Crash in js::GetObjectClass when executing a gcli command written in the scratchpad

RESOLVED INACTIVE

Status

()

--
critical
RESOLVED INACTIVE
7 years ago
9 months ago

People

(Reporter: padenot, Unassigned)

Tracking

({assertion, crash})

16 Branch
x86_64
Linux
assertion, crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

7 years ago
Backtrace : http://pastebin.mozilla.org/1679892

STR:
- Open the scratchpad in chrome mode (devtools.chrome.enable to true, Environment to Chrome in the scratchpad), and enable the gcli (devtools.toolbar.enabled to true) ;
- Paste the following in it: http://pastebin.mozilla.org/1679894 ;
- Open the gcli using ctrl+shift+v ;
- Type "reload page 4s".

Expected:
- The browsers does not crash.

Actual:
- The page reload once, and the browser crashes.

An odd looking pointer is being dereferenced, apparently : 
(gdb) p reinterpret_cast<const shadow::Object*>(obj)->shape->base
$4 = (js::shadow::BaseShape *) 0xa5a5a5a500000001
(Reporter)

Comment 1

7 years ago
Oh, and I get that in the console just before the crash :

55048000[7f280213a480]: ###!!! ASSERTION: function object has parent of unknown class!: 'Error', file /home/paul/workspace/mozilla-middle/js/xpconnect/src/XPCWrappedNative.cpp, line 1798
###!!! ASSERTION: function object has parent of unknown class!: 'Error', file /home/paul/workspace/mozilla-middle/js/xpconnect/src/XPCWrappedNative.cpp, line 1798

Updated

7 years ago
Severity: normal → critical
Crash Signature: [@ js::GetObjectClass]
Keywords: assertion

Comment 2

7 years ago
Paul, the pastebins seem to have disappeared.  Can you upload those as bug attachments instead?
(Reporter)

Comment 3

7 years ago
Created attachment 654694 [details]
File that was in the pastein.

Here you go.

Comment 4

9 months ago
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Last Resolved: 9 months ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.