Closed
Bug 305883
Opened 20 years ago
Closed 20 years ago
E4X: Spidermonkey shell crashes on empty XMLList intializer
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: bc, Assigned: mrbkap)
Details
(Keywords: crash, regression, verified1.8)
Attachments
(1 file)
|
2.01 KB,
patch
|
brendan
:
review+
brendan
:
approval1.8b4+
|
Details | Diff | Splinter Review |
Stack Signature js_EmitTree() 4033d327
I've forked this bug from bug 290499 since the platform is different. Let me
know if that is ok, or if I should reopen such bugs.
The probably occurs on the trunk, but I haven't set up parallel branch and trunk
tests yet.
Email Address mozqa@mozilla.com
Product ID Firefox15
Build ID 2005082405
Trigger Time 2005-08-25 01:32:44.0
Platform LinuxIntel
Operating System Linux 2.6.9-11.ELsmp
Module libmozjs.so + (0002ef0b)
URL visited e4x/Regress/regress-290499.js
User Comments
Since Last Crash 0 sec
Total Uptime 1 sec
Trigger Reason SIGSEGV: Segmentation Fault: (signal 11)
Source File, Line No.
/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsemit.c,
line 4712
Stack Trace
js_EmitTree()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsemit.c,
line 4712]
js_EmitTree()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsemit.c,
line 3797]
Statements()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsparse.c,
line 2107]
js_CompileTokenStream()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsparse.c,
line 469]
CompileTokenStream()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsapi.c,
line 3345]
JS_CompileUCScriptForPrincipals()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsapi.c,
line 3428]
JS_EvaluateUCScriptForPrincipals()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsapi.c,
line 3859]
nsJSContext::EvaluateString()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp,
line 146]
nsScriptLoader::EvaluateScript()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/content/base/src/nsScriptLoader.cpp,
line 704]
nsScriptLoader::ProcessRequest()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/content/base/src/nsScriptLoader.cpp,
line 659]
nsScriptLoader::OnStreamComplete()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/content/base/src/nsScriptLoader.cpp,
line 1020]
nsStreamLoader::OnStopRequest()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/netwerk/base/src/nsStreamLoader.cpp,
line 712]
nsStreamListenerTee::OnStopRequest()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/netwerk/base/src/nsStreamListenerTee.cpp,
line 66]
nsHttpChannel::OnStopRequest()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp,
line 1149]
nsInputStreamPump::OnStateStop()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/netwerk/base/src/nsInputStreamPump.cpp,
line 1149]
nsInputStreamPump::OnInputStreamReady()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/netwerk/base/src/nsInputStreamPump.cpp,
line 343]
nsInputStreamReadyEvent::EventHandler()
PL_HandleEvent()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/xpcom/threads/plevent.c,
line 689]
PL_ProcessPendingEvents()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/xpcom/threads/plevent.c,
line 623]
nsEventQueueImpl::ProcessPendingEvents()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/xpcom/threads/nsEventQueue.cpp,
line 423]
event_processor_callback()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/widget/src/gtk2/nsAppShell.cpp,
line 67]
libglib-2.0.so.0 + 0x47907 (0x0066f907)
libglib-2.0.so.0 + 0x2374b (0x0064b74b)
libglib-2.0.so.0 + 0x251d2 (0x0064d1d2)
libglib-2.0.so.0 + 0x2547f (0x0064d47f)
libgtk-x11-2.0.so.0 + 0x10a6a7 (0x040df6a7)
nsAppShell::Run()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/widget/src/gtk2/nsAppShell.cpp,
line 141]
nsAppStartup::Run()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp,
line 146]
XRE_main()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/toolkit/xre/nsAppRunner.cpp,
line 2324]
main()
[/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/browser/app/nsBrowserApp.cpp,
line 62]
libc.so.6 + 0x14e23 (0x00b13e23)
|
Assignee | |
Comment 1•20 years ago
|
||
I'm not sure that the actual crash fix (jsemit.c) is the cleanest way to fix
this bug. We do need to emit JSOP_STARTXML, though.
|
|
Assignee | |
Comment 2•20 years ago
|
||
I'd hate to ship with this regerssion.
Flags: blocking1.8b4?
Keywords: regression
|
||
Comment 3•20 years ago
|
||
Comment on attachment 193902 [details] [diff] [review]
fix the decompiler, too
r+a=me, I'll plus the bug too, this is a straight fix for a recent regression.
/be
Attachment #193902 -
Flags: review?(brendan)
Attachment #193902 -
Flags: review+
Attachment #193902 -
Flags: approval1.8b4+
|
||
Updated•20 years ago
|
Flags: blocking1.8b4? → blocking1.8b4+
|
|
Assignee | |
Comment 4•20 years ago
|
||
Checked in on MOZILLA_1_8_BRANCH and trunk.
|
|
||
Comment 5•20 years ago
|
||
Bob, can you verify through the test automation that this crash is gone after
the checkin? If so, please resolve this verified and add the verified1.8
keyword. Thanks.
|
Reporter | |
Comment 6•20 years ago
|
||
no longer crashes with MozillaOrgFirefox15LinuxIntel2005090105
Status: RESOLVED → VERIFIED
Keywords: fixed1.8 → verified1.8
|
|
Reporter | |
Updated•20 years ago
|
Flags: testcase+
You need to log in
before you can comment on or make changes to this bug.
Description
•