Closed Bug 963077 Opened 7 years ago Closed 7 years ago

Assertion failure: hasScript(), at c:\users\mozilla\debug-builds\mozilla-central\js\src\jsfun.h:337


(Core :: JavaScript Engine, defect)

Not set



Tracking Status
firefox27 --- unaffected
firefox28 --- unaffected
firefox29 --- fixed
firefox-esr24 --- unaffected
b2g18 --- unaffected
b2g-v1.1hd --- unaffected
b2g-v1.2 --- unaffected
b2g-v1.3 --- unaffected
b2g-v1.4 --- fixed


(Reporter: cbook, Assigned: till)




(Keywords: assertion, intermittent-failure)


(3 files)

found via bughunter

steps to reproduce:

-> Trunk Debug Build from m-c tip on win7
-> Load
--> Assertion failure after a few seconds

working on a regression range and testcase
(In reply to Carsten Book [:Tomcat] from comment #0)
> working on a regression range and testcase

This almost certainly is caused by bug 886193. I'm looking into it (though I can't currently reproduce), but I don't think it's necessarily sec-critical.
I just rebuilt, and can't reproduce at all. I'm on OS X, though. Reliable STR would be great.
Attached file windows stack
Attached file linux crash stack
(In reply to Till Schneidereit [:till] from comment #2)
> I just rebuilt, and can't reproduce at all. I'm on OS X, though. Reliable
> STR would be great.

hm seems according to bughunter that this happens on linux and windows but also no results/crashes for mac OS X so far and steps to reproduce from comment #0 still works, only that i had to reload the site sometimes to crash
Ok, I'll try reproducing on Linux, then. Thanks for the further info.
And of course I can't reproduce on Linux (Fedora 19 64bit), either
Turns out js_fun_apply uses the callee before Invoke is called and ensures that the function is delazified. This fixes that, and, judging by the stack traces, should also fix the crashes.
Attachment #8365091 - Flags: review?(jdemooij)
Assignee: nobody → till
Comment on attachment 8365091 [details] [diff] [review]
ensure function is non-lazy before getting its arguments in js_fun_apply.

Review of attachment 8365091 [details] [diff] [review]:

Good catch.
Attachment #8365091 - Flags: review?(jdemooij) → review+

Jandem, thanks for the quick review; Tomcat, thanks for the stack traces and analysis. I didn't manage to reproduce the problem, but the stack traces gave me enough information in the end.
OS: Windows 7 → All
Hardware: x86 → All
Group: core-security
You need to log in before you can comment on or make changes to this bug.