Bug 149253

Summary: ASSERTION FAILED: s.length() > 1 in JSC::jsNontrivialString
Product: WebKit Reporter: Renata Hodovan <rhodovan.u-szeged>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: bfulgham, mark.lam, msaboff
Priority: P2    
Version: WebKit Local Build   
Hardware: PC   
OS: Linux   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test case none

Description Renata Hodovan 2015-09-17 01:32:03 PDT 
Created attachment 261377 [details]
Test case

Load this test with debug jsc:

SyntaxError.prototype.name = 0;
SyntaxError.prototype.toString();


Backtrace:

ASSERTION FAILED: s.length() > 1
../../Source/JavaScriptCore/runtime/JSString.h(491) : JSC::JSString* JSC::jsNontrivialString(JSC::VM*, const WTF::String&)

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff71b9ab6 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff71b9ab6 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007ffff6db58e0 in JSC::jsNontrivialString (vm=0x7ffff1002000, s=...) at ../../Source/JavaScriptCore/runtime/JSString.h:491
#2  0x00007ffff6db5a4c in JSC::jsNontrivialString (exec=0x7fffffffc620, s=...) at ../../Source/JavaScriptCore/runtime/JSString.h:621
#3  0x00007ffff6fd6254 in JSC::errorProtoFuncToString (exec=0x7fffffffc620) at ../../Source/JavaScriptCore/runtime/ErrorPrototype.cpp:125
#4  0x00007fffb0fff0c8 in ?? ()
#5  0x00007fffffffc690 in ?? ()
#6  0x00007ffff7163101 in llint_entry () from WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18
Comment 1 Brent Fulgham 2016-08-04 17:17:09 PDT 
This problem does not reproduce under r204037, most likely due to changes in the JavaScript implementation. If you believe there is still a problem, please reopen this bug with a revised test case.
Comment 2 Mark Lam 2016-08-04 17:22:14 PDT 
This was fixed independently in https://bugs.webkit.org/show_bug.cgi?id=160324.  So, duping to 160324 to track when the fix landed.

*** This bug has been marked as a duplicate of bug 160324 ***