Subj : JS_ASSERT in js_MarkScriptFilename() To : netscape.public.mozilla.jseng From : "Edward Chan" Date : Thu Feb 19 2004 10:36 am Hi there, I've just moved to rc6, but I'm experiencing problems I didn't experience with rc5. I'm getting a JS_ASSERT in js_MarkScriptFilename(). Here's the stack: js_MarkScriptFilename(const char *filename) js_MarkScript(JSContext *cx, JSScript *script, void *arg) fun_mark(JSContext *cx, JSObject *obj, void *arg) js_Mark(JSContext *cx, JSObject *obj, void *arg) js_MarkGCThing(JSContext *cx, void *thing, void *arg) js_MarkGCThing(JSContext *cx, void *thing, void *arg) js_MarkGCThing(JSContext *cx, void *thing, void *arg) js_MarkGCThing(JSContext *cx, void *thing, void *arg) js_MarkGCThing(JSContext *cx, void *thing, void *arg) gc_root_marker(JSDHashTable *table, JSDHashEntryHdr *hdr, uint32 num, void *arg) JS_DHashTableEnumerate(JSDHashTable *table, JSDHashEnumerator etor, void *arg) js_GC(JSContext *cx, uintN gcflags) js_ForceGC(JSContext *cx, uintN gcflags) JS_GC(JSContext *cx) It fails on JS_ASSERT(sfe->key == sfe->filename); From what I can tell, sfe is garbage. sfe = (ScriptFilenameEntry *) (filename - offsetof(ScriptFilenameEntry, filename)); Looking at filename, which is passed in, it is also garbage; points to freed memory. Going back up the call stack, js_MarkScriptFilename(script->filename); script->filename is pointing to freed memory, but the script object itself still looks valid. Any ideas? .