This website and some others crash on load [@ EmitNumberOp ] [@ MSVCRT.DLL ]

VERIFIED DUPLICATE of bug 160602

Status

()

--
critical
VERIFIED DUPLICATE of bug 160602
16 years ago
16 years ago

People

(Reporter: kethorse, Assigned: khanson)

Tracking

({crash})

Trunk
x86
Windows XP
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

(Reporter)

Description

16 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3a) Gecko/20021119
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3a) Gecko/20021119

This has happened to these websites:
1. http://www.start.no
2. http://www.caplex.no
3. http://www.stormlinux.com (When clicking on the Linux link on the left)

Some other sites which I don't recall at the moment.

Reproducible: Always

Steps to Reproduce:
1. Wrote the link to website in the URL address bar
2. Pressed enter
3.

Actual Results:  
Mozilla closed down

Expected Results:  
Loaded the page

Comment 1

16 years ago
These sites are using Flash content, do you still crash when upgrading to Flash 6 ?
Severity: normal → critical
Keywords: crash, stackwanted

Comment 2

16 years ago
I've just tested with build 20021119 on WinXP Pro, with Flash v6, works fine for
me. Adding relnote keyword as the Mozilla 1.2b release notes make no mention of
upgrading to Flash v6.
Keywords: relnote

Comment 3

16 years ago
I think Olivier asked about flash 6 to help deciding whether this is another
duplicate of the regression in bug 179822.

stormlinux.com doesn't seem to use flash, so the crash there may be something
else. All sites are "WFM", day old trunk CVS, Linux.

Removing "relnote" keyword.

If you can add the talkback ID's for these crashes, that would be of great help.
Keywords: relnote

Comment 4

16 years ago
Ketil, can you post Talkback ID for this crash using
"mozilla/bin/components/talkback.exe" ?
(Reporter)

Comment 5

16 years ago
These are the talkback IDs:
TB14123897H
TB14089463Q
TB14084550M
TB14084409K
TB14083454G

-- 
Ketil

Updated

16 years ago
Whiteboard: TB14123897H

Comment 6

16 years ago
msvcrt.dll + 0x3b26c (0x77c3b26c)
EmitNumberOp [d:/builds/seamonkey/mozilla/js/src/jsemit.c, line 1860]
js_EmitTree [d:/builds/seamonkey/mozilla/js/src/jsemit.c, line 3976]
js_EmitTree [d:/builds/seamonkey/mozilla/js/src/jsemit.c, line 3630]
js_EmitTree [d:/builds/seamonkey/mozilla/js/src/jsemit.c, line 3479]
js_EmitTree [d:/builds/seamonkey/mozilla/js/src/jsemit.c, line 3325]
Statements [d:/builds/seamonkey/mozilla/js/src/jsparse.c, line 923]
js_CompileTokenStream [d:/builds/seamonkey/mozilla/js/src/jsparse.c, line 398]
CompileTokenStream [d:/builds/seamonkey/mozilla/js/src/jsapi.c, line 2851]
JS_CompileUCScriptForPrincipals [d:/builds/seamonkey/mozilla/js/src/jsapi.c,
line 2931]
JS_EvaluateUCScriptForPrincipals [d:/builds/seamonkey/mozilla/js/src/jsapi.c,
line 3380]
nsJSContext::EvaluateString
[d:/builds/seamonkey/mozilla/dom/src/base/nsJSEnvironment.cpp, line 702]
nsScriptLoader::EvaluateScript
[d:/builds/seamonkey/mozilla/content/base/src/nsScriptLoader.cpp, line 586]
nsScriptLoader::ProcessRequest
[d:/builds/seamonkey/mozilla/content/base/src/nsScriptLoader.cpp, line 494]
nsScriptLoader::ProcessScriptElement
[d:/builds/seamonkey/mozilla/content/base/src/nsScriptLoader.cpp, line 438]
nsHTMLScriptElement::MaybeProcessScript
[d:/builds/seamonkey/mozilla/content/html/content/src/nsHTMLScriptElement.cpp,
line 699]
nsHTMLScriptElement::SetDocument
[d:/builds/seamonkey/mozilla/content/html/content/src/nsHTMLScriptElement.cpp,
line 499]
nsGenericHTMLContainerElement::AppendChildTo
[d:/builds/seamonkey/mozilla/content/html/content/src/nsGenericHTMLElement.cpp,
line 4074]
HTMLContentSink::ProcessSCRIPTTag
[d:/builds/seamonkey/mozilla/content/html/document/src/nsHTMLContentSink.cpp,
line 5708]
HTMLContentSink::AddLeaf
[d:/builds/seamonkey/mozilla/content/html/document/src/nsHTMLContentSink.cpp,
line 3708]
CNavDTD::AddLeaf [d:/builds/seamonkey/mozilla/htmlparser/src/CNavDTD.cpp, line 3806]
CNavDTD::HandleScriptToken
[d:/builds/seamonkey/mozilla/htmlparser/src/CNavDTD.cpp, line 2277]
CNavDTD::OpenContainer [d:/builds/seamonkey/mozilla/htmlparser/src/CNavDTD.cpp,
line 3451]
CNavDTD::HandleDefaultStartToken
[d:/builds/seamonkey/mozilla/htmlparser/src/CNavDTD.cpp, line 1352]
CNavDTD::HandleStartToken
[d:/builds/seamonkey/mozilla/htmlparser/src/CNavDTD.cpp, line 1757]
CNavDTD::HandleToken [d:/builds/seamonkey/mozilla/htmlparser/src/CNavDTD.cpp,
line 913]
CNavDTD::BuildModel [d:/builds/seamonkey/mozilla/htmlparser/src/CNavDTD.cpp,
line 530]
nsParser::BuildModel [d:/builds/seamonkey/mozilla/htmlparser/src/nsParser.cpp,
line 1890]
nsParser::ResumeParse [d:/builds/seamonkey/mozilla/htmlparser/src/nsParser.cpp,
line 1754]
nsParser::OnDataAvailable
[d:/builds/seamonkey/mozilla/htmlparser/src/nsParser.cpp, line 2390]
nsDocumentOpenInfo::OnDataAvailable
[d:/builds/seamonkey/mozilla/uriloader/base/nsURILoader.cpp, line 246]
nsStreamListenerTee::OnDataAvailable
[d:/builds/seamonkey/mozilla/netwerk/base/src/nsStreamListenerTee.cpp, line 98]
nsHttpChannel::OnDataAvailable
[d:/builds/seamonkey/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp, line 3048]
nsOnDataAvailableEvent::HandleEvent
[d:/builds/seamonkey/mozilla/netwerk/base/src/nsStreamListenerProxy.cpp, line 205]
PL_HandleEvent [d:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 645]
PL_ProcessPendingEvents [d:/builds/seamonkey/mozilla/xpcom/threads/plevent.c,
line 578]
_md_EventReceiverProc [d:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line
1336]
USER32.dll + 0x3d91 (0x77d33d91)
USER32.dll + 0x3df7 (0x77d33df7)
nsAppShellService::Run
[d:/builds/seamonkey/mozilla/xpfe/appshell/src/nsAppShellService.cpp, line 472]
main1 [d:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1557]
main [d:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1905]
WinMain [d:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1925]
WinMainCRTStartup()
kernel32.dll + 0x214c7 (0x77e814c7) 

Updated

16 years ago
Keywords: stackwanted
Summary: This website and some others close down without loading at all → This website and some others close down without loading at all [@ EmitNumberOp ] [@ MSVCRT.DLL ]
Whiteboard: TB14123897H

Comment 7

16 years ago
do you crash after cleaning your cache ?
do you also crash with a clean profile "mozilla -profilemanager" ?

Comment 8

16 years ago
I had no issues on any of the specified sites using 2002122608.  Moving to
JavaScript Engine since this seems to have something to do with JavaScript or
DOM given the stack dump.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 16 years ago
Component: Browser-General → JavaScript Engine
Resolution: --- → WORKSFORME
(Reporter)

Comment 9

16 years ago
I have found out that it helps to clear the history. Then it won't crash.

Comment 10

16 years ago
*** Bug 187027 has been marked as a duplicate of this bug. ***

Comment 11

16 years ago
from bug 187027 "I have Windows XP Home Edition with SP1. My Graphics card is 
NVIDIA GeForce4 MX-420. This crash is *only* with Modern theme"
Can you upgrade your Nvidia video card driver and see if you still crash ?
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
(Reporter)

Comment 12

16 years ago
This is a card in a HP Pavilion PC. There hasn't been issued an upgrade for this
video card. The drivers are HP specific. I have to correct one piece of
information: It also crashes with Classic theme.

Comment 13

16 years ago
Setting default owner; not sure if this is JS Engine or not -
Assignee: asa → khanson
QA Contact: asa → pschwartau
Summary: This website and some others close down without loading at all [@ EmitNumberOp ] [@ MSVCRT.DLL ] → This website and some others crash on load [@ EmitNumberOp ] [@ MSVCRT.DLL ]

Comment 14

16 years ago
Yes, this is JS Engine. All three sites above call (new Date).getTime() :

----------------------  http://www.start.no/  ----------------------
<script language="JavaScript1.1">
  var w0=0;
  document.write('<img 
src="http://server-no.imrworldwide.com/cgi-bin/count?url=http://start.dagbladet.
no/'+seksjon+'&rnd='+ (new Date()).getTime() +  etc. etc.
 
--------------  http://www.caplex.no/web/frameset/main.asp  -------------
<script language="JavaScript">
  var time = new Date();
  randnum = (time.getTime());

----------------------  http://www.stormlinux.com  ----------------------  
<script language=javascript>
function se(k, b, m) {
  var now=new Date();
  var link='/s'+'?k='+k;
  if (b) link=link+'&b='+b;
  if (m) link=link+'&m='+m;
  link=link+'&t='+now.getTime();
  window.location = link;
}
</script>
-------------------------------------------------------------------------


This has been causing a Windows-only crash that dbradley has figured out in
bug 160602, "Large integers, e.g. getTime(), causing crash at 0x39393929"

The hex number refers to the message that Windows puts up when the crashes 
occur: "The instruction ... referenced memory at 0x39393929" (or similar).

We don't have a fix in place yet, but a contributor has reported that
the latest software update to Windows 2000 seems to fix the problem.
See bug 160602 comment 145.

Meanwhile, I am resolving this as a duplicate -

*** This bug has been marked as a duplicate of 160602 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 16 years ago16 years ago
Resolution: --- → DUPLICATE

Comment 15

16 years ago
Marking Verified Duplicate.

Ketil: thank you for this report. You have been cc'ed on bug 160602
so you can follow progress on this issue. If that bug ever gets marked
"Fixed" but the above sites still crash with up-to-date Mozilla builds,
please reopen this bug - thanks.

Also, let us know if any Windows upgrades fix this for you; that would
be very interesting to know. I myself have never exerienced this crash
on WinNT.
Status: RESOLVED → VERIFIED
(Reporter)

Comment 16

16 years ago
Works flawlessly in latest unicode build on Win XP
Crash Signature: [@ EmitNumberOp ] [@ MSVCRT.DLL ]
You need to log in before you can comment on or make changes to this bug.