Closed
Bug 793385
Opened 12 years ago
Closed 12 years ago
Assertion failure: addr % Cell::CellSize == 0, at ../../gc/Heap.h:846 with OOM
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
mozilla18
| Tracking | Status | |
|---|---|---|
| firefox17 | --- | unaffected |
| firefox18 | --- | fixed |
| firefox-esr10 | --- | unaffected |
| firefox-esr17 | --- | unaffected |
People
(Reporter: decoder, Assigned: dvander)
References
Details
(Keywords: assertion, sec-moderate, testcase, Whiteboard: [jsbugmon:update][adv-main18-])
Attachments
(1 file)
|
1.22 KB,
patch
|
billm
:
review+
|
Details | Diff | Splinter Review |
The following testcase asserts on mozilla-central revision e4757379b99a (run with --ion-eager):
gcparam("maxBytes", gcparam("gcBytes") + 4*1024);
function f() {
var inner4 = f("get"),
x1,x2,x3,x4,x5,x11,x12,x13,x14,x15,x16,x17,x18,
otherGlobalSameCompartment = newGlobal("same-compartment");
eval('');
}
assertEq("aaa".replace(/a/g, f()), "poniesponiesponies");
|
Assignee | |
Updated•12 years ago
|
Whiteboard: [jsbugmon:update] → [jsbugmon:update][ion:p1:fx18]
|
|
Assignee | |
Comment 1•12 years ago
|
||
This isn't an Ion bug but needs to be fixed anyway.
Summary: IonMonkey: Assertion failure: addr % Cell::CellSize == 0, at ../../gc/Heap.h:846 with OOM → Assertion failure: addr % Cell::CellSize == 0, at ../../gc/Heap.h:846 with OOM
Whiteboard: [jsbugmon:update][ion:p1:fx18] → [jsbugmon:update]
|
|
Assignee | |
Comment 2•12 years ago
|
||
Attachment #664223 -
Flags: review?(wmccloskey) → review+
|
|
Assignee | |
Comment 3•12 years ago
|
||
|
||
Comment 4•12 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
status-firefox18:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
|
||
Comment 5•12 years ago
|
||
How far back does this bug go? Do we need it in ESR10 or Firefox 17?
status-firefox-esr10:
--- → ?
|
Reporter | |
Updated•12 years ago
|
Status: RESOLVED → VERIFIED
|
|
Reporter | |
Comment 6•12 years ago
|
||
JSBugMon: This bug has been automatically verified fixed.
|
|
||
Updated•12 years ago
|
Keywords: sec-moderate
|
|
Assignee | |
Comment 7•12 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #5)
> How far back does this bug go? Do we need it in ESR10 or Firefox 17?
This bug is only in Firefox 18.
|
|
||
Updated•12 years ago
|
|
||
Updated•12 years ago
|
status-firefox-esr17:
--- → unaffected
Whiteboard: [jsbugmon:update] → [jsbugmon:update][adv-main18-]
|
|
||
Updated•12 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•