Status
()
People
(Reporter: gkw, Unassigned)
Tracking
(Blocks: 1 bug, 4 keywords)
Firefox Tracking Flags
(firefox18 unaffected, firefox19 unaffected, firefox20 unaffected, firefox21+ fixed, firefox-esr10 unaffected, firefox-esr17 unaffected, b2g18 unaffected)
Details
(Whiteboard: [jsbugmon:update])
Attachments
(2 attachments)
|
3.59 KB,
text/plain
|
Details | |
|
945 bytes,
patch
|
dvander
:
review+
|
Details | Diff | Splinter Review |
Created attachment 703179 [details] stack String.prototype.search = evalcx('').String.prototype.search x = /./.test() ''.search(/()/) asserts js debug shell on m-c changeset ce9cdd801a73 without any CLI arguments at Assertion failure: inUse_.empty(), s-s because gc is on the stack. autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 118977:f2e3d3913d70 user: Sean Stangl date: Tue Jan 15 15:35:25 2013 -0800 summary: Bug 829758 - use MatchOnly mode for str_search(). r=dvander
|
(Reporter) | |
Comment 1•5 years ago
|
||
Sean, this seems to point to bug 829758 as the regressor.
status-b2g18: --- → unaffected
status-firefox-esr10: --- → unaffected
status-firefox18: --- → unaffected
status-firefox19: --- → unaffected
status-firefox20: --- → unaffected
status-firefox21: --- → affected
status-firefox-esr17: --- → unaffected
Flags: needinfo?(sstangl)
|
|
(Reporter) | |
Updated•5 years ago
|
||
tracking-firefox21: --- → ?
|
|
(Reporter) | |
Comment 2•5 years ago
|
||
Tentatively rating sec-critical, because compartments and gc are on the stack.
|
|
(Reporter) | |
Updated•5 years ago
|
||
Keywords: sec-critical
|
||
Comment 3•5 years ago
|
||
Created attachment 703610 [details] [diff] [review] fix evalcx() lets multiple RegExpStatics leak into the same RegExpCompartment's RegExpShared usage table. This is safe: we just need to iterate in the destructor.
Attachment #703610 -
Flags: review?(dvander)
Flags: needinfo?(sstangl)
Attachment #703610 -
Flags: review?(dvander) → review+
|
|
(Reporter) | |
Updated•5 years ago
|
||
Keywords: checkin-needed
|
|
||
Comment 4•5 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/4e7658d7727c
Flags: in-testsuite+
|
|
(Reporter) | |
Updated•5 years ago
|
||
Keywords: checkin-needed
|
||
Updated•5 years ago
|
||
tracking-firefox21: ? → +
|
||
Updated•5 years ago
|
||
Whiteboard: [jsbugmon:update] → [jsbugmon:update,ignore]
|
|
||
Comment 5•5 years ago
|
||
JSBugMon: The testcase found in this bug no longer reproduces (tried revision 02e12a80aef9).
|
|
(Reporter) | |
Comment 6•5 years ago
|
||
This landed. http://hg.mozilla.org/mozilla-central/rev/4e7658d7727c
Status: NEW → RESOLVED
Last Resolved: 5 years ago
status-firefox21: affected → fixed
Resolution: --- → FIXED
Whiteboard: [jsbugmon:update,ignore] → [jsbugmon:update,bisectfix]
Target Milestone: --- → mozilla21
|
|
(Reporter) | |
Updated•5 years ago
|
||
Whiteboard: [jsbugmon:update,bisectfix] → [jsbugmon:update]
|
|
||
Updated•5 years ago
|
||
Status: RESOLVED → VERIFIED
|
|
||
Comment 7•5 years ago
|
||
JSBugMon: This bug has been automatically verified fixed.
|
||
Updated•5 years ago
|
||
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•