Closed Bug 791157 Opened 7 years ago Closed 7 years ago

"Assertion failure: !bce->script->noScriptRval" with evaluate()

Categories

(Core :: JavaScript Engine, defect, minor)

defect
Not set
minor

Tracking

()

RESOLVED FIXED
mozilla18

People

(Reporter: jruderman, Assigned: jimb)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, regression, testcase)

Attachments

(1 file)

try {
    evaluate('%', {noScriptRval: true});
} catch(e) {}
new Function("");

Assertion failure: !bce->script->noScriptRval, at js/src/jsscript.cpp:1694

The first bad revision is:
changeset:   96131c46e845
user:        Nick Fitzgerald
date:        Thu Aug 16 17:54:07 2012 -0700
summary:     Bug 772113: Expose source map URLs via Debugger.Script r=jimb
Duplicate of this bug: 792588
Nick, any chance you could take a look at this? comment 0 points to your checkin as the cause of this assertion as found by the fuzzers.
The problem here is that |evaluate| doesn't properly restore the JSContext's option mask when an error occurs in compilation. Evaluate is a shell-only function, and only used for testing, so this isn't an important bug.

The cited patch made the bug visible, but did not introduce it.

It's an easy fix.
Assignee: general → jimb
Severity: critical → minor
Status: NEW → ASSIGNED
OS: Mac OS X → All
Hardware: x86_64 → All
Oh, actually the cited patch *did* introduce the problem. I missed it in review.
Comment on attachment 663144 [details] [diff] [review]
Make sure the shell's 'evaluate' function properly restores the JSContext options.

Changing reviewer since it seems like jorendorff will be out for a bit.
Attachment #663144 - Flags: review?(jorendorff) → review?(luke)
Attachment #663144 - Flags: review?(luke) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/1233552047f4
Flags: in-testsuite+
Target Milestone: --- → mozilla18
https://hg.mozilla.org/mozilla-central/rev/1233552047f4
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.