<a class="header-button" href="https://bugzilla.mozilla.org/home" title="Go to home page"> Bugzilla

Comment 10

•

21 years ago

Attached file Talback crash incident1 (obsolete) — Details

This thing is crashing again for me. Somehow I can't get the talkback incident to send it to Mozilla, so I put it here as attachment.

Comment 11

•

21 years ago

I think they have changed a little since the 2002. The original url is being redirected. This is the official url: http://xopus.com/demo/index.html Click on Simple Document Demo. I've investigated that demo a bit. I've squeezed the immense amount of javascript down to this testcase I will attach. This crashes, but when you remove the media folder you get an alert box with the text: The file c:\\...\...wrongbrowser.html could not be found, etc... So I guess the crash happens, at the moment you are being redirected. R.Pronk@ewi.tudelft.nl has a debug build and gets this callstack for it: crasht in jsinterp.c on 1933: OBJ_ENUMERATE(cx, obj, JSENUMERATE_NEXT, &iter_state, &rval); Ik weet niks van de JS module maar obj == 0x0000000 en dat zal vast niet goed zijn. Ik krijg deze callstack: js_Interpret(JSContext * 0x03077eb0, long * 0x0012ef6c) line 1933 + 30 bytes js_Execute(JSContext * 0x03077eb0, JSObject * 0x03011828, JSScript * 0x042eb888, JSStackFrame * 0x00000000, unsigned int 0, long * 0x0012ef6c) line 1155 + 13 bytes JS_EvaluateUCScriptForPrincipals(JSContext * 0x03077eb0, JSObject * 0x03011828, JSPrincipals * 0x02f85ea4, const unsigned short * 0x03bb0040, unsigned int 419541, const char * 0x0328af00, unsigned int 79, long * 0x0012ef6c) line 3543 + 25 bytes nsJSContext::EvaluateString(const nsAString & {...}, void * 0x03011828, nsIPrincipal * 0x02f85ea0, const char * 0x0328af00, unsigned int 79, const char * 0x00cb4430, nsAString & {...}, int * 0x0012efa8) line 916 + 85 bytes nsScriptLoader::EvaluateScript(nsScriptLoadRequest * 0x0328ae40, const nsAFlatString & {...}) line 658 nsScriptLoader::ProcessRequest(nsScriptLoadRequest * 0x0328ae40) line 574 + 22 bytes nsScriptLoader::ProcessScriptElement(nsScriptLoader * const 0x02f85d08, nsIDOMHTMLScriptElement * 0x03282d10, nsIScriptLoaderObserver * 0x03282d14) line 520 + 20 bytes nsHTMLScriptElement::MaybeProcessScript() line 646 + 118 bytes nsHTMLScriptElement::SetDocument(nsIDocument * 0x02f83f88, int 0, int 1) line 471 nsGenericElement::AppendChildTo(nsIContent * 0x03282cf0, int 0, int 0) line 2583 HTMLContentSink::ProcessSCRIPTTag(const nsIParserNode & {...}) line 4353 HTMLContentSink::AddLeaf(HTMLContentSink * const 0x02f85b60, const nsIParserNode & {...}) line 3210 + 15 bytes CNavDTD::AddLeaf(const nsIParserNode * 0x0328aaa8) line 3787 + 25 bytes CNavDTD::HandleScriptToken(const nsIParserNode * 0x0328aaa8) line 2325 + 12 bytes CNavDTD::OpenContainer(const nsCParserNode * 0x0328aaa8, nsHTMLTag eHTMLTag_script, int 1, nsEntryStack * 0x00000000) line 3439 + 12 bytes CNavDTD::HandleDefaultStartToken(CToken * 0x0313b770, nsHTMLTag eHTMLTag_script, nsCParserNode * 0x0328aaa8) line 1457 + 20 bytes CNavDTD::HandleStartToken(CToken * 0x0313b770) line 1835 + 20 bytes CNavDTD::HandleToken(CNavDTD * const 0x0312fab8, CToken * 0x00000000, nsIParser * 0x02f85870) line 1019 + 12 bytes CNavDTD::BuildModel(CNavDTD * const 0x0312fab8, nsIParser * 0x02f85870, nsITokenizer * 0x031301a0, nsITokenObserver * 0x00000000, nsIContentSink * 0x02f85b60) line 511 + 20 bytes nsParser::BuildModel(nsParser * const 0x02f85870) line 1894 + 34 bytes nsParser::ResumeParse(int 1, int 0, int 1) line 1761 + 12 bytes nsParser::OnDataAvailable(nsParser * const 0x02f85874, nsIRequest * 0x03021e10, nsISupports * 0x00000000, nsIInputStream * 0x03114760, unsigned int 415524, unsigned int 7862) line 2426 + 21 bytes nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x030160a0, nsIRequest * 0x03021e10, nsISupports * 0x00000000, nsIInputStream * 0x03114760, unsigned int 415524, unsigned int 7862) line 335 + 46 bytes nsStreamListenerTee::OnDataAvailable(nsStreamListenerTee * const 0x030b9918, nsIRequest * 0x03021e10, nsISupports * 0x00000000, nsIInputStream * 0x0304f29c, unsigned int 415524, unsigned int 7862) line 97 + 51 bytes nsHttpChannel::OnDataAvailable(nsHttpChannel * const 0x03021e18, nsIRequest * 0x030486f8, nsISupports * 0x00000000, nsIInputStream * 0x0304f29c, unsigned int 415524, unsigned int 7862) line 3455 + 63 bytes nsInputStreamPump::OnStateTransfer() line 433 + 65 bytes nsInputStreamPump::OnInputStreamReady(nsInputStreamPump * const 0x030486fc, nsIAsyncInputStream * 0x0304f29c) line 336 + 11 bytes nsInputStreamReadyEvent::EventHandler(PLEvent * 0x030b5f3c) line 119 PL_HandleEvent(PLEvent * 0x030b5f3c) line 671 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00a06ed0) line 606 + 9 bytes _md_EventReceiverProc(HWND__ * 0x0004017a, unsigned int 49360, unsigned int 0, long 10514128) line 1412 + 9 bytes USER32! 77d43a50() USER32! 77d43b1f() USER32! 77d43d79() USER32! 77d43ddf() nsAppShellService::Run(nsAppShellService * const 0x00a4e2c8) line 484 main1(int 1, char * * 0x002e2638, nsISupports * 0x009aeed8) line 1291 + 32 bytes main(int 1, char * * 0x002e2638) line 1678 + 37 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77e814c7()

Heikki Toivonen (remove -bugzilla when emailing directly)

Comment 12

•

21 years ago

Attached file Simpler testcase crasher (obsolete) — Details

Comment 13

•

21 years ago

Reopening per comments.

Status: RESOLVED → REOPENED

Resolution: WORKSFORME → ---

Assignee

Comment 14

•

21 years ago

*** Bug 237967 has been marked as a duplicate of this bug. ***

Assignee

Comment 15

•

21 years ago

Need a reduced testcase, please -- or at least one where the whole roughly hundred-thousand-character script is not on one line. /be

Assignee: harishd → brendan

Status: REOPENED → NEW

Component: XML → JavaScript Engine

Comment 16

•

21 years ago

Attached file very much simpeler testcase — Details

Managed to reduce most of the code. I don't know if this is the initial cause of the crash, but at least this one is crashing too.

Attachment #144305 - Attachment is obsolete: true

Attachment #144306 - Attachment is obsolete: true

Assignee

Comment 17

•

21 years ago

Regressed a long time ago: revision 3.6.4.11 date: 1999/01/28 00:03:51; author: rogerl%netscape.com; state: Exp; lines: +31 -8 Bug #331783 - separate initialization from increment for 'for in' loop with index expression in order to prevent side-effects from occuring when the for loop stops (as in 'for (p[i++] in obj)...') Bug is obvious, patch next. /be

Status: NEW → ASSIGNED

Flags: blocking1.7+

Keywords: js1.5

Priority: -- → P1

Target Milestone: --- → mozilla1.7final

Assignee

Comment 18

•

21 years ago

Attached patch proposed fix — Details — Splinter Review

Mike Shaver (:shaver emeritus)

Assignee

Comment 19

•

21 years ago

Comment on attachment 144534 [details] [diff] [review] proposed fix Nice safe (if long overdue!) crash bug fix for 1.7. /be

Attachment #144534 - Flags: review?(shaver)

Attachment #144534 - Flags: approval1.7?

Updated

•

21 years ago

Attachment #144534 - Flags: review?(shaver) → review+

chris hofmann

Comment 20

•

21 years ago

Comment on attachment 144534 [details] [diff] [review] proposed fix a=chofmann for 1.7

Attachment #144534 - Flags: approval1.7? → approval1.7+

Assignee

Comment 21

•

21 years ago

Fixed. Could have used this in 1.4.2 (the bug is ancient), but it sounds like it's too late. Cc'ing leaf just in case. /be

Status: ASSIGNED → RESOLVED

Closed: 22 years ago → 21 years ago

Resolution: --- → FIXED

Adam Hauner

Comment 22

•

21 years ago

*** Bug 240582 has been marked as a duplicate of this bug. ***

Comment 23

•

20 years ago

Attached file js1_5/Regress/regress-174709.js (obsolete) — Details

Martijn, with your permission this will be included in the javascript test library.

Comment 24

•

20 years ago

(In reply to comment #23) > Martijn, with your permission this will be included in the javascript test > library. Sure, no problem.

Lon Boonen

Comment 25

•

20 years ago

(In reply to comment #24) > (In reply to comment #23) > > Martijn, with your permission this will be included in the javascript test > > library. > Sure, no problem. Dear Mozilla developers, I would like to point out that you have taken code owned by Q42 (http://www.q42.nl), removed the copyright notice, changed the code and added the MPL 1.1 license to it. We, Q42, have never allowed anyone to remove our copyrights nor alter the code or parts of it, nor re-license the code nor parts of it. We, of course, are very sympathetic towards the Mozilla project and would like to help them any way we can. But we would like the Mozilla foundation and its developers to respect our copyrights as well. Friendly, yet worried, greetings, Lon Boonen, Q42

Comment 26

•

20 years ago

Oops! Sorry Lon. I've made the reduced testcase indeed from xopus, so I'm not the owner of that code, so I can't give permission.

Comment 27

•

20 years ago

Comment on attachment 174985 [details] js1_5/Regress/regress-174709.js Lon, it was never our intension to take your code which is why I have gone through this process of vetting the testcases. I will remove the code from the testcase immediately.

Attachment #174985 - Attachment is obsolete: true

Comment 28

•

20 years ago

Attached file js1_5/Regress/regress-174709.js — Details

testcase with code removed until replacement code can be created.

Lon Boonen

Comment 29

•

20 years ago

We have no objection to Mozilla using this code for fixing bugs and testing. We just thought it was kind of inappropriate to remove copyrights and to attach the MPL to it. I hereby give Mozilla the right to use the piece of code extracted by Martijn for whatever purpose it (Mozilla) seems fit. You can re-license it also if that's necessary. The important thing is that this bug is fixed... We have another one that we would like fixed, but I guess I have to mention that somewhere else. Greetings and thanks, Lon

Comment 30

•

20 years ago

js1_5/Regress/regress-174709.js checked in.

Updated

•

20 years ago

Flags: testcase+