Closed Bug 271739 Opened 20 years ago Closed 20 years ago

yet another crash on infinite loop creating new arrays [@ JS_GetPrivate]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 271716

People

(Reporter: mcsmurf, Unassigned)

References

Details

(Keywords: crash)

Crash Data

testcase is also attachment 167017 [details], happens with current cvs trunk (debug build
here).
I open the testcase and as soon as i activate another window (click on it in
taskbar to bring it up), Mozilla crashes. The stacktrace is almost always the
one below, but sometimes it also crashes in another function. The fact that it
only crashes when i activate another window, makes me unsure if this is related
to Bug 271716 and Bug 271718.

Stacktrace:
JS_GetPrivate(JSContext * 0x0128a228, JSObject * 0x00000038) line 2062 + 3 bytes
nsScriptSecurityManager::GetFunctionObjectPrincipal(JSContext * 0x0128a228,
JSObject * 0x00000038, nsIPrincipal * * 0x0012f3e0) line 1829 + 14 bytes
nsScriptSecurityManager::GetFramePrincipal(JSContext * 0x0128a228, JSStackFrame
* 0x0012edf8, nsIPrincipal * * 0x0012f3e0) line 1868 + 20 bytes
nsScriptSecurityManager::GetPrincipalAndFrame(JSContext * 0x0128a228,
nsIPrincipal * * 0x0012f3e0, JSStackFrame * * 0x0012f3a0) line 1896 + 20 bytes
nsScriptSecurityManager::GetSubjectPrincipal(JSContext * 0x0128a228,
nsIPrincipal * * 0x0012f3e0) line 1932
nsScriptSecurityManager::GetSubjectPrincipal(nsScriptSecurityManager * const
0x01078320, nsIPrincipal * * 0x0012f3e0) line 1618
nsScriptSecurityManager::SubjectPrincipalIsSystem(nsScriptSecurityManager *
const 0x01078320, int * 0x0012f3f4) line 1651 + 36 bytes
nsContentUtils::IsCallerChrome() line 924 + 21 bytes
PresShell::HandleEventInternal(nsEvent * 0x0012f78c, nsIView * 0x011a77c8,
unsigned int 0x00000001, nsEventStatus * 0x0012f574) line 5919 + 5 bytes
PresShell::HandleEvent(PresShell * const 0x01260248, nsIView * 0x011a77c8,
nsGUIEvent * 0x0012f78c, nsEventStatus * 0x0012f574, int 0x00000001, int &
0x00000001) line 5806 + 25 bytes
nsViewManager::HandleEvent(nsView * 0x011a77c8, nsGUIEvent * 0x0012f78c, int
0x00000000) line 2354
nsViewManager::DispatchEvent(nsViewManager * const 0x011a7720, nsGUIEvent *
0x0012f78c, nsEventStatus * 0x0012f6dc) line 2127 + 20 bytes
HandleEvent(nsGUIEvent * 0x0012f78c) line 174
nsWindow::DispatchEvent(nsWindow * const 0x011a789c, nsGUIEvent * 0x0012f78c,
nsEventStatus & nsEventStatus_eIgnore) line 1074 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f78c) line 1095
nsWindow::DispatchFocus(unsigned int 0x0000006c, int 0x00000000) line 5520 + 15
bytes
nsWindow::ProcessMessage(unsigned int 0x00000008, unsigned int 0x00000000, long
0x00000000, long * 0x0012fc48) line 4218 + 23 bytes
nsWindow::WindowProc(HWND__ * 0x008001c0, unsigned int 0x00000008, unsigned int
0x00000000, long 0x00000000) line 1355 + 27 bytes
USER32! 77e01ef0()
USER32! 77e03869()
USER32! 77e038ab()
NTDLL! 7789ff57()
USER32! 77e018ec()
PeekKeyAndIMEMessage(tagMSG * 0x0012fdd8 {msg=0x00000113 wp=0x000078a0
lp=0x023d77f0}, HWND__ * 0x00000000) line 90 + 24 bytes
nsAppShell::Run(nsAppShell * const 0x010c8d50) line 128 + 11 bytes
nsAppStartup::Run(nsAppStartup * const 0x010c8ca0) line 216
main1(int 0x00000001, char * * 0x00262638, nsISupports * 0x01043a50) line 1323 +
32 bytes
main(int 0x00000001, char * * 0x00262638) line 1801 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e9893d()

for JS_GetPrivate the vars are:
+	cx	0x0128a228
+	obj	0x00000038
	v	0x00000001

If you need more detailed var info, leave a comment and i'll get it.
Marking dependency on bug containing the testcase.  This may be a separate bug,
or another symptom of the same bug (in which case, DUP).

/be
Depends on: 271716
Summary: yet another crash on infinite loop creating new arrays [@ JS_GetPrivate] → yet another crash on infinite loop creating new arrays [@ JS_GetPrivate]
Frank, can you still reproduce your crash and stack with a recent build? If not,
I would like to dupe this against bug 271716 and handle the related crash in bug
271718.
QA Contact: pschwartau → moz
Doesn't occour anymore, it even offers me to stop the script :) (also that
doesn't work in the first slow script dialog, i have to wait for the 2nd dialog
window to stop the script).

*** This bug has been marked as a duplicate of 271716 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Crash Signature: [@ JS_GetPrivate]
You need to log in before you can comment on or make changes to this bug.