Closed
Bug 842482
Opened 12 years ago
Closed 12 years ago
Crash with array buffer from other global
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla22
People
(Reporter: jruderman, Assigned: terrence)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(3 files)
|
4.10 KB,
text/plain
|
Details | |
|
258 bytes,
text/html
|
Details | |
|
1.61 KB,
patch
|
bhackett1024
:
review+
bajaj
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
var g = newGlobal();
new g.DataView(new g.ArrayBuffer());
The first bad revision is:
changeset: 5ddd827d87ec
user: Terrence Cole
date: Tue Feb 12 11:50:49 2013 -0800
summary: Bug 839215 - Make large typedarrays singletons more aggressively; r=bhackett
|
||
Updated•12 years ago
|
Crash Signature: [@ js::EncapsulatedPtr<JSFunction, unsigned long>::operator JSFunction*()]
|
Reporter | |
Comment 1•12 years ago
|
||
|
|
Reporter | |
Comment 2•12 years ago
|
||
Crash Signature: [@ js::EncapsulatedPtr<JSFunction, unsigned long>::operator JSFunction*()] → [@ js::EncapsulatedPtr<JSFunction, unsigned long>::operator JSFunction*()]
[@ js::types::UseNewTypeForInitializer(JSContext*, JSScript*, unsigned char*, JSProtoKey) ]
|
|
||
Updated•12 years ago
|
OS: Mac OS X → All
Hardware: x86_64 → All
|
|
||
Updated•12 years ago
|
tracking-firefox21:
--- → ?
|
||
Updated•12 years ago
|
status-firefox21:
--- → affected
|
|
||
Comment 3•12 years ago
|
||
Passing on to Terrence as this may be a fallout from 839215 per description . Please feel free to reassign if needed.
Assignee: general → terrence
|
Assignee | |
Comment 4•12 years ago
|
||
Attachment #717941 -
Flags: review?(bhackett1024)
|
||
Updated•12 years ago
|
Attachment #717941 -
Flags: review?(bhackett1024) → review+
|
|
Assignee | |
Comment 5•12 years ago
|
||
|
||
Comment 6•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla22
|
|
Assignee | |
Comment 7•12 years ago
|
||
Comment on attachment 717941 [details] [diff] [review]
v0
[Approval Request Comment]
Bug caused by (feature/regressing bug #): Bug 839215
User impact if declined: Crash on cross-global typedarray creation.
Testing completed (on m-c, etc.): Fuzz test checked into mozilla-inbound.
Risk to taking this patch (and alternatives if risky): Zero. This is a trivial crash fix.
String or UUID changes made by this patch: None.
Attachment #717941 -
Flags: approval-mozilla-aurora?
|
|
||
Updated•12 years ago
|
Attachment #717941 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Comment 8•12 years ago
|
||
status-firefox22:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•