Closed
Bug 567081
Opened 15 years ago
Closed 14 years ago
"###!!! ASSERTION: No scope has this global object!: 'OKIfNotInitialized'," with XPCNativeWrapper, defineSetter, Proxy.create
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 576714
Tracking | Status | |
---|---|---|
blocking2.0 | --- | beta3+ |
People
(Reporter: gkw, Assigned: mrbkap)
References
Details
(Keywords: assertion, regression, testcase)
Attachments
(1 file)
(deleted),
patch
|
gal
:
review+
|
Details | Diff | Splinter Review |
__defineSetter__("x", XPCNativeWrapper)
x = Proxy.create((function () {
return {}
}), this)
asserts xpcshell on TM tip without -j at "###!!! ASSERTION: No scope has this global object!: 'OKIfNotInitialized',"
Assuming related to harmony:proxies. Tested on 64-bit.
Reporter | ||
Comment 1•15 years ago
|
||
Program received signal SIGSEGV, Segmentation fault.
0x00007f81df2209de in XPCWrappedNativeScope::GetPrincipal (this=0x0) at /home/fuzz1/tracemonkey/js/src/xpconnect/src/xpcprivate.h:1429
1429 mScriptObjectPrincipal->GetPrincipal() : nsnull;}
(gdb) bt
#0 0x00007f81df2209de in XPCWrappedNativeScope::GetPrincipal (this=0x0) at /home/fuzz1/tracemonkey/js/src/xpconnect/src/xpcprivate.h:1429
#1 0x00007f81df283934 in XPCWrappedNativeScope::GetWrapperFor (this=0x2de3e00, cx=0x2de36d0, obj=0x7f81cf3a3b40, hint=XPCWrapper::XPCNW_EXPLICIT, wn=0x7fff09c81ea0)
at /home/fuzz1/tracemonkey/js/src/xpconnect/src/xpcwrappednativescope.cpp:1027
#2 0x00007f81df2865a3 in XPCNativeWrapperCtor (cx=0x2de36d0, obj=0x0, argc=1, argv=0x7f81d2c73140, rval=0x7f81d2c73188) at /home/fuzz1/tracemonkey/js/src/xpconnect/src/XPCNativeWrapper.cpp:1000
#3 0x00007f81dda814ca in js_Invoke (cx=0x2de36d0, args=..., flags=2) at /home/fuzz1/tracemonkey/js/src/jsinterp.cpp:639
#4 0x00007f81dda816f1 in js_InternalInvoke (cx=0x2de36d0, obj=0x7f81cf3a3380, fval=140195504214128, flags=0, argc=1, argv=0x7fff09c82760, rval=0x7fff09c82760) at /home/fuzz1/tracemonkey/js/src/jsinterp.cpp:678
#5 0x00007f81dda8183f in js_InternalGetOrSet (cx=0x2de36d0, obj=0x7f81cf3a3380, id=140195750453284, fval=140195504214128, mode=JSACC_WRITE, argc=1, argv=0x7fff09c82760, rval=0x7fff09c82760)
at /home/fuzz1/tracemonkey/js/src/jsinterp.cpp:714
#6 0x00007f81ddaa677f in JSScopeProperty::set (this=0x2d6eef8, cx=0x2de36d0, obj=0x7f81cf3a3380, vp=0x7fff09c82760) at /home/fuzz1/tracemonkey/js/src/jsscope.h:998
#7 0x00007f81ddaa03a4 in js_NativeSet (cx=0x2de36d0, obj=0x7f81cf3a3380, sprop=0x2d6eef8, added=false, vp=0x7fff09c82760) at /home/fuzz1/tracemonkey/js/src/jsobj.cpp:4733
#8 0x00007f81ddaa1a17 in js_SetPropertyHelper (cx=0x2de36d0, obj=0x7f81cf3a3380, id=140195750453284, defineHow=9, vp=0x7fff09c82760) at /home/fuzz1/tracemonkey/js/src/jsobj.cpp:5140
#9 0x00007f81dda6be9f in js_Interpret (cx=0x2de36d0) at /home/fuzz1/tracemonkey/js/src/jsops.cpp:1825
#10 0x00007f81dda81e9c in js_Execute (cx=0x2de36d0, chain=0x7f81cf3a3380, script=0x2de89d0, down=0x0, flags=0, result=0x7fff09c82b78) at /home/fuzz1/tracemonkey/js/src/jsinterp.cpp:837
#11 0x00007f81dd9efff8 in JS_ExecuteScript (cx=0x2de36d0, obj=0x7f81cf3a3380, script=0x2de89d0, rval=0x7fff09c82b78) at /home/fuzz1/tracemonkey/js/src/jsapi.cpp:4802
#12 0x0000000000405b22 in ProcessFile (cx=0x2de36d0, obj=0x7f81cf3a3380, filename=0x0, file=0x7f81dc9976a0, forceTTY=0) at /home/fuzz1/tracemonkey/js/src/xpconnect/shell/xpcshell.cpp:1043
#13 0x0000000000405d34 in Process (cx=0x2de36d0, obj=0x7f81cf3a3380, filename=0x0, forceTTY=0) at /home/fuzz1/tracemonkey/js/src/xpconnect/shell/xpcshell.cpp:1082
#14 0x0000000000406456 in ProcessArgs (cx=0x2de36d0, obj=0x7f81cf3a3380, argv=0x7fff09c83fc0, argc=0) at /home/fuzz1/tracemonkey/js/src/xpconnect/shell/xpcshell.cpp:1249
#15 0x0000000000407b80 in main (argc=0, argv=0x7fff09c83fc0, envp=0x7fff09c83fc8) at /home/fuzz1/tracemonkey/js/src/xpconnect/shell/xpcshell.cpp:1904
Reporter | ||
Updated•15 years ago
|
blocking2.0: --- → ?
Updated•15 years ago
|
blocking2.0: ? → beta1+
Assignee | ||
Comment 2•15 years ago
|
||
This is cheesy, as gal put it on IRC, but it works: proxies should always have a parent.
Comment 3•15 years ago
|
||
Comment on attachment 450477 [details] [diff] [review]
Proposed fix
>Bug 567081 - Make sure proxies have a non-null parent.
>
>diff --git a/js/src/jsproxy.cpp b/js/src/jsproxy.cpp
>--- a/js/src/jsproxy.cpp
>+++ b/js/src/jsproxy.cpp
>@@ -1066,20 +1066,23 @@ proxy_create(JSContext *cx, uintN argc,
> }
> JSObject *handler;
> if (!(handler = NonNullObject(cx, vp[2])))
> return false;
> JSObject *proto, *parent;
> if (argc > 1 && !JSVAL_IS_PRIMITIVE(vp[3])) {
> proto = JSVAL_TO_OBJECT(vp[3]);
> parent = proto->getParent();
>+ if (!parent)
>+ parent = proto;
This seems bogus, because proto is not a global object in all likelihood. Why not do what you do here:
> } else {
> JS_ASSERT(VALUE_IS_FUNCTION(cx, vp[0]));
> proto = NULL;
> parent = JSVAL_TO_OBJECT(vp[0])->getParent();
>+ JS_ASSERT(parent);
> }
which suggests shorter code:
. if (argc > 1 && !JSVAL_IS_PRIMITIVE(vp[3])) {
. proto = JSVAL_TO_OBJECT(vp[3]);
. parent = proto->getParent();
. } else {
. JS_ASSERT(VALUE_IS_FUNCTION(cx, vp[0]));
. proto = parent = NULL;
. }
. if (!parent) {
. parent = JSVAL_TO_OBJECT(vp[0])->getParent();
. JS_ASSERT(parent);
. }
/be
Assignee | ||
Comment 4•15 years ago
|
||
(In reply to comment #3)
> This seems bogus, because proto is not a global object in all likelihood. Why
> not do what you do here:
vp[3] is user controlled and *can* be a global object, so we need to deal with that case. Your proposal does seem better, though. I'll attach a new patch tomorrow.
Updated•15 years ago
|
Attachment #450477 -
Flags: review?(gal) → review+
Comment 6•14 years ago
|
||
Patch is reviewed, but it's sat across a beta deadline. Moving this to beta3+, but if it makes it in before code freeze (4hrs, midnight tonight, PT) then yay!
blocking2.0: beta2+ → beta3+
Comment 7•14 years ago
|
||
Can we get this checked in please so it doesn't miss another beta deadline? Next code freeze is Monday, Aug 2 for beta3.
Comment 8•14 years ago
|
||
Robert: you on this merge from TM?
Assignee | ||
Updated•14 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•