Closed Bug 968986 Opened 12 years ago Closed 12 years ago

TypedArray "data-view-crash.html" conformance test crashes 32bit Firefox

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jgilbert, Unassigned)

References

(
URL
)

Details

(Keywords: csectype-dos)

Crash Data

I have two machines I tested: 1. 64bit Nightly 30 on Win7 2. 32bit Nightly 30 on Win8 Machine 1 passes the test with no error, but on machine 2 it crashes Firefox. Link is in the URL field.
Did you get a crash report in the process, by any chance?
Flags: needinfo?(jgilbert)
Looks like a null deref.
Crash Signature: [@ js::types::TypeSet::hasType(js::types::Type) ]
Keywords: csectype-dos
Steve, does it seem reasonable that this is just a null deref?
Flags: needinfo?(sphink)
Group: core-security
It's a null deref, but I don't know why 'type' would be NULL there. djvj, can you tell anything about this? Then again, bug 901333 has a somewhat similar crash with not JITs enabled.
Flags: needinfo?(sphink) → needinfo?(kvijayan)
er, *no* JITs enabled.
This looks a lot like bug 977538, FWIW. Jeff, can you still reproduce this?
Yep, doesn't crash for me anymore.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Flags: needinfo?(kvijayan)
You need to log in before you can comment on or make changes to this bug.