Last Comment Bug 958598 - Assertion failure: getSlotRef(FLOAT32X4_TYPE_OBJECT).isUndefined(), at vm/GlobalObject.h:419 due to OOM in SIMDObject::initClass
: Assertion failure: getSlotRef(FLOAT32X4_TYPE_OBJECT).isUndefined(), at vm/Glo...
Status: RESOLVED FIXED
: sec-want
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86_64 Linux
-- critical (vote)
: mozilla29
Assigned To: Christian Holler (:decoder)
:
: Jason Orendorff [:jorendorff]
Mentors:
Depends on:
Blocks: langfuzz 912928
  Show dependency treegraph
 
Reported: 2014-01-10 09:39 PST by Christian Holler (:decoder)
Modified: 2014-01-13 14:48 PST (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
simd.patch (2.40 KB, patch)
2014-01-10 09:39 PST, Christian Holler (:decoder)
nmatsakis: review+
Details | Diff | Splinter Review

Description User image Christian Holler (:decoder) 2014-01-10 09:39:42 PST
Created attachment 8358502 [details] [diff] [review]
simd.patch

The function SIMDObject::initClass, which initializes the SIMD global object, can be called multiple times, if an OOM occurs during initialization. Due to the order of things being done there, an OOM can lead to a half-initialized state, leading to the mentioned assert. The attached patch reorders some of the code to avoid this.
Comment 1 User image Christian Holler (:decoder) 2014-01-13 09:55:50 PST
https://hg.mozilla.org/integration/mozilla-inbound/rev/2ba9e57f5678
Comment 2 User image Ryan VanderMeulen [:RyanVM] 2014-01-13 14:48:59 PST
https://hg.mozilla.org/mozilla-central/rev/2ba9e57f5678

Note You need to log in before you can comment on or make changes to this bug.