Closed
Bug 860435
Opened 11 years ago
Closed 11 years ago
Crash with setTimeout, exception
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla24
People
(Reporter: jruderman, Assigned: mrbkap)
References
Details
(Keywords: crash, regression, testcase, Whiteboard: [fuzzblocker])
Crash Data
Attachments
(1 file)
|
2.47 KB,
patch
|
terrence
:
review+
mrbkap
:
checkin+
|
Details | Diff | Splinter Review |
The testcase in bug 802477 (attachment 672169 [details]) now causes a crash in Nightly. [@ js::ion::IonFrameIterator::script]. A month ago, it was harmless in Nightly. bp-6ff8be45-b3be-4668-9d06-1613b2130410
|
||
Comment 1•11 years ago
|
||
For me: bp-fcd62d41-519b-46fb-9392-cf1172130410.
Crash Signature: [@ js::ion::IonFrameIterator::script() const ]
[@ js::ion::IonFrameIterator::script() ]
OS: Mac OS X → All
Hardware: x86_64 → All
|
Reporter | |
Comment 2•11 years ago
|
||
The DOM fuzzer is hitting this often enough to slow it down.
Whiteboard: [fuzzblocker]
|
Assignee | |
Comment 3•11 years ago
|
||
I went back and forth a bit on changing the other tests of iter.done() to null-check script, but the relationship between iter.done() being true and script being non-null is pretty obvious, so I left those alone (also, changing both other occurrences left an implicit script-not-null implies iter-not-done so it wasn't that much more clear).
|
||
Comment 4•11 years ago
|
||
Comment on attachment 755104 [details] [diff] [review] Proposed patch Review of attachment 755104 [details] [diff] [review]: ----------------------------------------------------------------- m=me
Attachment #755104 -
Flags: review?(terrence) → review+
|
|
Assignee | |
Comment 5•11 years ago
|
||
Comment on attachment 755104 [details] [diff] [review] Proposed patch https://hg.mozilla.org/integration/mozilla-inbound/rev/6b42d26c2a93
Attachment #755104 -
Flags: checkin+
|
||
Comment 6•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/6b42d26c2a93
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
You need to log in
before you can comment on or make changes to this bug.
Description
•