Closed
Bug 263603
Opened 21 years ago
Closed 21 years ago
Crash in 30 - 50% attempt look pages from this site
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
VERIFIED
DUPLICATE
of bug 244470
mozilla1.8alpha5
People
(Reporter: vfigurov, Assigned: brendan)
References
()
Details
(Keywords: crash, js1.5, regression, Whiteboard: TB1208597K TB1208693E)
Attachments
(1 file)
|
60.23 KB,
application/x-javascript
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a) Gecko/20040515
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a) Gecko/2004051509
froze, then show popup system window with message about "Send error ...". After
click on Send/Cancel - auto close Mozilla window.
Reproducible: Sometimes
Steps to Reproduce:
1. Mozilla must TAB-SETS
1. go to http://www.kolesa.ru/
2. click on links in center page (News???)
3.
Comment 1•21 years ago
|
||
crash: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a5) Gecko/20041007
TB1208597K CleanupGeneratedContentIn ca647514
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=TB1208597K
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=stacksig&match=contains&searchfor=CleanupGeneratedContent&vendor=All&product=All&platform=All&buildid=&sdate=&stime=&edate=&etime=
from http://www.kolesa.ru/ loaded http://www.kolesa.ru/?newsalias=15712 in a new
tab, nearly instant crash.
Keywords: crash
Whiteboard: TB1208597K
Comment 2•21 years ago
|
||
TB1208693E nsResetStyleData::Destroy cba0afa7
clicked here on http://www.kolesa.ru/?newsalias=15712 directly.
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=TB1208693E
59 crashes with signature nsResetStyleData::Destroy
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=stacksig&match=contains&searchfor=+nsResetStyleData%3A%3ADestroy&vendor=All&product=All&platform=All&buildid=&sdate=&stime=&edate=&etime=
Whiteboard: TB1208597K → TB1208597K TB1208693E
Comment 3•21 years ago
|
||
crash: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a1) Gecko/20040520
opened URL twice in new tabs, then reloaded twice, then crash on Shift-Reload.
TB1209126E for 1.8a1, TB1209126E for 1.8a5
no crash seen on 1.7.4 and 1.4.2
Comment 4•21 years ago
|
||
WFM Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20040913 Firefox/0.10.1
Updated•21 years ago
|
Severity: normal → critical
Summary: crash in 30 - 50% attept look pages from this site → Crash in 30 - 50% attempt look pages from this site
Comment 5•21 years ago
|
||
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a) Gecko/20040417
regressed somewhere at the start of the 1.8 branch,
BuildID 2004041208 working, 2004041708 crashing, doesn´t contain talkback.
I´ve got the impression, recent builds are crashing better ;-)
I didn´t see flash on the websites, only animated gifs, and lots of Javascript.
The six talkbacks I submitted are all showing different stack signatures:
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=url&match=contains&searchfor=http%3A%2F%2Fwww.kolesa.ru%2F%3Fnewsalias%3D15712&vendor=All&product=All&platform=All
Keywords: regression
Comment 6•21 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a5) Gecko/20041009
Mozilla Windows Trunk Nightly Build ID: 2004100906
Crashes after clicking on URL above.
Talkback IDs: TB1217050H, TB1216988M
Please change the Status to NEW.
Comment 8•21 years ago
|
||
valgrind says this loading www.kolesa.ru:
Invalid write of size 4
at 0x1B94FFC1: js_Interpret (jsinterp.c:4299)
by 0x1B942FFB: js_Execute (jsinterp.c:1562)
by 0x1B91E2C3: JS_EvaluateUCScriptForPrincipals (jsapi.c:3698)
by 0x1C963134: nsJSContext::EvaluateString(nsAString const&, void*,
nsIPrincipal*, char const*, unsigned, char const*, nsAString*, int*)
(nsJSEnvironment.cpp:988)
by 0x1C7EB0AF: nsScriptLoader::EvaluateScript(nsScriptLoadRequest*, nsString
const&) (nsScriptLoader.cpp:669)
by 0x1C7EAD0A: nsScriptLoader::ProcessRequest(nsScriptLoadRequest*)
(nsScriptLoader.cpp:586)
by 0x1C7EBD51: nsScriptLoader::OnStreamComplete(nsIStreamLoader*,
nsISupports*, unsigned, unsigned, unsigned char const*) (nsScriptLoader.cpp:919)
by 0x1CD486B0: nsStreamLoader::OnStopRequest(nsIRequest*, nsISupports*,
unsigned) (nsStreamLoader.cpp:132)
Address 0x1E8C54C0 is not stack'd, malloc'd or (recently) free'd
==> JS
Assignee: general → brendan
Component: Browser-General → JavaScript Engine
OS: Windows XP → All
QA Contact: general → pschwartau
Comment 9•21 years ago
|
||
this script (when loaded from HTML enough times) triggers a crash. If passed
to JS Shell running under valgrind, it generates the following:
Invalid write of size 4
at 0x808FFA5: js_Interpret (jsinterp.c:4320)
by 0x8080720: js_Execute (jsinterp.c:1562)
by 0x8053BAD: JS_ExecuteScript (jsapi.c:3589)
by 0x8049499: Process (js.c:351)
by 0x8049BBD: ProcessArgs (js.c:568)
by 0x804C5B9: main (js.c:2433)
Address 0x3422DFD8 is not stack'd, malloc'd or (recently) free'd
Comment 10•21 years ago
|
||
the crash loading the URL as well as the attached script regressed between linux
trunk builds 2004041207 and 2004041308, pointing at bug 169559, bug 165201 or
bug 206599
Comment 11•21 years ago
|
||
> at 0x808FFA5: js_Interpret (jsinterp.c:4320)
should be line 4299:
fp->vars[atomIndex] = INT_TO_JSVAL(sprop->slot);
| Assignee | ||
Comment 12•21 years ago
|
||
Regression from bug 169559 -- this kind of long feedback delay is a good
indicator of why the trunk should be, and is, still in alpha (bug 169559's patch
did not go into the aviary or 1.7 branches). Thanks for the valgrind and
talkback analysis.
/be
Status: NEW → ASSIGNED
Keywords: js1.5
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.8alpha5
Comment 13•21 years ago
|
||
*** Bug 251956 has been marked as a duplicate of this bug. ***
| Assignee | ||
Comment 14•21 years ago
|
||
Dup of 244470, I'll take that bug and fix the underlying problem.
/be
*** This bug has been marked as a duplicate of 244470 ***
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Verified DUP
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•