Closed
Bug 314887
Opened 19 years ago
Closed 19 years ago
crash if I open this site [@ js_GetGCThingFlags]
Categories
(Core :: JavaScript Engine, defect, P1)
Tracking
()
VERIFIED
FIXED
mozilla1.8rc1
People
(Reporter: nemu.asakura, Assigned: brendan)
References
()
Details
(Keywords: crash, js1.6, verified1.8)
Crash Data
Attachments
(3 files)
81 bytes,
text/javascript
|
Details | |
150 bytes,
text/html
|
Details | |
1.32 KB,
patch
|
mrbkap
:
review+
mtschrep
:
approval1.8rc2+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8) Gecko/20051102 Firefox/1.5 (tete009) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8) Gecko/20051102 Firefox/1.5 (tete009) same as summary. Reproducible: Always
Comment 1•19 years ago
|
||
Happens for me with trunk nightly. TB11394596Y Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051102 Firefox/1.6a1 Stack: js_GetGCThingFlags [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 231] js_GC [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 1801] js_ForceGC [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 1510] nsAppStartup::Run [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 162] main [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 61] kernel32.dll + 0x16d4f (0x7c816d4f)
Assignee: nobody → general
Severity: normal → critical
Status: UNCONFIRMED → NEW
Component: General → JavaScript Engine
Ever confirmed: true
Keywords: crash
Product: Firefox → Core
QA Contact: general → general
Summary: crash if I open this site. → crash if I open this site [@ js_GetGCThingFlags]
Version: unspecified → Trunk
Comment 2•19 years ago
|
||
Assertion failure: JSVAL_IS_GCTHING(lrc->roots[m]), at c:/work/mozilla/builds/ff/trunk/mozilla/js/src/jscntxt.c:660 Stack to assert: js_MarkLocalRoots(JSContext * 0x0411aee8, JSLocalRootStack * 0x040a86b0) line 660 + 55 bytes js_GC(JSContext * 0x0411aee8, unsigned int 0x00000000) line 1801 + 19 bytes js_ForceGC(JSContext * 0x0411aee8, unsigned int 0x00000000) line 1510 + 13 bytes JS_GC(JSContext * 0x0411aee8) line 1830 + 11 bytes nsJSContext::Notify(nsJSContext * const 0x0411ae78, nsITimer * 0x0416da88) line 2161 + 13 bytes nsTimerImpl::Fire() line 398 nsTimerManager::FireNextIdleTimer(nsTimerManager * const 0x012c54c0) line 628 nsAppShell::Run(nsAppShell * const 0x032e6a20) line 142 nsAppStartup::Run(nsAppStartup * const 0x032e6980) line 161 + 26 bytes XRE_main(int 0x00000003, char * * 0x003f6f48, const nsXREAppData * 0x0042101c kAppData) line 2289 + 35 bytes main(int 0x00000003, char * * 0x003f6f48) line 61 + 18 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 7c816d4f() + name 0x00000000 "" + cx 0x0411aee8 - lrs 0x040a86b0 scopeMark 0x00000000 rootCount 0x0000009f + topChunk 0x040a86bc + firstChunk {...} n 0x0000009e m 0x0000009e mark 0x00000000 + lrc 0x040a86bc lrc->roots[m] 0x80000001
Comment 3•19 years ago
|
||
Comment 4•19 years ago
|
||
top.htm crashed as soon as it loaded when it referenced base.js from the local file system, but when loaded from bugzilla, you need to view source after it loads.
Comment 5•19 years ago
|
||
No crash in: 1.9a1_2005102721 Crash in: 1.9a1_2005102813
Comment 6•19 years ago
|
||
(In reply to comment #5) > No crash in: 1.9a1_2005102721 > Crash in: 1.9a1_2005102813 no crash in 1.9a1: 2005102809 Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.9a1) Gecko/20051028 SeaMonkey/1.1a crash in current nightly: TB11409480Y Checkins: http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=SeaMonkeyAll&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2005-10-28+08%3A00&maxdate=2005-10-28+14%3A00&cvsroot=%2Fcvsroot maybe Bug 313952: http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=SeaMonkeyAll&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2005-10-28+11%3A07&maxdate=2005-10-28+11%3A14&cvsroot=%2Fcvsroot
Assignee | ||
Comment 7•19 years ago
|
||
Big dumb inconsistency, obvious fix, safe for 1.8 and must fix -- this will be a topcrash. /be
Attachment #201768 -
Flags: review?(mrbkap)
Attachment #201768 -
Flags: approval1.8rc2?
Assignee | ||
Updated•19 years ago
|
Assignee: general → brendan
Flags: blocking1.8rc2+
Keywords: js1.6
Priority: -- → P1
Target Milestone: --- → mozilla1.8rc1
Updated•19 years ago
|
Attachment #201768 -
Flags: review?(mrbkap) → review+
Assignee | ||
Comment 8•19 years ago
|
||
Fixed on trunk. /be
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Comment 9•19 years ago
|
||
This probably already is a topcrash over in bug 314484. I should have caught this when I did the original review :-/
Assignee | ||
Comment 10•19 years ago
|
||
(In reply to comment #9) > This probably already is a topcrash over in bug 314484. Don't think so -- bug 314484 happens only on branch, and started spiking talkback on 11-oct, IIRC. The checkin that caused this bug hit the trunk on 28-oct. /be
Updated•19 years ago
|
Attachment #201768 -
Flags: approval1.8rc2? → approval1.8rc2+
Comment 12•19 years ago
|
||
Checking in regress-314887.js; /cvsroot/mozilla/js/tests/js1_6/Regress/regress-314887.js,v <-- regress-314887.js initial revision: 1.1 done
Flags: testcase+
Updated•13 years ago
|
Crash Signature: [@ js_GetGCThingFlags]
You need to log in
before you can comment on or make changes to this bug.
Description
•