The default bug view has changed. See this FAQ.

FF10RC1 crash with gmail.com [@ js_Interpret c8839217]

RESOLVED FIXED

Status

()

Core
JavaScript Engine
--
critical
RESOLVED FIXED
13 years ago
6 years ago

People

(Reporter: jay, Assigned: brendan)

Tracking

(5 keywords)

Other Branch
x86
Windows XP
crash, fixed-aviary1.0, fixed1.7.5, js1.5, topcrash
Points:
---
Bug Flags:
blocking1.7.5 +
blocking-aviary1.0 +
in-testsuite -

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment)

(Reporter)

Description

13 years ago
There are a good number of these crashes in Firefox 1.0 RC1 for gmail users. 
Here's the latest from Talkback:

     Count   Offset    Real Signature
[ 46   js_Interpret c8839217 - js_Interpret ]
 
     Crash date range: 01-NOV-04 to 31-OCT-04
     Min/Max Seconds since last crash: 10 - 360048
     Min/Max Runtime: 11 - 372710
 
     Count   Platform List 
     46   Windows XP [Windows NT 5.1 build 2600] 
 
     Count   Build Id List 
     46   2004102622
 
     No of Unique Users        22
 
 Stack trace(Frame) 

	 js_Interpret
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c 
line 2865] 
	 js_Execute
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c 
line 1162] 
	 JS_EvaluateUCScriptForPrincipals
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsapi.c  line
3649] 
	 nsJSContext::EvaluateString
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/dom/src/base/nsJSEnvironment.cpp
 line 946] 
	 nsScriptLoader::EvaluateScript
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsScriptLoader.cpp
 line 668] 
	 nsScriptLoader::ProcessRequest
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsScriptLoader.cpp
 line 581] 
	 nsScriptLoader::ProcessScriptElement
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsScriptLoader.cpp
 line 527] 
	 nsHTMLScriptElement::MaybeProcessScript
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/content/src/nsHTMLScriptElement.cpp
 line 656] 
	 nsHTMLScriptElement::SetDocument
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/content/src/nsHTMLScriptElement.cpp
 line 469] 
	 HTMLContentSink::ProcessSCRIPTTag
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/document/src/nsHTMLContentSink.cpp
 line 4341] 
	 HTMLContentSink::AddLeaf
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/document/src/nsHTMLContentSink.cpp
 line 3195] 
	 HTMLContentSink::AddHeadContent
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/html/document/src/nsHTMLContentSink.cpp
 line 3146] 
	 CNavDTD::AddHeadLeaf
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp
 line 3839] 
	 CNavDTD::HandleStartToken
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp
 line 1832] 
	 CNavDTD::HandleToken
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp
 line 1019] 
	 CNavDTD::BuildModel
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/CNavDTD.cpp
 line 511] 
	 nsParser::BuildModel
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/htmlparser/src/nsParser.cpp
 line 2004]  
 
     (1627002)	URL: www.gmail.com
     (1621500)	URL: www.gmail.com
     (1610025)	URL: http://www.gamearena.com.au/
     (1610025)	Comments: I had just opened firefox and opened my six favourite
webpages with the "Open in tabs" option  and it crashed to desktop when I
started looking at each webpage.
     (1608536)	URL: www.gmail.com
     (1608532)	URL: www.gmail.com
     (1608525)	URL: www.gmail.com
     (1608521)	URL: www.gmail.com
     (1607539)	URL: https://gmail.google.com.br/gmail
     (1605209)	URL: www.gmail.com
     (1602706)	URL: www.gmail.com
     (1602128)	URL: www.gmail.com
     (1598423)	URL: www.gmail.com
     (1596267)	URL: www.gmail.com
     (1594765)	URL: http://gmail.google.com/
     (1594716)	URL: http://gmail.google.com/
     (1593034)	URL: www.gmail.com
     (1588653)	URL: http://gmail.google.com/gmail
     (1588653)	Comments: opening a new tab.
     (1579506)	URL: www.gmail.com
     (1577615)	URL: www.gmail.com
     (1573714)	URL: www.gmail.com
     (1572604)	URL: http://gmail.google.com
     (1572604)	Comments: Logging in to Gmail.

Not sure if this is related, but bug 244178 might be worth a quick look.  I have
been using gmail with recent Aviary builds and have not been able to reproduce.
 Not much info in comments to work with, so maybe the stack can provide a clue?
(Assignee)

Comment 1

13 years ago
Need to get some brains on this for 1.0.

/be

Updated

13 years ago
Flags: blocking-aviary1.0?
(Assignee)

Comment 2

13 years ago
Created attachment 164790 [details] [diff] [review]
Add more SAVE_SP(fp) calls before OBJ_* call-outs

This may help fix some top-crash bugs; it can't hurt (we could SAVE_SP(fp) at
the top of the interpreter loop body and protect all cases, but that would hurt
perf and waste all the effort to keep sp in a "register" [which is pretty much
wasted on x86 anyway]).

/be
(Assignee)

Updated

13 years ago
Assignee: general → brendan
Status: NEW → ASSIGNED
Comment on attachment 164790 [details] [diff] [review]
Add more SAVE_SP(fp) calls before OBJ_* call-outs

Looks good (and v. safe -- at worst, harmless) to me. r=shaver.
Attachment #164790 - Flags: review+
(Assignee)

Comment 4

13 years ago
This is good for the branches.

/be
Keywords: js1.5
(Assignee)

Comment 5

13 years ago
Comment on attachment 164790 [details] [diff] [review]
Add more SAVE_SP(fp) calls before OBJ_* call-outs

I'll let someone else mark approvals.

/be
Attachment #164790 - Flags: approval1.7.x?
Attachment #164790 - Flags: approval-aviary?

Comment 6

13 years ago
Comment on attachment 164790 [details] [diff] [review]
Add more SAVE_SP(fp) calls before OBJ_* call-outs

a=asa for checkin to the branches.
Attachment #164790 - Flags: approval1.7.x?
Attachment #164790 - Flags: approval1.7.x+
Attachment #164790 - Flags: approval-aviary?
Attachment #164790 - Flags: approval-aviary+
(Assignee)

Comment 7

13 years ago
Fixed everywhere.

/be
Status: ASSIGNED → RESOLVED
Last Resolved: 13 years ago
Keywords: fixed-aviary1.0, fixed1.7.x
Resolution: --- → FIXED

Updated

12 years ago
Flags: testcase-
Crash Signature: [@ js_Interpret c8839217]
You need to log in before you can comment on or make changes to this bug.