Closed Bug 958598 Opened 10 years ago Closed 10 years ago

Assertion failure: getSlotRef(FLOAT32X4_TYPE_OBJECT).isUndefined(), at vm/GlobalObject.h:419 due to OOM in SIMDObject::initClass

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla29

People

(Reporter: decoder, Assigned: decoder)

References

(Blocks 1 open bug)

Details

(Keywords: sec-want)

Attachments

(1 file)

simd.patch
2.40 KB, patch
nmatsakis
: review+
Details | Diff | Splinter Review
Attached patch simd.patchSplinter Review 
The function SIMDObject::initClass, which initializes the SIMD global object, can be called multiple times, if an OOM occurs during initialization. Due to the order of things being done there, an OOM can lead to a half-initialized state, leading to the mentioned assert. The attached patch reorders some of the code to avoid this.
Attachment #8358502 - Flags: review?(nmatsakis)
Attachment #8358502 - Flags: review?(nmatsakis) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/2ba9e57f5678
Assignee: nobody → choller
Status: NEW → ASSIGNED
https://hg.mozilla.org/mozilla-central/rev/2ba9e57f5678
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla29
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: