Closed Bug 791157 Opened 12 years ago Closed 12 years ago

"Assertion failure: !bce->script->noScriptRval" with evaluate()

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
minor

Tracking

()

RESOLVED FIXED
mozilla18

People

(Reporter: jruderman, Assigned: jimb)

References

Details

(Keywords: assertion, regression, testcase)

Attachments

(1 file)

try { evaluate('%', {noScriptRval: true}); } catch(e) {} new Function(""); Assertion failure: !bce->script->noScriptRval, at js/src/jsscript.cpp:1694 The first bad revision is: changeset: 96131c46e845 user: Nick Fitzgerald date: Thu Aug 16 17:54:07 2012 -0700 summary: Bug 772113: Expose source map URLs via Debugger.Script r=jimb
Nick, any chance you could take a look at this? comment 0 points to your checkin as the cause of this assertion as found by the fuzzers.
The problem here is that |evaluate| doesn't properly restore the JSContext's option mask when an error occurs in compilation. Evaluate is a shell-only function, and only used for testing, so this isn't an important bug. The cited patch made the bug visible, but did not introduce it. It's an easy fix.
Assignee: general → jimb
Severity: critical → minor
Status: NEW → ASSIGNED
OS: Mac OS X → All
Hardware: x86_64 → All
Oh, actually the cited patch *did* introduce the problem. I missed it in review.
Comment on attachment 663144 [details] [diff] [review] Make sure the shell's 'evaluate' function properly restores the JSContext options. Changing reviewer since it seems like jorendorff will be out for a bit.
Attachment #663144 - Flags: review?(jorendorff) → review?(luke)
Attachment #663144 - Flags: review?(luke) → review+
Flags: in-testsuite+
Target Milestone: --- → mozilla18
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: