Closed Bug 821470 Opened 12 years ago Closed 12 years ago

Crash [@ js::frontend::StrictModeGetter::get]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla20
Tracking Flags:
Tracking Status
firefox17 --- unaffected
firefox18 --- unaffected
firefox19 --- unaffected
firefox20 - fixed
firefox-esr10 --- unaffected
firefox-esr17 --- unaffected

People

(Reporter: gkw, Unassigned)

References

Details

(Keywords: crash, regression, testcase, Whiteboard: [fuzzblocker][jsbugmon:update])

Crash Data

Attachments

(1 file)

stack
23.04 KB, text/plain
Details
Attached file stack 
Function("\
    \"use strict\";\
    const x = x = (function(){});\
")()

crashes js debug and opt shell on m-c changeset 020555b69f72 without any CLI arguments at js::frontend::StrictModeGetter::get

This seems like a null deref with strict mode, but setting fuzzblocker because it's showing up constantly in the fuzzers.

autoBisecting now..
autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   115802:fa10b335dd65
user:        Benjamin Peterson
date:        Wed Dec 12 01:35:05 2012 -0500
summary:     Bug 819509 - Reparse functions if we discover they are strict. r=njn
Blocks: 819509
status-firefox-esr10: --- → unaffected
status-firefox17: --- → unaffected
status-firefox18: --- → unaffected
status-firefox19: --- → unaffected
status-firefox20: --- → affected
status-firefox-esr17: --- → unaffected
tracking-firefox20: --- → ?
Should be fixed by bug 821103.
Depends on: 821103
Status: NEW → RESOLVED
Closed: 12 years ago
No longer depends on: 821103
Resolution: --- → DUPLICATE
I'm reopening this for the purpose of holding one of the patches from bug 821103, which directly fixes this.

https://hg.mozilla.org/integration/mozilla-inbound/rev/a28cfd7299e5
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Blocks: 822283
This doesn't look to be a serious user-facing regression or otherwise something we would block a release for, not tracking.
tracking-firefox20: ?-
Also, fixed now. :)
status-firefox20: affectedfixed
https://hg.mozilla.org/mozilla-central/rev/a28cfd7299e5
Status: REOPENED → RESOLVED
Closed: 12 years ago12 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
A type of test for this bug has already been landed because it is already marked in-testsuite+ -> VERIFIED.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: