Closed
Bug 138326
Opened 22 years ago
Closed 22 years ago
RegExp crash when loading web pages on this site
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 122076
People
(Reporter: chris, Assigned: rogerl)
References
()
Details
(Keywords: crash, Whiteboard: [NOTE: also try reduced testcase below])
Attachments
(2 files)
When using Mozilla 1.0 RC1 on Windows XP, I have crashed several times when accessing this web site's main page. Sometimes, I don't crash until I am several pages deep into the site. Then Mozilla crashes. I can't figure out how to tell what exactly is causing the crashing.
|
||
Comment 1•22 years ago
|
||
Do you have a talkback ID from that crash ? (run mozilla/components/talkbac.exe to get the ID)
Severity: major → critical
Keywords: crash
|
Reporter | |
Comment 2•22 years ago
|
||
I have 3 talkback ID's: TB5360475X TB5360192Y TB5326432G
|
||
Comment 3•22 years ago
|
||
tack Signature ParseAtom 3ee9a8f7 Trigger Time 2002-04-18 17:02:31 Email Address URL visited Build ID 2002041717 Product ID Mozilla1.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module js3250.dll Trigger Reason Access violation User Comments Stack Trace ParseAtom [d:\builds\seamonkey\mozilla\js\src\jsregexp.c, line 916] ParseQuantAtom [d:\builds\seamonkey\mozilla\js\src\jsregexp.c, line 656] ParseItem [d:\builds\seamonkey\mozilla\js\src\jsregexp.c, line 633] ParseAltern [d:\builds\seamonkey\mozilla\js\src\jsregexp.c, line 542] ParseRegExp [d:\builds\seamonkey\mozilla\js\src\jsregexp.c, line 495] ParseAtom [d:\builds\seamonkey\mozilla\js\src\jsregexp.c, line 860] ParseQuantAtom [d:\builds\seamonkey\mozilla\js\src\jsregexp.c, line 656] ParseItem [d:\builds\seamonkey\mozilla\js\src\jsregexp.c, line 633] ParseAltern [d:\builds\seamonkey\mozilla\js\src\jsregexp.c, line 549] ParseRegExp [d:\builds\seamonkey\mozilla\js\src\jsregexp.c, line 495] js_NewRegExp [d:\builds\seamonkey\mozilla\js\src\jsregexp.c, line 1213] js_NewRegExpObject [d:\builds\seamonkey\mozilla\js\src\jsregexp.c, line 2963] js_GetToken [d:\builds\seamonkey\mozilla\js\src\jsscan.c, line 1156] js_MatchToken [d:\builds\seamonkey\mozilla\js\src\jsscan.c, line 1282] ArgumentList [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2528] MemberExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2637] UnaryExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2498] MulExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2362] AddExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2344] ShiftExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2327] RelExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2307] EqExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2270] BitAndExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2258] BitXorExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2245] BitOrExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2232] AndExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2221] OrExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2210] CondExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2170] AssignExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2116] Expr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2090] PrimaryExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2899] MemberExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2580] UnaryExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2498] MulExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2362] AddExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2344] ShiftExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2327] RelExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2307] EqExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2270] BitAndExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2258] BitXorExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2245] BitOrExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2232] AndExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2221] OrExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2210] CondExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2170] AssignExpr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2116] Expr [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 2090] Statement [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 1737] Statements [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 887] FunctionBody [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 558] FunctionDef [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 722] FunctionStmt [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 857] Statement [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 1172] Statements [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 887] js_CompileTokenStream [d:\builds\seamonkey\mozilla\js\src\jsparse.c, line 393] CompileTokenStream [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2836] JS_CompileUCScriptForPrincipals [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2916] JS_EvaluateUCScriptForPrincipals [d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 3361] nsJSContext::EvaluateString [d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 677] nsScriptLoader::EvaluateScript [d:\builds\seamonkey\mozilla\content\base\src\nsScriptLoader.cpp, line 571] nsScriptLoader::ProcessRequest [d:\builds\seamonkey\mozilla\content\base\src\nsScriptLoader.cpp, line 479] nsScriptLoader::OnStreamComplete [d:\builds\seamonkey\mozilla\content\base\src\nsScriptLoader.cpp, line 768] nsStreamLoader::OnStopRequest [d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamLoader.cpp, line 163] nsHttpChannel::OnStopRequest [d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHttpChannel.cpp, line 2829] nsOnStopRequestEvent::HandleEvent [d:\builds\seamonkey\mozilla\netwerk\base\src\nsRequestObserverProxy.cpp, line 213]
|
|
||
Comment 4•22 years ago
|
||
-> JS Engine (or DOM0 ?, every 20. bug that i reassgin to JS Engine is not DOM0)
Assignee: Matti → rogerl
Status: UNCONFIRMED → NEW
Component: Browser-General → JavaScript Engine
Ever confirmed: true
QA Contact: imajes-qa → pschwartau
Also seen on Linux branch 2002041617 RC1, talkback ID TB5395715Q. Plese mark OS->all.
|
|
||
Updated•22 years ago
|
OS: Windows XP → All
|
||
Comment 6•22 years ago
|
||
I have reproduced this at the site as follows: STEPS TO REPRODUCE AT GIVEN SITE (UNRELIABLY) 1. Load http://www.csfbl.com/index.asp 2. Click on the link "CSFBL News" 3. Delete "your email address" from the textbox at upper left 4. Click on the "Sign Up" button As reported, the crash is intermittent; it doesn't always happen. In fact, now I can't get it to happen! But I did get a stack trace, which I will attach below. This is a JS Engine bug. It's crashing in the RegExp code -
|
|
||
Comment 7•22 years ago
|
||
|
|
||
Comment 8•22 years ago
|
||
When I got the stack trace, the VC++ debugger showed we were in this function from view-source:http://www.csfbl.com/include/scripts.js : function checkURL () { return (this.value.search( /^(((https?)|(ftp)):\/\/([\-\w]+\.)+\w{2,4(\/[%\-\w]+(\.\w{2,})?)* (([\w\-\.\?\\/\*\$+@?`~=%!]*)(\.\w{2,})?)*\/?)$/ ) != -1); } This is virtually the same as the function causing the crash in bug 122076. In particular, it contains the same critical sequence in the regexp: / etc. etc. [\w\-\.\?\\/ etc. etc. / Thus I am marking this as a duplicate of bug 122076, and will make a note there to verify the site in this bug once it is fixed. Chris, you will also be automatically cc'ed on the other bug so you can follow its progress. I will cc Matti on that, too - *** This bug has been marked as a duplicate of 122076 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
|
|
||
Comment 9•22 years ago
|
||
I am marking this Verified for now; with my note in the other bug, we will reopen this if the fix for bug 122076 doesn't fix this one -
Status: RESOLVED → VERIFIED
|
|
||
Comment 10•22 years ago
|
||
|
|
||
Comment 11•22 years ago
|
||
NOTE: I crash on the reduced testcase, but again, it's intermittent.
Using Mozilla trunk binary 20020415xx on WinNT.
I have to load/reload the testcase over and over until I eventually
crash. It may be as few as one time, or as many as 20+ times...
The testcase works fine in IE6. It won't work in NN4.7, because
NN4.7 gives this error in the JavaScript Console:
JavaScript Error: unterminated character class [
Summary: Random crashes when loading web pages on this site → RegExp crash when loading web pages on this site
Whiteboard: [NOTE: also try reduced testcase below]
You need to log in
before you can comment on or make changes to this bug.
Description
•