Closed
Bug 849777
Opened 13 years ago
Closed 13 years ago
Crash [@ js::frontend::TokenStream::reportCompileErrorNumberVA]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla22
People
(Reporter: decoder, Assigned: bhackett1024)
Details
(Keywords: crash, testcase, Whiteboard: [jsbugmon:update])
Crash Data
Attachments
(2 files)
|
165 bytes,
application/javascript
|
Details | |
|
2.21 KB,
patch
|
jorendorff
:
review+
|
Details | Diff | Splinter Review |
The attached testcase crashes on mozilla-central revision eccf45749400 (no options required).
|
Reporter | |
Updated•13 years ago
|
Whiteboard: [jsbugmon:update,bisect]
|
|
Reporter | |
Comment 1•13 years ago
|
||
Crash trace:
==11377== Invalid read of size 4
==11377== at 0x859B596: js::frontend::TokenStream::reportCompileErrorNumberVA(js::frontend::TokenPos const&, unsigned int, unsigned int, char*) (TokenStream.cpp:510)
==11377== by 0x8507278: js::frontend::BytecodeEmitter::reportError(js::frontend::ParseNode*, unsigned int, ...) (BytecodeEmitter.cpp:1669)
==11377== by 0x8352C27: JSScript::fullyInitFromEmitter(JSContext*, JS::Handle<JSScript*>, js::frontend::BytecodeEmitter*) (jsscript.cpp:1889)
==11377== by 0x84F6833: js::frontend::CompileScript(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSScript*>, JS::CompileOptions const&, unsigned short const*, unsigned int, JSString*, unsigned int, js::SourceCompressionToken*) (BytecodeCompiler.cpp:265)
==11377== by 0x85B17AF: EvalKernel(JSContext*, JS::CallArgs const&, EvalType, js::AbstractFramePtr, JS::Handle<JSObject*>) (Eval.cpp:297)
==11377== by 0x85B2EA4: js::DirectEval(JSContext*, JS::CallArgs const&) (Eval.cpp:421)
==11377== by 0x873346A: js::mjit::stubs::Eval(js::VMFrame&, unsigned int) (InvokeHelpers.cpp:469)
==11377== by 0x95198BB: ???
==11377== by 0x8C9DFF3: ??? (in /srv/repos/mozilla-central/js/src/debug32/shell/js)
==11377== Address 0x8 is not stack'd, malloc'd or (recently) free'd
|
||
Updated•13 years ago
|
Crash Signature: [@ js::frontend::TokenStream::reportCompileErrorNumberVA] → [@ js::frontend::TokenStream::reportCompileErrorNumberVA(js::frontend::TokenPos const&, unsigned int, unsigned int, char*) ]
|
|
Reporter | |
Updated•13 years ago
|
Whiteboard: [jsbugmon:update,bisect] → [jsbugmon:update]
|
|
Reporter | |
Comment 2•13 years ago
|
||
JSBugMon: Bisection requested, result:
autoBisect shows this is probably related to the following changeset:
The first bad revision is:
changeset: 123020:c92816f3028c
user: Brian Hackett
date: Tue Feb 26 08:41:57 2013 -0700
summary: Bug 835587 - Add syntax only mode to parser, r=jorendorff.
This iteration took 114.940 seconds to run.
|
|
Reporter | |
Comment 3•13 years ago
|
||
Brian, can you take a look based on comment 2? Thanks.
Flags: needinfo?(bhackett1024)
|
Assignee | |
Comment 4•13 years ago
|
||
Errors reported via the bytecode emitter weren't null checking properly.
Assignee: general → bhackett1024
Attachment #725760 -
Flags: review?(jorendorff)
Flags: needinfo?(bhackett1024)
|
||
Updated•13 years ago
|
Attachment #725760 -
Flags: review?(jorendorff) → review+
|
|
Assignee | |
Comment 5•13 years ago
|
||
|
||
Comment 6•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla22
You need to log in
before you can comment on or make changes to this bug.
Description
•