Closed Bug 925526 Opened 11 years ago Closed 10 years ago

YARR Crash [@ JSC::Yarr::YarrPatternConstructor::containsCapturingTerms(JSC::Yarr::PatternAlternative*, unsigned int, unsigned int) ]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
25 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 916511

People

(Reporter: corrodias.g, Unassigned)

Details

Firefox has been crashing in the regex compiler under a complex yet vague set of circumstances. This is what i know:

It only happens when i have FoxyProxy using a pair of regex patterns to determine whether to send requests to my proxy.

It stopped happening (within a short timeframe) when i disabled a few addons, such as either AdBlock or the Privad component in Google Docs Viewer. However, it isn't a 100% cure because i have seen it happen even with Privad disabled.

Unfortunately, i have been unable to come up with a reliable way of reproducing the issue. I've spent all day at it. All i can say is that it starts happening after loading all my addons, importing all their settings or otherwise configuring them, enabling some regex patterns in the FoxyProxy extension, opening a web page (such as a video on escapistmagazine.com), waiting for a while (sometimes a few minutes, sometimes 20 minutes or more), and getting unlucky.

Firefox version: 25.0 (latest beta, don't know where to find a build number)
FoxyProxy: 4.2.2
OS: Windows XP, 32-bit

These are the regex patterns (not case sensitive):
^.*://(?:.*\.|)(?:steampowered|steamcommunity)\.com/.*$
^.*://(?:.*\.|)amazon\.(?:com|net)/.*$

Here are the crash reports:
https://crash-stats.mozilla.com/report/index/85af9a19-e601-4412-8198-9b5ea2130930
https://crash-stats.mozilla.com/report/index/60fd74c1-a191-4276-a362-d67462130930
https://crash-stats.mozilla.com/report/index/9a1138c7-8d63-44fd-acc9-1f4192130930
https://crash-stats.mozilla.com/report/index/5cf06eaa-04ec-4b22-ad79-8437f2130930
https://crash-stats.mozilla.com/report/index/511d1b4c-5a08-4731-98c1-c65fb2131003
This was surprisingly easy to reproduce:
---
js> r = RegExp("^.*://(?:.*\.|)amazon\.(?:com|net)/.*$")
/^.*:\/\/(?:.*.|)amazon.(?:com|net)\/.*$/
js> r.test("amazon.com")                                 
Assertion failure: i < mLength, at dist/include/mozilla/Vector.h:367
---
Looks like bug 916511?
I'm not familiar with Firefox development, so i don't know whether this is relevant:

In my browser, executing that in the JS console accessed through ctrl+shift+K doesn't cause an assertion failure; it just returns false. That was true both before and after beta 7 was pushed.
I remembered this bug recently. 28 doesn't crash. That other bug was fixed in 27, so it looks like they were related indeed.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.