149253 – ASSERTION FAILED: s.length() > 1 in JSC::jsNontrivialString

RESOLVED DUPLICATE of bug 160324 149253

ASSERTION FAILED: s.length() > 1 in JSC::jsNontrivialString

https://bugs.webkit.org/show_bug.cgi?id=149253

Summary ASSERTION FAILED: s.length() > 1 in JSC::jsNontrivialString

Renata Hodovan

Reported 2015-09-17 01:32:03 PDT

Created attachment 261377 [details] Test case Load this test with debug jsc: SyntaxError.prototype.name = 0; SyntaxError.prototype.toString(); Backtrace: ASSERTION FAILED: s.length() > 1 ../../Source/JavaScriptCore/runtime/JSString.h(491) : JSC::JSString* JSC::jsNontrivialString(JSC::VM*, const WTF::String&) Program received signal SIGSEGV, Segmentation fault. 0x00007ffff71b9ab6 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff71b9ab6 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007ffff6db58e0 in JSC::jsNontrivialString (vm=0x7ffff1002000, s=...) at ../../Source/JavaScriptCore/runtime/JSString.h:491 #2 0x00007ffff6db5a4c in JSC::jsNontrivialString (exec=0x7fffffffc620, s=...) at ../../Source/JavaScriptCore/runtime/JSString.h:621 #3 0x00007ffff6fd6254 in JSC::errorProtoFuncToString (exec=0x7fffffffc620) at ../../Source/JavaScriptCore/runtime/ErrorPrototype.cpp:125 #4 0x00007fffb0fff0c8 in ?? () #5 0x00007fffffffc690 in ?? () #6 0x00007ffff7163101 in llint_entry () from WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18

Attachments
Test case (65 bytes, application/javascript) 2015-09-17 01:32 PDT, Renata Hodovan	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2016-08-04 17:17:09 PDT

This problem does not reproduce under r204037, most likely due to changes in the JavaScript implementation. If you believe there is still a problem, please reopen this bug with a revised test case.

Mark Lam

Comment 2 2016-08-04 17:22:14 PDT

This was fixed independently in https://bugs.webkit.org/show_bug.cgi?id=160324. So, duping to 160324 to track when the fix landed. *** This bug has been marked as a duplicate of bug 160324 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 160324

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware PC

OS Linux

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2015-09-17 01:32 PDT

Modified

2016-08-04 17:22 PDT History

CC List

3 users Show

URL

Keywords

Depends on

Blocks

116980

Dependencies

tree graph