Last Comment Bug 958598 - Assertion failure: getSlotRef(FLOAT32X4_TYPE_OBJECT).isUndefined(), at vm/GlobalObject.h:419 due to OOM in SIMDObject::initClass
: Assertion failure: getSlotRef(FLOAT32X4_TYPE_OBJECT).isUndefined(), at vm/Glo...
: sec-want
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86_64 Linux
-- critical (vote)
: mozilla29
Assigned To: Christian Holler (:decoder)
: Jason Orendorff [:jorendorff]
Depends on:
Blocks: langfuzz 912928
  Show dependency treegraph
Reported: 2014-01-10 09:39 PST by Christian Holler (:decoder)
Modified: 2014-01-13 14:48 PST (History)
3 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

simd.patch (2.40 KB, patch)
2014-01-10 09:39 PST, Christian Holler (:decoder)
nmatsakis: review+
Details | Diff | Splinter Review

Description User image Christian Holler (:decoder) 2014-01-10 09:39:42 PST
Created attachment 8358502 [details] [diff] [review]

The function SIMDObject::initClass, which initializes the SIMD global object, can be called multiple times, if an OOM occurs during initialization. Due to the order of things being done there, an OOM can lead to a half-initialized state, leading to the mentioned assert. The attached patch reorders some of the code to avoid this.
Comment 1 User image Christian Holler (:decoder) 2014-01-13 09:55:50 PST
Comment 2 User image Ryan VanderMeulen [:RyanVM] 2014-01-13 14:48:59 PST

Note You need to log in before you can comment on or make changes to this bug.