Assertion failure: obj, at dist/include/js/Value.h:527 with OOM

RESOLVED FIXED in mozilla28

Status

()

Core
JavaScript Engine
--
critical
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: decoder, Assigned: terrence)

Tracking

(Blocks: 2 bugs, {assertion, testcase})

Trunk
mozilla28
x86
Linux
assertion, testcase
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite -

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 2 obsolete attachments)

(Reporter)

Description

4 years ago
The following testcase asserts on mozilla-central revision 19fd3388c372 (run with --fuzzing-safe --ion-eager --ion-eager --ion-check-range-analysis):


oomAfterAllocations(1);
var uint32 = TypedObject.uint32;
(Reporter)

Comment 1

4 years ago
Created attachment 821680 [details]
[crash-signature] Machine-readable crash signature
(Reporter)

Comment 2

4 years ago
Created attachment 823972 [details]
[crash-signature] Machine-readable crash signature
Attachment #821680 - Attachment is obsolete: true
(Assignee)

Comment 3

4 years ago
Created attachment 827516 [details] [diff] [review]
missing_check_in_InitTypedObjectClass-v0.diff

Trivial. Not really worth the overhead of a test here.
Assignee: general → terrence
Status: NEW → ASSIGNED
Attachment #827516 - Flags: review?(nmatsakis)
(Assignee)

Updated

4 years ago
Flags: in-testsuite-
(Assignee)

Updated

4 years ago
Blocks: 912928
(Reporter)

Comment 4

4 years ago
Created attachment 827703 [details]
[crash-signature] Machine-readable crash signature
Attachment #823972 - Attachment is obsolete: true
Attachment #827516 - Flags: review?(nmatsakis) → review+
(Assignee)

Comment 5

4 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/abe5f544e06a
https://hg.mozilla.org/mozilla-central/rev/abe5f544e06a
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28

Updated

4 years ago
Keywords: verifyme

Comment 7

4 years ago
Tested with the 11/01 and 02/04 Firefox 28 JS shells on Ubuntu 13.04 x86. I got the same results with both shells (although the 11/01 one is supposed to reproduce the assertion):
"out of memory
out of memory".
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.