Closed
Bug 837418
Opened 11 years ago
Closed 11 years ago
Crash [@ JS::Handle<JSString*>::operator->] or [@ JSString::isAtom]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla21
Tracking | Status | |
---|---|---|
firefox18 | --- | unaffected |
firefox19 | --- | unaffected |
firefox20 | --- | unaffected |
firefox21 | + | fixed |
firefox-esr17 | --- | unaffected |
b2g18 | --- | unaffected |
b2g18-v1.0.0 | --- | unaffected |
People
(Reporter: gkw, Unassigned)
References
Details
(Keywords: crash, regression, testcase, Whiteboard: [jsbugmon:update])
Crash Data
Attachments
(2 files)
5.11 KB,
text/plain
|
Details | |
821 bytes,
patch
|
terrence
:
review+
|
Details | Diff | Splinter Review |
x = 'x'; for (var m = 0; m < 99; ++m) { x = x.concat(x); } crashes js debug shell on m-c changeset be76182b91a6 without any CLI arguments at JSString::isAtom and crashes js opt shell at JS::Handle<JSString*>::operator-> s-s and assuming sec-critical because weird memory address 0x8000000 seems to be being accessed. autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 119956:052d2de29f8f user: Brian Hackett date: Sat Jan 26 07:42:20 2013 -0700 summary: Bug 834826 - Eliminate or refactor various unnecessary stack roots, r=terrence.
Comment 1•11 years ago
|
||
Silly mistake leading to a NULL crash.
Attachment #709486 -
Flags: review?(terrence)
Comment 4•11 years ago
|
||
Comment on attachment 709486 [details] [diff] [review] patch Review of attachment 709486 [details] [diff] [review]: ----------------------------------------------------------------- Wow, yeah, that's a total facepalm: I should have seen that when reviewing.
Attachment #709486 -
Flags: review?(terrence) → review+
Comment 6•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/bf21c968fa89
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
Updated•11 years ago
|
Updated•11 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•