Status: Accepted
Owner: [email protected]
Labels: Type-Bug Priority-Medium
New issue 2717 by [email protected]: The language fuzzer found a
crasher in object literals.
http://code.google.com/p/v8/issues/detail?id=2717
The V8 language fuzzer buildbot found a crasher in an object literal. The
following is a link to the crashing run as well as a reduced repro of the
crasher. I will investigate.
http://build.chromium.org/p/client.v8/builders/V8%20Fuzzer/builds/994
(function() {
return {x: 3.141592653589793, x: x };
})();
#
# Fatal error in ../src/objects-inl.h, line 877
# CHECK(IsNumber()) failed
#
==== C stack trace ===============================
1: V8_Fatal
2: v8::internal::Object::Number()
3:
v8::internal::JSObject::SetLocalPropertyIgnoreAttributes(v8::internal::Name*,
v8::internal::Object*, PropertyAttributes, v8::internal::Object::ValueType)
4:
v8::internal::JSObject::SetLocalPropertyIgnoreAttributes(v8::internal::Handle<v8::internal::JSObject>,
v8::internal::Handle<v8::internal::Name>,
v8::internal::Handle<v8::internal::Object>, PropertyAttributes,
v8::internal::Object::ValueType)
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
