Closed Bug 400180 Opened 17 years ago Closed 15 years ago

jsdIStackFrame.eval("window", "", 1, result); crashes on [@ BindNameToSlot]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
1.8 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: johnjbarton, Unassigned)

Details

(Keywords: crash, Whiteboard: [firebug-p5])

Crash Data

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a8) Gecko/2007091216 GranParadiso/3.0a8
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a8) Gecko/2007091216 GranParadiso/3.0a8

talkback 37059874
The line
frame.eval("window", "", 1, result);
in Firebug crashes 2.0.0.7 when the frame is
374@file:/C:/Program%20Files/Mozilla%20Firefox/components/nsBookmarkTransactionManager.js
or sometimes
2342@file:/C:/Program%20Files/Mozilla%20Firefox/components/nsMicrosummaryService.js
I've checked and frame.isValid is true.

The crash is timing dependent.  At least one case the MicrosummaryService eval ran without crashing and the bookmark one crashed.

I'll figure out how to get around this problem.

Reproducible: Sometimes

Steps to Reproduce:
1.
2.
3.
Actual Results:  
BindNameToSlot  [mozilla/js/src/jsemit.c, line 1956]
js_EmitTree  [mozilla/js/src/jsemit.c, line 6192]
js_EmitTree  [mozilla/js/src/jsemit.c, line 5203]
Statements  [mozilla/js/src/jsparse.c, line 1499]
js_CompileTokenStream  [mozilla/js/src/jsparse.c, line 501]
CompileTokenStream  [mozilla/js/src/jsapi.c, line 3774]
JS_CompileUCScriptForPrincipals  [mozilla/js/src/jsapi.c, line 3869]
JS_EvaluateUCInStackFrame  [mozilla/js/src/jsdbgapi.c, line 1023]
jsd_EvaluateUCScriptInStackFrame  [mozilla/js/jsd/jsd_stak.c, line 457]
JSD_AttemptUCScriptInStackFrame  [mozilla/js/jsd/jsdebug.c, line 795]
jsdStackFrame::Eval  [mozilla/js/jsd/jsd_xpc.cpp, line 1920]
I have only seen this crash with nsMicrosummaryService and nsSearch....js and only when the stack has a single frame. I guess these two files are being compiled in some context that does not expect "window" or eval() or some such. In Firebug I don't need these cases, so I just skip the frame.eval() when there only one frame.
Assignee: nobody → general
Severity: minor → critical
Component: General → JavaScript Engine
Keywords: crash
Product: Firefox → Core
QA Contact: general → general
Summary: jsdIStackFrame.eval("window", "", 1, result); crashes on BindNameToSlot → jsdIStackFrame.eval("window", "", 1, result); crashes on [@ BindNameToSlot]
Version: unspecified → 1.8 Branch
Whiteboard: [firebug-p2]
Not sure how to test this to see if it's a problem on trunk, but sounds like (1) there's a workaround in Firebug and (2) users shouldn't encounter nsMicrosummaryService.js / nsBookmarkTransactionManager.js in stacks in normal usage anyway. [Maybe a future issue for Chromebug?]
Whiteboard: [firebug-p2] → [firebug-p5]
John: Are you still seeing this crash in 3.5?
No, I don't use this kind of code any more, let's let it die.
Thank you.  I am resolving and verifying as Worksforme from John's last comment.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → VERIFIED
Crash Signature: [@ BindNameToSlot]
You need to log in before you can comment on or make changes to this bug.