|
8.42 KB,
patch
|
shaver
:
review+
asa
:
approval-aviary+
asa
:
approval1.7.5+
|
Details | Diff | Splinter Review |
There are a good number of these crashes in Firefox 1.0 RC1 for gmail users.
Here's the latest from Talkback:
Count Offset Real Signature
[ 46 js_Interpret c8839217 - js_Interpret ]
Crash date range: 01-NOV-04 to 31-OCT-04
Min/Max Seconds since last crash: 10 - 360048
Min/Max Runtime: 11 - 372710
Count Platform List
46 Windows XP [Windows NT 5.1 build 2600]
Count Build Id List
46 2004102622
No of Unique Users 22
Stack trace(Frame)
js_Interpret
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c
line 2865]
js_Execute
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c
line 1162]
JS_EvaluateUCScriptForPrincipals
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsapi.c line
3649]
nsJSContext::EvaluateString
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/dom/src/base/nsJSEnvironment.cpp
line 946]
nsScriptLoader::EvaluateScript
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsScriptLoader.cpp
line 668]
nsScriptLoader::ProcessRequest
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsScriptLoader.cpp
line 581]
nsScriptLoader::ProcessScriptElement
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsScriptLoader.cpp
line 527]
nsHTMLScriptElement::MaybeProcessScript
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/content/src/nsHTMLScriptElement.cpp
line 656]
nsHTMLScriptElement::SetDocument
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/content/src/nsHTMLScriptElement.cpp
line 469]
HTMLContentSink::ProcessSCRIPTTag
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/document/src/nsHTMLContentSink.cpp
line 4341]
HTMLContentSink::AddLeaf
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/document/src/nsHTMLContentSink.cpp
line 3195]
HTMLContentSink::AddHeadContent
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/document/src/nsHTMLContentSink.cpp
line 3146]
CNavDTD::AddHeadLeaf
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp
line 3839]
CNavDTD::HandleStartToken
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp
line 1832]
CNavDTD::HandleToken
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp
line 1019]
CNavDTD::BuildModel
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp
line 511]
nsParser::BuildModel
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/nsParser.cpp
line 2004]
(1627002) URL: www.gmail.com
(1621500) URL: www.gmail.com
(1610025) URL: http://www.gamearena.com.au/
(1610025) Comments: I had just opened firefox and opened my six favourite
webpages with the "Open in tabs" option and it crashed to desktop when I
started looking at each webpage.
(1608536) URL: www.gmail.com
(1608532) URL: www.gmail.com
(1608525) URL: www.gmail.com
(1608521) URL: www.gmail.com
(1607539) URL: https://gmail.google.com.br/gmail
(1605209) URL: www.gmail.com
(1602706) URL: www.gmail.com
(1602128) URL: www.gmail.com
(1598423) URL: www.gmail.com
(1596267) URL: www.gmail.com
(1594765) URL: http://gmail.google.com/
(1594716) URL: http://gmail.google.com/
(1593034) URL: www.gmail.com
(1588653) URL: http://gmail.google.com/gmail
(1588653) Comments: opening a new tab.
(1579506) URL: www.gmail.com
(1577615) URL: www.gmail.com
(1573714) URL: www.gmail.com
(1572604) URL: http://gmail.google.com
(1572604) Comments: Logging in to Gmail.
Not sure if this is related, but bug 244178 might be worth a quick look. I have
been using gmail with recent Aviary builds and have not been able to reproduce.
Not much info in comments to work with, so maybe the stack can provide a clue?
|
(Assignee) | |
Comment 1•13 years ago
|
||
Need to get some brains on this for 1.0. /be
|
||
Updated•13 years ago
|
||
|
|
(Assignee) | |
Comment 2•13 years ago
|
||
Created attachment 164790 [details] [diff] [review] Add more SAVE_SP(fp) calls before OBJ_* call-outs This may help fix some top-crash bugs; it can't hurt (we could SAVE_SP(fp) at the top of the interpreter loop body and protect all cases, but that would hurt perf and waste all the effort to keep sp in a "register" [which is pretty much wasted on x86 anyway]). /be
|
|
(Assignee) | |
Updated•13 years ago
|
||
Comment on attachment 164790 [details] [diff] [review] Add more SAVE_SP(fp) calls before OBJ_* call-outs Looks good (and v. safe -- at worst, harmless) to me. r=shaver.
|
|
(Assignee) | |
Comment 5•13 years ago
|
||
Comment on attachment 164790 [details] [diff] [review] Add more SAVE_SP(fp) calls before OBJ_* call-outs I'll let someone else mark approvals. /be
|
|
||
Comment 6•13 years ago
|
||
Comment on attachment 164790 [details] [diff] [review] Add more SAVE_SP(fp) calls before OBJ_* call-outs a=asa for checkin to the branches.
|
|
(Assignee) | |
Comment 7•13 years ago
|
||
Fixed everywhere. /be
|
||
Updated•12 years ago
|
||
|
||
Updated•6 years ago
|
||
Description
•