Closed
Bug 842482
Opened 11 years ago
Closed 11 years ago
Crash with array buffer from other global
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla22
People
(Reporter: jruderman, Assigned: terrence)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(3 files)
4.10 KB,
text/plain
|
Details | |
258 bytes,
text/html
|
Details | |
1.61 KB,
patch
|
bhackett1024
:
review+
bajaj
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
var g = newGlobal(); new g.DataView(new g.ArrayBuffer()); The first bad revision is: changeset: 5ddd827d87ec user: Terrence Cole date: Tue Feb 12 11:50:49 2013 -0800 summary: Bug 839215 - Make large typedarrays singletons more aggressively; r=bhackett
Updated•11 years ago
|
Crash Signature: [@ js::EncapsulatedPtr<JSFunction, unsigned long>::operator JSFunction*()]
Reporter | ||
Comment 1•11 years ago
|
||
Reporter | ||
Comment 2•11 years ago
|
||
bp-87414cc9-6485-46e0-9bc7-a2bcf2130219
Crash Signature: [@ js::EncapsulatedPtr<JSFunction, unsigned long>::operator JSFunction*()] → [@ js::EncapsulatedPtr<JSFunction, unsigned long>::operator JSFunction*()]
[@ js::types::UseNewTypeForInitializer(JSContext*, JSScript*, unsigned char*, JSProtoKey) ]
Updated•11 years ago
|
OS: Mac OS X → All
Hardware: x86_64 → All
Updated•11 years ago
|
tracking-firefox21:
--- → ?
Updated•11 years ago
|
status-firefox21:
--- → affected
Comment 3•11 years ago
|
||
Passing on to Terrence as this may be a fallout from 839215 per description . Please feel free to reassign if needed.
Assignee: general → terrence
Assignee | ||
Comment 4•11 years ago
|
||
Attachment #717941 -
Flags: review?(bhackett1024)
Updated•11 years ago
|
Attachment #717941 -
Flags: review?(bhackett1024) → review+
Assignee | ||
Comment 5•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/5bb4e4ea6977
Comment 6•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/5bb4e4ea6977
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla22
Assignee | ||
Comment 7•11 years ago
|
||
Comment on attachment 717941 [details] [diff] [review] v0 [Approval Request Comment] Bug caused by (feature/regressing bug #): Bug 839215 User impact if declined: Crash on cross-global typedarray creation. Testing completed (on m-c, etc.): Fuzz test checked into mozilla-inbound. Risk to taking this patch (and alternatives if risky): Zero. This is a trivial crash fix. String or UUID changes made by this patch: None.
Attachment #717941 -
Flags: approval-mozilla-aurora?
Updated•11 years ago
|
Attachment #717941 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 8•11 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/e162659d1a93
status-firefox22:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•