Closed
Bug 821470
Opened 12 years ago
Closed 12 years ago
Crash [@ js::frontend::StrictModeGetter::get]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
mozilla20
Tracking | Status | |
---|---|---|
firefox17 | --- | unaffected |
firefox18 | --- | unaffected |
firefox19 | --- | unaffected |
firefox20 | - | fixed |
firefox-esr10 | --- | unaffected |
firefox-esr17 | --- | unaffected |
People
(Reporter: gkw, Unassigned)
References
Details
(Keywords: crash, regression, testcase, Whiteboard: [fuzzblocker][jsbugmon:update])
Crash Data
Attachments
(1 file)
23.04 KB,
text/plain
|
Details |
Function("\ \"use strict\";\ const x = x = (function(){});\ ")() crashes js debug and opt shell on m-c changeset 020555b69f72 without any CLI arguments at js::frontend::StrictModeGetter::get This seems like a null deref with strict mode, but setting fuzzblocker because it's showing up constantly in the fuzzers. autoBisecting now..
Reporter | ||
Comment 1•12 years ago
|
||
autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 115802:fa10b335dd65 user: Benjamin Peterson date: Wed Dec 12 01:35:05 2012 -0500 summary: Bug 819509 - Reparse functions if we discover they are strict. r=njn
Blocks: 819509
status-firefox-esr10:
--- → unaffected
status-firefox17:
--- → unaffected
status-firefox18:
--- → unaffected
status-firefox19:
--- → unaffected
status-firefox20:
--- → affected
status-firefox-esr17:
--- → unaffected
tracking-firefox20:
--- → ?
Comment 2•12 years ago
|
||
Should be fixed by bug 821103.
Updated•12 years ago
|
Comment 4•12 years ago
|
||
I'm reopening this for the purpose of holding one of the patches from bug 821103, which directly fixes this. https://hg.mozilla.org/integration/mozilla-inbound/rev/a28cfd7299e5
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Comment 5•12 years ago
|
||
This doesn't look to be a serious user-facing regression or otherwise something we would block a release for, not tracking.
Comment 7•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/a28cfd7299e5
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
Reporter | ||
Comment 8•12 years ago
|
||
A type of test for this bug has already been landed because it is already marked in-testsuite+ -> VERIFIED.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•