Closed Bug 925019 Opened 12 years ago Closed 11 years ago

compartment mismatch when js::jit::DoCallFallback calls Invoke

Categories

(Core :: JavaScript Engine: JIT, defect)

defect
Not set
normal

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: mccr8, Unassigned)

References

Details

(Keywords: sec-other)

I see three of these crashes on crash-stats: c00b701c-20c0-49fe-959c-e6fee2131005 4a9cbdbb-b54d-4282-8c2d-ddb4b2131005 3adfce7e-10d8-484b-be88-2c2932131008 DoCallFallback doesn't enter a compartment anywhere, so maybe that's the problem?
AFAICS the interpreter also doesn't enter a compartment for JSOP_CALL and friends before it calls Invoke. Unfortunately the stack is not very helpful due to inlining :(
Ah, I see. I suppose this could be another instance of the JSOP_CALL compartment mismatch I was seeing for a while. I was hoping there might be something useful in there. :)
Marking sec-other because this sounds like one of these invoke crashes that are unactionable.
Keywords: sec-other
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.