764379
Opened 12 years ago
Closed 12 years ago
IonMonkey: Crash on heap with gcPreserveCode
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 763989
People
(Reporter: decoder, Unassigned)
References
Details
(Keywords: crash, testcase, Whiteboard: [jsbugmon:update][fuzzblocker])
The following testcase crashes on ionmonkey revision 71b71dcbf9fe (run with --ion -n -m --ion-eager): function reportFailure (msg) {} function reportCompare (expected, actual, description) { var output = ""; reportFailure (description + " : " + output); } var lfcode = new Array(); lfcode.push("\ var summary = 'Let declarations should not warn that function does not ' +\ test();\ function test() {\ actual = 'No Warning';\ expect = 'No Warning';\ reportCompare(expect, actual, summary + ': 1');\ }\ "); lfcode.push("function reportFailure (section, msg) {}"); lfcode.push("\ var UBound = 0;\ var statusitems = [];\ var actualvalues = [];\ var expectedvalues = [];\ addThis();\ addThis();\ function addThis() {\ UBound++;\ }\ for (var i=0; i<UBound; i++) {\ reportCompare(expectedvalues[i], actualvalues[i], statusitems[i]);\ }\ "); lfcode.push("gc();"); lfcode.push("reportCompare(expect, actual, summary);"); gcPreserveCode() while (true) { var file = lfcode.shift(); if (file == undefined) { break; } evaluate(file); }
Reporter | ||
Comment 1•12 years ago
|
||
GDB info: Program received signal SIGSEGV, Segmentation fault. 0x00414424 in ?? () (gdb) bt #0 0x00414424 in ?? () #1 0xf7814a90 in ?? () Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb) x /i $pc => 0x414424: mov 0x89f770d0,%al Marking as fuzzblocker because this causes lots of signatures due to crash without any symbols.
Whiteboard: [jsbugmon:update] → [jsbugmon:update][fuzzblocker]
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Updated•12 years ago
|
Group: core-security
Reporter | ||
Comment 3•11 years ago
|
||
A testcase for this bug was already added in the original bug (bug 763989).
Flags: in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•