Closed
Bug 808478
Opened 12 years ago
Closed 10 years ago
"Assertion failure: (&term - term.atom.parenthesesWidth)->inputPosition == term.inputPosition,"
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla20
People
(Reporter: gkw, Assigned: dvander)
References
Details
(Keywords: assertion, regression, testcase, Whiteboard: [fuzzblocker] [js:p1] [jsbugmon:update,ignore])
Attachments
(2 files)
6.35 KB,
text/plain
|
Details | |
3.08 KB,
patch
|
sstangl
:
review+
|
Details | Diff | Splinter Review |
"h".match(RegExp("()??t()*")) asserts js debug shell on m-c changeset 2937fd8e35a1 without any CLI arguments at Assertion failure: (&term - term.atom.parenthesesWidth)->inputPosition == term.inputPosition, autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 112142:8bf2f8cb5e73 user: David Anderson date: Thu Nov 01 21:35:25 2012 -0700 summary: Update Yarr to WebKit rev 130234 (bug 740015, r=dmandelin).
Reporter | ||
Comment 1•12 years ago
|
||
Setting fuzzblocker because this is triggered quite often by jsfunfuzz.
Reporter | ||
Comment 2•12 years ago
|
||
dvander, is this a bug in our YARR adaptation, or is this an upstream bug?
Flags: needinfo?(dvander)
Reporter | ||
Comment 3•12 years ago
|
||
dvander, is this a bug in our YARR adaptation, or is this an upstream bug?
Updated•12 years ago
|
Whiteboard: [fuzzblocker][jsbugmon:update] → [fuzzblocker][jsbugmon:update][js:p1:fx20]
Assignee | ||
Comment 4•12 years ago
|
||
Turns out this is upstream. I filed WebKit bug https://bugs.webkit.org/show_bug.cgi?id=104846.
Flags: needinfo?(dvander)
See Also: → https://bugs.webkit.org/show_bug.cgi?id=104846
Assignee | ||
Comment 5•12 years ago
|
||
I don't know if we should take this or not, but probably, if it will help fuzzing. It disables the assert, and uses the value which is sensible (I don't think -1 is supposed to leak into inputPosition).
Assignee | ||
Updated•12 years ago
|
Attachment #691540 -
Flags: review? → review?(sstangl)
Assignee | ||
Comment 6•12 years ago
|
||
Err, ignore the non-Yarr stuff in that patch :)
Updated•12 years ago
|
Attachment #691540 -
Flags: review?(sstangl) → review+
Reporter | ||
Comment 7•12 years ago
|
||
dvander mentioned to add [leave open]. https://hg.mozilla.org/integration/mozilla-inbound/rev/cd2eb9705765
Whiteboard: [fuzzblocker][jsbugmon:update][js:p1:fx20] → [fuzzblocker][jsbugmon:update][js:p1:fx20][leave open]
Comment 8•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/cd2eb9705765
Updated•12 years ago
|
Whiteboard: [fuzzblocker][jsbugmon:update][js:p1:fx20][leave open] → [fuzzblocker] [js:p1:fx20][leave open] [jsbugmon:update,ignore]
Comment 9•12 years ago
|
||
JSBugMon: The testcase found in this bug no longer reproduces (tried revision dd277d439d31).
Reporter | ||
Comment 10•12 years ago
|
||
Unfortunately in changeset cd2eb9705765 I forgot to set dvander as the author of the patch, sorry for that.
Reporter | ||
Comment 11•11 years ago
|
||
dvander is unlikely to be working on this in the future.
Assignee: dvander → nobody
Status: ASSIGNED → NEW
Reporter | ||
Updated•11 years ago
|
QA Contact: general
Updated•10 years ago
|
Keywords: leave-open
Whiteboard: [fuzzblocker] [js:p1:fx20][leave open] [jsbugmon:update,ignore] → [fuzzblocker] [js:p1] [jsbugmon:update,ignore]
Comment 12•10 years ago
|
||
I don't see a good reason to leave this open, anymore. The crash is fixed and we haven't seen any obvious regressions caused by the new behavior.
Updated•10 years ago
|
Assignee: nobody → dvander
Target Milestone: --- → mozilla20
You need to log in
before you can comment on or make changes to this bug.
Description
•