Closed
Bug 263603
Opened 20 years ago
Closed 20 years ago
Crash in 30 - 50% attempt look pages from this site
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
VERIFIED
DUPLICATE
of bug 244470
mozilla1.8alpha5
People
(Reporter: vfigurov, Assigned: brendan)
References
()
Details
(Keywords: crash, js1.5, regression, Whiteboard: TB1208597K TB1208693E)
Attachments
(1 file)
60.23 KB,
application/x-javascript
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a) Gecko/20040515 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a) Gecko/2004051509 froze, then show popup system window with message about "Send error ...". After click on Send/Cancel - auto close Mozilla window. Reproducible: Sometimes Steps to Reproduce: 1. Mozilla must TAB-SETS 1. go to http://www.kolesa.ru/ 2. click on links in center page (News???) 3.
Comment 1•20 years ago
|
||
crash: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a5) Gecko/20041007 TB1208597K CleanupGeneratedContentIn ca647514 http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=TB1208597K http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=stacksig&match=contains&searchfor=CleanupGeneratedContent&vendor=All&product=All&platform=All&buildid=&sdate=&stime=&edate=&etime= from http://www.kolesa.ru/ loaded http://www.kolesa.ru/?newsalias=15712 in a new tab, nearly instant crash.
Keywords: crash
Whiteboard: TB1208597K
Comment 2•20 years ago
|
||
TB1208693E nsResetStyleData::Destroy cba0afa7 clicked here on http://www.kolesa.ru/?newsalias=15712 directly. http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=TB1208693E 59 crashes with signature nsResetStyleData::Destroy http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=stacksig&match=contains&searchfor=+nsResetStyleData%3A%3ADestroy&vendor=All&product=All&platform=All&buildid=&sdate=&stime=&edate=&etime=
Whiteboard: TB1208597K → TB1208597K TB1208693E
Comment 3•20 years ago
|
||
crash: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a1) Gecko/20040520 opened URL twice in new tabs, then reloaded twice, then crash on Shift-Reload. TB1209126E for 1.8a1, TB1209126E for 1.8a5 no crash seen on 1.7.4 and 1.4.2
Comment 4•20 years ago
|
||
WFM Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20040913 Firefox/0.10.1
Updated•20 years ago
|
Severity: normal → critical
Summary: crash in 30 - 50% attept look pages from this site → Crash in 30 - 50% attempt look pages from this site
Comment 5•20 years ago
|
||
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a) Gecko/20040417 regressed somewhere at the start of the 1.8 branch, BuildID 2004041208 working, 2004041708 crashing, doesn´t contain talkback. I´ve got the impression, recent builds are crashing better ;-) I didn´t see flash on the websites, only animated gifs, and lots of Javascript. The six talkbacks I submitted are all showing different stack signatures: http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=url&match=contains&searchfor=http%3A%2F%2Fwww.kolesa.ru%2F%3Fnewsalias%3D15712&vendor=All&product=All&platform=All
Keywords: regression
Comment 6•20 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a5) Gecko/20041009 Mozilla Windows Trunk Nightly Build ID: 2004100906 Crashes after clicking on URL above. Talkback IDs: TB1217050H, TB1216988M Please change the Status to NEW.
Comment 8•20 years ago
|
||
valgrind says this loading www.kolesa.ru: Invalid write of size 4 at 0x1B94FFC1: js_Interpret (jsinterp.c:4299) by 0x1B942FFB: js_Execute (jsinterp.c:1562) by 0x1B91E2C3: JS_EvaluateUCScriptForPrincipals (jsapi.c:3698) by 0x1C963134: nsJSContext::EvaluateString(nsAString const&, void*, nsIPrincipal*, char const*, unsigned, char const*, nsAString*, int*) (nsJSEnvironment.cpp:988) by 0x1C7EB0AF: nsScriptLoader::EvaluateScript(nsScriptLoadRequest*, nsString const&) (nsScriptLoader.cpp:669) by 0x1C7EAD0A: nsScriptLoader::ProcessRequest(nsScriptLoadRequest*) (nsScriptLoader.cpp:586) by 0x1C7EBD51: nsScriptLoader::OnStreamComplete(nsIStreamLoader*, nsISupports*, unsigned, unsigned, unsigned char const*) (nsScriptLoader.cpp:919) by 0x1CD486B0: nsStreamLoader::OnStopRequest(nsIRequest*, nsISupports*, unsigned) (nsStreamLoader.cpp:132) Address 0x1E8C54C0 is not stack'd, malloc'd or (recently) free'd ==> JS
Assignee: general → brendan
Component: Browser-General → JavaScript Engine
OS: Windows XP → All
QA Contact: general → pschwartau
Comment 9•20 years ago
|
||
this script (when loaded from HTML enough times) triggers a crash. If passed to JS Shell running under valgrind, it generates the following: Invalid write of size 4 at 0x808FFA5: js_Interpret (jsinterp.c:4320) by 0x8080720: js_Execute (jsinterp.c:1562) by 0x8053BAD: JS_ExecuteScript (jsapi.c:3589) by 0x8049499: Process (js.c:351) by 0x8049BBD: ProcessArgs (js.c:568) by 0x804C5B9: main (js.c:2433) Address 0x3422DFD8 is not stack'd, malloc'd or (recently) free'd
Comment 10•20 years ago
|
||
the crash loading the URL as well as the attached script regressed between linux trunk builds 2004041207 and 2004041308, pointing at bug 169559, bug 165201 or bug 206599
Comment 11•20 years ago
|
||
> at 0x808FFA5: js_Interpret (jsinterp.c:4320)
should be line 4299:
fp->vars[atomIndex] = INT_TO_JSVAL(sprop->slot);
Assignee | ||
Comment 12•20 years ago
|
||
Regression from bug 169559 -- this kind of long feedback delay is a good indicator of why the trunk should be, and is, still in alpha (bug 169559's patch did not go into the aviary or 1.7 branches). Thanks for the valgrind and talkback analysis. /be
Status: NEW → ASSIGNED
Keywords: js1.5
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.8alpha5
Comment 13•20 years ago
|
||
*** Bug 251956 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 14•20 years ago
|
||
Dup of 244470, I'll take that bug and fix the underlying problem. /be *** This bug has been marked as a duplicate of 244470 ***
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Verified DUP
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•