crash in js_GC() when marking fp->argv

VERIFIED FIXED

Status

()

--
critical
VERIFIED FIXED
17 years ago
17 years ago

People

(Reporter: MobDotCom, Assigned: brendan)

Tracking

({crash})

Trunk
x86
Windows 2000
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

17 years ago
crash on the line: nslots = JS_MAX(fp->argc, fp->fun->nargs);
when fp->fun is NULL.

happens when i'm invoking Java (instanciating a small class and calling a small 
method).
JS_GC() is simultaneously invoked by another thread, and crashes.

ofcourse the first thread called JS_BeginRequest()

Updated

17 years ago
Severity: normal → critical
Keywords: crash

Comment 1

17 years ago
MobDotCom@hotmail.com : could you attach a reduced testcase to this bug
via the "Create a new attachment" link above? Thank you -

Also, please attach a stack trace for the crash - 

cc'ing Brendan in case the problem is already apparent to him.

Comment 2

17 years ago
MobDotCom@hotmail.com : could you attach a reduced testcase? Or is
there a URL we can go to that shows the problem? If not, we're going
to have to close this bug; thanks -
(Assignee)

Comment 3

17 years ago
We need those threads' stacks, at the least.  Also, the Java you're invoking,
and the JS that invokes it.  Please supply such data when reporting bugs!

The GC is assuming that if fp->argv is non-null, fp->fun must be non-null.  That
looks like it may be an invalid assumption for LiveConnect.  Cc'ing beard.

/be
Assignee: rogerl → brendan
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Assignee)

Comment 4

17 years ago
Created attachment 58390 [details] [diff] [review]
proposed fix

Comment 5

17 years ago
Comment on attachment 58390 [details] [diff] [review]
proposed fix

r/sr=jband
Attachment #58390 - Flags: superreview+
(Assignee)

Comment 7

17 years ago
Fixed.

/be
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED

Comment 8

17 years ago
Marking Verified - 
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.