Closed
Bug 944217
Opened 11 years ago
Closed 11 years ago
"Assertion failure: ctorValue.isObject() && ctorValue.toObject().is<JSFunction>()" with Worker and ParallelArray
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jruderman, Unassigned)
Details
(Keywords: assertion, sec-high, testcase)
Attachments
(2 files)
Assertion failure: ctorValue.isObject() && ctorValue.toObject().is<JSFunction>(), at js/src/builtin/ParallelArray.cpp:121
|
Reporter | |
Comment 1•11 years ago
|
||
|
|
Reporter | |
Updated•11 years ago
|
Group: core-security
|
||
Updated•11 years ago
|
status-b2g18:
--- → unaffected
status-firefox26:
--- → disabled
status-firefox27:
--- → disabled
status-firefox28:
--- → disabled
status-firefox29:
--- → affected
status-firefox-esr24:
--- → disabled
|
||
Updated•11 years ago
|
status-firefox29:
affected → ---
|
|
||
Updated•11 years ago
|
|
||
Updated•11 years ago
|
Group: javascript-core-security
|
|
||
Comment 2•11 years ago
|
||
Niko, could you look into this? Thanks.
|
||
Comment 3•11 years ago
|
||
I am confused. This is running on the trunk? I don't see how that could be, since builtin/ParallelArray.h was long ago removed.
Flags: needinfo?(nmatsakis) → needinfo?(jruderman)
|
|
Reporter | |
Comment 4•11 years ago
|
||
I reported this in November. ParallelArray was removed in December (bug 944074).
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: needinfo?(jruderman)
Resolution: --- → WORKSFORME
|
|
||
Updated•10 years ago
|
Group: javascript-core-security
|
||
Updated•10 years ago
|
Group: core-security → core-security-release
|
|
||
Updated•7 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•