Assertion failure: co->script == __null, at jsinfer.cpp:2768 with setObjectMetadataCallback

RESOLVED FIXED in mozilla25

Status

()

Core
JavaScript Engine
--
critical
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: decoder, Assigned: bhackett)

Tracking

(Blocks: 1 bug, {assertion, testcase})

Trunk
mozilla25
x86_64
Linux
assertion, testcase
Points:
---

Firefox Tracking Flags

(firefox24 affected)

Details

Attachments

(2 attachments)

(Reporter)

Description

5 years ago
The following testcase asserts on mozilla-central revision 18467a85acf6 (threadsafe build, run with --fuzzing-safe --ion-eager):


setObjectMetadataCallback(function(obj) {});
obj = 8;
(Reporter)

Comment 1

5 years ago
Created attachment 775617 [details]
[crash-signature] Machine-readable crash signature
(Reporter)

Comment 2

5 years ago
More setObjectMetadataCallback fallout. Brian, can you take a look at this and the others?
Flags: needinfo?(bhackett1024)
(Assignee)

Comment 3

5 years ago
Created attachment 777815 [details] [diff] [review]
patch

This is a bug in ReleaseAllJITCode, though that function is only exposed in the shell via setObjectMetadataCallback.
Assignee: general → bhackett1024
Attachment #777815 - Flags: review?(jdemooij)
Flags: needinfo?(bhackett1024)

Updated

5 years ago
Attachment #777815 - Flags: review?(jdemooij) → review+
https://hg.mozilla.org/mozilla-central/rev/d1d4d0fb7c61
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla25
(Reporter)

Updated

4 years ago
status-firefox24: --- → affected
You need to log in before you can comment on or make changes to this bug.