Closed Bug 271739 Opened 20 years ago Closed 20 years ago

yet another crash on infinite loop creating new arrays [@ JS_GetPrivate]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 271716

People

(Reporter: mcsmurf, Unassigned)

References

Details

(Keywords: crash)

Crash Data

testcase is also attachment 167017 [details], happens with current cvs trunk (debug build here). I open the testcase and as soon as i activate another window (click on it in taskbar to bring it up), Mozilla crashes. The stacktrace is almost always the one below, but sometimes it also crashes in another function. The fact that it only crashes when i activate another window, makes me unsure if this is related to Bug 271716 and Bug 271718. Stacktrace: JS_GetPrivate(JSContext * 0x0128a228, JSObject * 0x00000038) line 2062 + 3 bytes nsScriptSecurityManager::GetFunctionObjectPrincipal(JSContext * 0x0128a228, JSObject * 0x00000038, nsIPrincipal * * 0x0012f3e0) line 1829 + 14 bytes nsScriptSecurityManager::GetFramePrincipal(JSContext * 0x0128a228, JSStackFrame * 0x0012edf8, nsIPrincipal * * 0x0012f3e0) line 1868 + 20 bytes nsScriptSecurityManager::GetPrincipalAndFrame(JSContext * 0x0128a228, nsIPrincipal * * 0x0012f3e0, JSStackFrame * * 0x0012f3a0) line 1896 + 20 bytes nsScriptSecurityManager::GetSubjectPrincipal(JSContext * 0x0128a228, nsIPrincipal * * 0x0012f3e0) line 1932 nsScriptSecurityManager::GetSubjectPrincipal(nsScriptSecurityManager * const 0x01078320, nsIPrincipal * * 0x0012f3e0) line 1618 nsScriptSecurityManager::SubjectPrincipalIsSystem(nsScriptSecurityManager * const 0x01078320, int * 0x0012f3f4) line 1651 + 36 bytes nsContentUtils::IsCallerChrome() line 924 + 21 bytes PresShell::HandleEventInternal(nsEvent * 0x0012f78c, nsIView * 0x011a77c8, unsigned int 0x00000001, nsEventStatus * 0x0012f574) line 5919 + 5 bytes PresShell::HandleEvent(PresShell * const 0x01260248, nsIView * 0x011a77c8, nsGUIEvent * 0x0012f78c, nsEventStatus * 0x0012f574, int 0x00000001, int & 0x00000001) line 5806 + 25 bytes nsViewManager::HandleEvent(nsView * 0x011a77c8, nsGUIEvent * 0x0012f78c, int 0x00000000) line 2354 nsViewManager::DispatchEvent(nsViewManager * const 0x011a7720, nsGUIEvent * 0x0012f78c, nsEventStatus * 0x0012f6dc) line 2127 + 20 bytes HandleEvent(nsGUIEvent * 0x0012f78c) line 174 nsWindow::DispatchEvent(nsWindow * const 0x011a789c, nsGUIEvent * 0x0012f78c, nsEventStatus & nsEventStatus_eIgnore) line 1074 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f78c) line 1095 nsWindow::DispatchFocus(unsigned int 0x0000006c, int 0x00000000) line 5520 + 15 bytes nsWindow::ProcessMessage(unsigned int 0x00000008, unsigned int 0x00000000, long 0x00000000, long * 0x0012fc48) line 4218 + 23 bytes nsWindow::WindowProc(HWND__ * 0x008001c0, unsigned int 0x00000008, unsigned int 0x00000000, long 0x00000000) line 1355 + 27 bytes USER32! 77e01ef0() USER32! 77e03869() USER32! 77e038ab() NTDLL! 7789ff57() USER32! 77e018ec() PeekKeyAndIMEMessage(tagMSG * 0x0012fdd8 {msg=0x00000113 wp=0x000078a0 lp=0x023d77f0}, HWND__ * 0x00000000) line 90 + 24 bytes nsAppShell::Run(nsAppShell * const 0x010c8d50) line 128 + 11 bytes nsAppStartup::Run(nsAppStartup * const 0x010c8ca0) line 216 main1(int 0x00000001, char * * 0x00262638, nsISupports * 0x01043a50) line 1323 + 32 bytes main(int 0x00000001, char * * 0x00262638) line 1801 + 37 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77e9893d() for JS_GetPrivate the vars are: + cx 0x0128a228 + obj 0x00000038 v 0x00000001 If you need more detailed var info, leave a comment and i'll get it.
Marking dependency on bug containing the testcase. This may be a separate bug, or another symptom of the same bug (in which case, DUP). /be
Depends on: 271716
Summary: yet another crash on infinite loop creating new arrays [@ JS_GetPrivate] → yet another crash on infinite loop creating new arrays [@ JS_GetPrivate]
Frank, can you still reproduce your crash and stack with a recent build? If not, I would like to dupe this against bug 271716 and handle the related crash in bug 271718.
QA Contact: pschwartau → moz
Doesn't occour anymore, it even offers me to stop the script :) (also that doesn't work in the first slow script dialog, i have to wait for the 2nd dialog window to stop the script). *** This bug has been marked as a duplicate of 271716 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Crash Signature: [@ JS_GetPrivate]
You need to log in before you can comment on or make changes to this bug.