Closed
Bug 267797
Opened 18 years ago
Closed 18 years ago
FF10RC1 crash with gmail.com [@ js_Interpret c8839217]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jay, Assigned: brendan)
Details
(5 keywords)
Crash Data
Attachments
(1 file)
8.42 KB,
patch
|
shaver
:
review+
asa
:
approval-aviary+
asa
:
approval1.7.5+
|
Details | Diff | Splinter Review |
There are a good number of these crashes in Firefox 1.0 RC1 for gmail users. Here's the latest from Talkback: Count Offset Real Signature [ 46 js_Interpret c8839217 - js_Interpret ] Crash date range: 01-NOV-04 to 31-OCT-04 Min/Max Seconds since last crash: 10 - 360048 Min/Max Runtime: 11 - 372710 Count Platform List 46 Windows XP [Windows NT 5.1 build 2600] Count Build Id List 46 2004102622 No of Unique Users 22 Stack trace(Frame) js_Interpret [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c line 2865] js_Execute [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c line 1162] JS_EvaluateUCScriptForPrincipals [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsapi.c line 3649] nsJSContext::EvaluateString [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/dom/src/base/nsJSEnvironment.cpp line 946] nsScriptLoader::EvaluateScript [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsScriptLoader.cpp line 668] nsScriptLoader::ProcessRequest [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsScriptLoader.cpp line 581] nsScriptLoader::ProcessScriptElement [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsScriptLoader.cpp line 527] nsHTMLScriptElement::MaybeProcessScript [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/content/src/nsHTMLScriptElement.cpp line 656] nsHTMLScriptElement::SetDocument [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/content/src/nsHTMLScriptElement.cpp line 469] HTMLContentSink::ProcessSCRIPTTag [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/document/src/nsHTMLContentSink.cpp line 4341] HTMLContentSink::AddLeaf [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/document/src/nsHTMLContentSink.cpp line 3195] HTMLContentSink::AddHeadContent [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/document/src/nsHTMLContentSink.cpp line 3146] CNavDTD::AddHeadLeaf [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp line 3839] CNavDTD::HandleStartToken [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp line 1832] CNavDTD::HandleToken [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp line 1019] CNavDTD::BuildModel [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp line 511] nsParser::BuildModel [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/nsParser.cpp line 2004] (1627002) URL: www.gmail.com (1621500) URL: www.gmail.com (1610025) URL: http://www.gamearena.com.au/ (1610025) Comments: I had just opened firefox and opened my six favourite webpages with the "Open in tabs" option and it crashed to desktop when I started looking at each webpage. (1608536) URL: www.gmail.com (1608532) URL: www.gmail.com (1608525) URL: www.gmail.com (1608521) URL: www.gmail.com (1607539) URL: https://gmail.google.com.br/gmail (1605209) URL: www.gmail.com (1602706) URL: www.gmail.com (1602128) URL: www.gmail.com (1598423) URL: www.gmail.com (1596267) URL: www.gmail.com (1594765) URL: http://gmail.google.com/ (1594716) URL: http://gmail.google.com/ (1593034) URL: www.gmail.com (1588653) URL: http://gmail.google.com/gmail (1588653) Comments: opening a new tab. (1579506) URL: www.gmail.com (1577615) URL: www.gmail.com (1573714) URL: www.gmail.com (1572604) URL: http://gmail.google.com (1572604) Comments: Logging in to Gmail. Not sure if this is related, but bug 244178 might be worth a quick look. I have been using gmail with recent Aviary builds and have not been able to reproduce. Not much info in comments to work with, so maybe the stack can provide a clue?
Assignee | ||
Comment 1•18 years ago
|
||
Need to get some brains on this for 1.0. /be
Updated•18 years ago
|
Flags: blocking-aviary1.0?
Assignee | ||
Comment 2•18 years ago
|
||
This may help fix some top-crash bugs; it can't hurt (we could SAVE_SP(fp) at the top of the interpreter loop body and protect all cases, but that would hurt perf and waste all the effort to keep sp in a "register" [which is pretty much wasted on x86 anyway]). /be
Assignee | ||
Updated•18 years ago
|
Assignee: general → brendan
Status: NEW → ASSIGNED
Comment on attachment 164790 [details] [diff] [review] Add more SAVE_SP(fp) calls before OBJ_* call-outs Looks good (and v. safe -- at worst, harmless) to me. r=shaver.
Attachment #164790 -
Flags: review+
Assignee | ||
Comment 5•18 years ago
|
||
Comment on attachment 164790 [details] [diff] [review] Add more SAVE_SP(fp) calls before OBJ_* call-outs I'll let someone else mark approvals. /be
Attachment #164790 -
Flags: approval1.7.x?
Attachment #164790 -
Flags: approval-aviary?
Comment 6•18 years ago
|
||
Comment on attachment 164790 [details] [diff] [review] Add more SAVE_SP(fp) calls before OBJ_* call-outs a=asa for checkin to the branches.
Attachment #164790 -
Flags: approval1.7.x?
Attachment #164790 -
Flags: approval1.7.x+
Attachment #164790 -
Flags: approval-aviary?
Attachment #164790 -
Flags: approval-aviary+
Assignee | ||
Comment 7•18 years ago
|
||
Fixed everywhere. /be
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Keywords: fixed-aviary1.0,
fixed1.7.x
Resolution: --- → FIXED
Updated•17 years ago
|
Flags: testcase-
Updated•11 years ago
|
Crash Signature: [@ js_Interpret c8839217]
You need to log in
before you can comment on or make changes to this bug.
Description
•