192008 - Assertion then crash when visiting this site

Status: VERIFIED DUPLICATE of bug 190813

(Core :: Networking, defect)

Description

[Adam Lock]

Load http://www.visitdublin.com/ into a recent build and it crashes while
attempting to evaluate a script supplied by an http request.

Steps to reproduce:

1. Start mozilla
2. Load the site
3. An assertion below occurs in PR_Unlock followed by an abnormal app termination

Suppressing the popup the site displays makes no difference to this behaviour. 

Stack trace

NTDLL! 77f7f570()
PR_Unlock(PRLock * 0x00ad5cf0) line 341 + 40 bytes
js_GC(JSContext * 0x036dd7c0, unsigned int 5) line 1289 + 35 bytes
js_AllocGCThing(JSContext * 0x036dd7c0, unsigned int 3) line 523 + 11 bytes
js_NewString(JSContext * 0x036dd7c0, unsigned short * 0x04a388c8, unsigned int
16692, unsigned int 2) line 2442 + 16 bytes
js_ConcatStrings(JSContext * 0x036dd7c0, JSString * 0x039e8180, JSString *
0x03879270) line 175 + 19 bytes
js_Interpret(JSContext * 0x036dd7c0, long * 0x0012f0c8) line 2255 + 17 bytes
js_Execute(JSContext * 0x036dd7c0, JSObject * 0x035e0b90, JSScript * 0x0394a058,
JSStackFrame * 0x00000000, unsigned int 0, long * 0x0012f0c8) line 1020 + 13 bytes
JS_EvaluateUCScriptForPrincipals(JSContext * 0x036dd7c0, JSObject * 0x035e0b90,
JSPrincipals * 0x03a07540, const unsigned short * 0x041186d0, unsigned int
35634, const char * 0x0012f1e0, unsigned int 1, long * 0x0012f0c8) line 3382 +
25 bytes
nsJSContext::EvaluateString(nsJSContext * const 0x036dd5d8, const nsAString &
{...}, void * 0x035e0b90, nsIPrincipal * 0x03a0753c, const char * 0x0012f1e0,
unsigned int 1, const char * 0x00d6769c, nsAString & {...}, int * 0x0012f12c)
line 700 + 85 bytes
nsScriptLoader::EvaluateScript(nsScriptLoadRequest * 0x03fe0f88, const
nsAFlatString & {...}) line 582
nsScriptLoader::ProcessRequest(nsScriptLoadRequest * 0x03fe0f88) line 489 + 22 bytes
nsScriptLoader::OnStreamComplete(nsScriptLoader * const 0x039cfed4,
nsIStreamLoader * 0x039c4340, nsISupports * 0x03fe0f88, unsigned int 0, unsigned
int 4294967295, const char * 0x03949b5b) line 832
nsStreamLoader::OnStopRequest(nsStreamLoader * const 0x039c4344, nsIRequest *
0x039aa460, nsISupports * 0x03fe0f88, unsigned int 0) line 144
nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x03a111e8,
nsIRequest * 0x039aa460, nsISupports * 0x03fe0f88, unsigned int 0) line 66
nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x039aa468, nsIRequest *
0x04017f18, nsISupports * 0x00000000, unsigned int 0) line 2947
nsInputStreamPump::OnStateStop() line 462
nsInputStreamPump::OnInputStreamReady(nsInputStreamPump * const 0x04017f1c,
nsIAsyncInputStream * 0x03984a5c) line 320 + 11 bytes
nsInputStreamReadyEvent::EventHandler(PLEvent * 0x040d9eb4) line 102
PL_HandleEvent(PLEvent * 0x040d9eb4) line 663 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00a8a3c0) line 593 + 9 bytes
nsEventQueueImpl::ProcessPendingEvents(nsEventQueueImpl * const 0x00a8a2c8) line
387 + 12 bytes
nsWindow::DispatchPendingEvents() line 3729
nsWindow::ProcessMessage(unsigned int 512, unsigned int 0, long 6684684, long *
0x0012fbf0) line 4072
nsWindow::WindowProc(HWND__ * 0x000606b0, unsigned int 512, unsigned int 0, long
6684684) line 1402 + 27 bytes
USER32! 77d67b17()
USER32! 77d6cdce()
USER32! 77d44435()
USER32! 77d49611()
nsAppShellService::Run(nsAppShellService * const 0x00b05558) line 480
main1(int 1, char * * 0x002a43e8, nsISupports * 0x00a836a0) line 1273 + 32 bytes
main(int 1, char * * 0x002a43e8) line 1636 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e7eb69()

Comment 1

[Boris Zbarsky [:bzbarsky]]

minimal testcase would be nice....

Comment 2

[Doug Turner (:dougt)]

brendan, does this look familar?

Comment 3

[Brendan Eich [:brendan]]

Dup of bug 190813, which is fixed for 1.3 (thanks to dbradley), but still open
only to remind me to make a cleanup pass in 1.4.

/be

*** This bug has been marked as a duplicate of 190813 ***

Comment 4

[timeless]

vrfy dupe