Closed
Bug 267797
Opened 18 years ago
Closed 18 years ago
FF10RC1 crash with gmail.com [@ js_Interpret c8839217]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jay, Assigned: brendan)
Details
(5 keywords)
Crash Data
Attachments
(1 file)
|
8.42 KB,
patch
|
shaver
:
review+
asa
:
approval-aviary+
asa
:
approval1.7.5+
|
Details | Diff | Splinter Review |
There are a good number of these crashes in Firefox 1.0 RC1 for gmail users.
Here's the latest from Talkback:
Count Offset Real Signature
[ 46 js_Interpret c8839217 - js_Interpret ]
Crash date range: 01-NOV-04 to 31-OCT-04
Min/Max Seconds since last crash: 10 - 360048
Min/Max Runtime: 11 - 372710
Count Platform List
46 Windows XP [Windows NT 5.1 build 2600]
Count Build Id List
46 2004102622
No of Unique Users 22
Stack trace(Frame)
js_Interpret
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c
line 2865]
js_Execute
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c
line 1162]
JS_EvaluateUCScriptForPrincipals
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsapi.c line
3649]
nsJSContext::EvaluateString
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/dom/src/base/nsJSEnvironment.cpp
line 946]
nsScriptLoader::EvaluateScript
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsScriptLoader.cpp
line 668]
nsScriptLoader::ProcessRequest
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsScriptLoader.cpp
line 581]
nsScriptLoader::ProcessScriptElement
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsScriptLoader.cpp
line 527]
nsHTMLScriptElement::MaybeProcessScript
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/content/src/nsHTMLScriptElement.cpp
line 656]
nsHTMLScriptElement::SetDocument
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/content/src/nsHTMLScriptElement.cpp
line 469]
HTMLContentSink::ProcessSCRIPTTag
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/document/src/nsHTMLContentSink.cpp
line 4341]
HTMLContentSink::AddLeaf
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/document/src/nsHTMLContentSink.cpp
line 3195]
HTMLContentSink::AddHeadContent
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/document/src/nsHTMLContentSink.cpp
line 3146]
CNavDTD::AddHeadLeaf
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp
line 3839]
CNavDTD::HandleStartToken
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp
line 1832]
CNavDTD::HandleToken
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp
line 1019]
CNavDTD::BuildModel
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp
line 511]
nsParser::BuildModel
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/nsParser.cpp
line 2004]
(1627002) URL: www.gmail.com
(1621500) URL: www.gmail.com
(1610025) URL: http://www.gamearena.com.au/
(1610025) Comments: I had just opened firefox and opened my six favourite
webpages with the "Open in tabs" option and it crashed to desktop when I
started looking at each webpage.
(1608536) URL: www.gmail.com
(1608532) URL: www.gmail.com
(1608525) URL: www.gmail.com
(1608521) URL: www.gmail.com
(1607539) URL: https://gmail.google.com.br/gmail
(1605209) URL: www.gmail.com
(1602706) URL: www.gmail.com
(1602128) URL: www.gmail.com
(1598423) URL: www.gmail.com
(1596267) URL: www.gmail.com
(1594765) URL: http://gmail.google.com/
(1594716) URL: http://gmail.google.com/
(1593034) URL: www.gmail.com
(1588653) URL: http://gmail.google.com/gmail
(1588653) Comments: opening a new tab.
(1579506) URL: www.gmail.com
(1577615) URL: www.gmail.com
(1573714) URL: www.gmail.com
(1572604) URL: http://gmail.google.com
(1572604) Comments: Logging in to Gmail.
Not sure if this is related, but bug 244178 might be worth a quick look. I have
been using gmail with recent Aviary builds and have not been able to reproduce.
Not much info in comments to work with, so maybe the stack can provide a clue?
|
Assignee | |
Comment 1•18 years ago
|
||
Need to get some brains on this for 1.0. /be
|
||
Updated•18 years ago
|
Flags: blocking-aviary1.0?
|
|
Assignee | |
Comment 2•18 years ago
|
||
This may help fix some top-crash bugs; it can't hurt (we could SAVE_SP(fp) at the top of the interpreter loop body and protect all cases, but that would hurt perf and waste all the effort to keep sp in a "register" [which is pretty much wasted on x86 anyway]). /be
|
|
Assignee | |
Updated•18 years ago
|
Assignee: general → brendan
Status: NEW → ASSIGNED
Comment on attachment 164790 [details] [diff] [review] Add more SAVE_SP(fp) calls before OBJ_* call-outs Looks good (and v. safe -- at worst, harmless) to me. r=shaver.
Attachment #164790 -
Flags: review+
|
|
Assignee | |
Comment 5•18 years ago
|
||
Comment on attachment 164790 [details] [diff] [review] Add more SAVE_SP(fp) calls before OBJ_* call-outs I'll let someone else mark approvals. /be
Attachment #164790 -
Flags: approval1.7.x?
Attachment #164790 -
Flags: approval-aviary?
|
|
||
Comment 6•18 years ago
|
||
Comment on attachment 164790 [details] [diff] [review] Add more SAVE_SP(fp) calls before OBJ_* call-outs a=asa for checkin to the branches.
Attachment #164790 -
Flags: approval1.7.x?
Attachment #164790 -
Flags: approval1.7.x+
Attachment #164790 -
Flags: approval-aviary?
Attachment #164790 -
Flags: approval-aviary+
|
|
Assignee | |
Comment 7•18 years ago
|
||
Fixed everywhere. /be
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Keywords: fixed-aviary1.0,
fixed1.7.x
Resolution: --- → FIXED
|
||
Updated•17 years ago
|
Flags: testcase-
|
||
Updated•11 years ago
|
Crash Signature: [@ js_Interpret c8839217]
You need to log in
before you can comment on or make changes to this bug.
Description
•