Bug 149253 - ASSERTION FAILED: s.length() > 1 in JSC::jsNontrivialString
Summary: ASSERTION FAILED: s.length() > 1 in JSC::jsNontrivialString
Status: RESOLVED DUPLICATE of bug 160324
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Local Build
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2015-09-17 01:32 PDT by Renata Hodovan
Modified: 2016-08-04 17:22 PDT (History)
3 users (show)

See Also:


Attachments
Test case (65 bytes, application/javascript)
2015-09-17 01:32 PDT, Renata Hodovan
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2015-09-17 01:32:03 PDT
Created attachment 261377 [details]
Test case

Load this test with debug jsc:

SyntaxError.prototype.name = 0;
SyntaxError.prototype.toString();


Backtrace:

ASSERTION FAILED: s.length() > 1
../../Source/JavaScriptCore/runtime/JSString.h(491) : JSC::JSString* JSC::jsNontrivialString(JSC::VM*, const WTF::String&)

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff71b9ab6 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff71b9ab6 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007ffff6db58e0 in JSC::jsNontrivialString (vm=0x7ffff1002000, s=...) at ../../Source/JavaScriptCore/runtime/JSString.h:491
#2  0x00007ffff6db5a4c in JSC::jsNontrivialString (exec=0x7fffffffc620, s=...) at ../../Source/JavaScriptCore/runtime/JSString.h:621
#3  0x00007ffff6fd6254 in JSC::errorProtoFuncToString (exec=0x7fffffffc620) at ../../Source/JavaScriptCore/runtime/ErrorPrototype.cpp:125
#4  0x00007fffb0fff0c8 in ?? ()
#5  0x00007fffffffc690 in ?? ()
#6  0x00007ffff7163101 in llint_entry () from WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18
Comment 1 Brent Fulgham 2016-08-04 17:17:09 PDT
This problem does not reproduce under r204037, most likely due to changes in the JavaScript implementation. If you believe there is still a problem, please reopen this bug with a revised test case.
Comment 2 Mark Lam 2016-08-04 17:22:14 PDT
This was fixed independently in https://bugs.webkit.org/show_bug.cgi?id=160324.  So, duping to 160324 to track when the fix landed.

*** This bug has been marked as a duplicate of bug 160324 ***