Closed Bug 14788 Opened 26 years ago Closed 26 years ago

Crash in JavaScript when loading Test 13.

Categories

(Core :: JavaScript Engine, defect, P3)

Product:
Core
Component:
JavaScript Engine
Platform:
Other
Other
Type:
defect

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: kinmoz, Assigned: mike+mozilla)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: waiting for more info from reporter)

To reproduce crash in viewer: 1. Run Viewer 2. Select File-> Samples-> demo #13 from the menus. To reproduce crash in apprunner: 1. Run the apprunner browser. 2. Select Debug-> Viewer Demos-> #13 DHTML from the menus. Here's the stack trace of the crash: js_SuspendThread(JSThinLock * 0x01297c84) line 504 + 3 bytes js_Enqueue(JSThinLock * 0x01297c84, long 19538288) line 548 + 9 bytes js_Lock(JSThinLock * 0x01297c84, long 19538288) line 581 + 13 bytes js_LockScope1(JSContext * 0x03aee770, JSScope * 0x01297c60, long 19538288) line 634 + 13 bytes js_LockObj(JSContext * 0x03aee770, JSObject * 0x03b0cf50) line 702 + 17 bytes js_GetSlotWhileLocked(JSContext * 0x03aee770, JSObject * 0x03b0cf50, unsigned long 1) line 259 + 13 bytes js_Invoke(JSContext * 0x03aee770, unsigned int 1, unsigned int 2) line 444 + 128 bytes js_InternalCall(JSContext * 0x03aee770, JSObject * 0x03687ab8, long 61919056, unsigned int 1, long * 0x03b73ed0, long * 0x0012fbd0) line 748 + 15 bytes JS_CallFunction(JSContext * 0x03aee770, JSObject * 0x03687ab8, JSFunction * 0x035f4568, unsigned int 1, long * 0x03b73ed0, long * 0x0012fbd0) line 2634 + 32 bytes nsJSContext::CallFunction(nsJSContext * const 0x03aee720, void * 0x03687ab8, void * 0x035f4568, unsigned int 1, void * 0x03b73ed0, int * 0x0012fc14) line 231 + 39 bytes GlobalWindowImpl::RunTimeout(nsTimeoutImpl * 0x03b73e60) line 1713 + 68 bytes nsGlobalWindow_RunTimeout(nsITimer * 0x03b73f40, void * 0x03b73e60) line 1617 + 15 bytes TimerImpl::Fire(unsigned long 1814420625) line 308 + 17 bytes TimerImpl::ProcessTimeouts(unsigned long 1814420625) line 187 FireTimeout(HWND__ * 0x00000000, unsigned int 275, unsigned int 4756, unsigned long 1814420625) line 101 + 9 bytes USER32! 77e7128c() nsAppShellService::Run(nsAppShellService * const 0x014015b0) line 462 main1(int 1, char * * 0x012a4120) line 591 + 12 bytes main(int 1, char * * 0x012a4120) line 702 + 13 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77f1b304()
roger (or brendan) -- can you take a look at this since mccabe is out?
Whiteboard: waiting for more info from reporter
kin, what platform are you on, and what build are you using? i clobbered and built last night, and i'm not crashing on that page. i'm on winnt.
Sorry 'bout the missing info. I was running my debug build from 8am yesterday morning on Windows NT. I just tried my build from this morning, and it seems to be fixed.
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → WORKSFORME
glad to hear it!
I ran this yesterday on a build that was a couple days old and it was crashing as shown. It looked like the funcobj was semi-bogus. The scope had some bogus looking ops and the lock had a 'fat' pointer of 0x0a (which is the immediate cause of the crash. This is all in the context of a timer firing. If it is really fixed then great. If it is just hiding then bad. - scope 0x00d81028 - map {...} nrefs 0x02b6bdb0 - ops 0x02b6e440 newObjectMap 0x00d812f8 destroyObjectMap 0x00e24608 lookupProperty 0x0049d109 defineProperty 0x02b6e271 getProperty 0x00d811c8 setProperty 0x80000001 getAttributes 0x80000001 setAttributes 0x80000001 deleteProperty 0x80000001 defaultValue 0x80000001 enumerate 0x00d812b8 checkAccess 0x00d812c8 thisObject 0x00d812d8 dropProperty 0x00d812e8 call 0xcdcdcdcd construct 0xcdcdcdcd xdrObject 0xcdcdcdcd hasInstance 0xcdcdcdcd + spare 0x02b6e488 nslots 0x00000002 freeslot 0x00edd780 - object 0x00edd590 - map 0x00000001 nrefs CXX0030: Error: expression cannot be evaluated ops CXX0030: Error: expression cannot be evaluated nslots CXX0030: Error: expression cannot be evaluated freeslot CXX0030: Error: expression cannot be evaluated + slots 0x004a1d80 _js_ObjectOps - props 0x00edebd0 nrefs 0x00d80340 id 0x00d81020 getter 0x0049d109 setter 0x00edd6e1 slot 0x80000001 attrs 0x01 '' spare 0x00 '' + symbols 0x80000001 + next 0x80000001 + prevp 0x80000001 + proptail 0x00000003 - ops 0x00edd660 lookup 0x00740073 add 0x00000072 remove 0xfdfdfdfd clear 0x00000000 data 0x00000005 - lock {...} owner 0x00edd4b1 - fat 0x0000000a susp CXX0030: Error: expression cannot be evaluated slock CXX0017: Error: symbol "PRLock" not found svar CXX0017: Error: symbol "PRCondVar" not found next CXX0030: Error: expression cannot be evaluated prev CXX0030: Error: expression cannot be evaluated count 0x00edd320 + file 0x00d81058 + line 0x00d81068
This worksforme too in a fresh build.
Adding crash keyword
Keywords: crash
Verified worksforme.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.