Closed
Bug 284431
Opened 20 years ago
Closed 20 years ago
Crash running online e4x test suite at js_LeaveLocalRootScope
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: bc, Unassigned)
References
()
Details
(Keywords: crash)
Trunk Seamonkey build from 2005-03-01 on winxp. The bug is hard to pin down as it is not reproducible with a single test case nor via the remote online tests (at least with my high latency connection). To reliably reproduce, download <http://bclary-com.bclary.com/2004/10/03/js-tests.zip> and unzip somewhere in your local web server. Start with the browser not running, then start the browser and open menu.html on your local web server. and visit the online test library in the url. Select all e4x tests, and click execute. You will need to allow popups on the site for the tests to run. The crash occurs in e4x/TypeConversion/10.4.1.js. This is not reproducible by running the test case individually. This crash does not occur when running the tests in the jsshell. See <http://bclary-com.bclary.com/2004/10/03/results/> for test results using the shell. stack: js_LeaveLocalRootScope(JSContext * 0x00011f21) line 507 + 2 bytes ParseNodeToXML(JSContext * 0x01feec98, JSParseNode * 0x030c3f00, JSXMLArray * 0x0012f6fc, unsigned int 31) line 1779 + 8 bytes ParseNodeToXML(JSContext * 0x01feec98, JSParseNode * 0x030c3e08, JSXMLArray * 0x0012f6fc, unsigned int 31) line 1468 + 24 bytes ParseXMLSource(JSContext * 0x0226a230, JSString * 0x00000000) line 1924 + 14 bytes ToXML(JSContext * 0x01feec98, long 36167708) line 2019 + 7 bytes js_Interpret(JSContext * 0x01feec98, unsigned char * 0x00c442a0, long * 0x0012f8e0) line 5123 js_Execute(JSContext * 0x00a5fa10, JSObject * 0x02161db8, JSScript * 0x0276c3c8, JSStackFrame * 0x00000000, unsigned int 0, long * 0x0012f998) line 1524 JS_EvaluateUCScriptForPrincipals(JSContext * 0x01feec98, JSObject * 0x02161db8, JSPrincipals * 0x01623f54, const unsigned short * 0x0242a010, unsigned int 3139, const char * 0x0273a3c0, unsigned int 1, long * 0x0012f998) line 3739 + 15 bytes nsJSContext::EvaluateString(nsJSContext * const 0x0253e19c, const nsAString & {...}, void * 0x02161db8, nsIPrincipal * 0x00000000, const char * 0x0273a3c0, unsigned int 1, const char * 0x00c43794, nsAString * 0x00000000, int * 0x0012fa38) line 1035 + 69 bytes nsScriptLoader::EvaluateScript(nsScriptLoader * const 0x0253e19c, nsScriptLoadRequest * 0x00000001, const nsString & {...}) line 723 nsScriptLoader::ProcessRequest(nsScriptLoader * const 0x0253e19c, nsScriptLoadRequest * 0x023773c8) line 629 + 9 bytes nsScriptLoader::OnStreamComplete(nsScriptLoader * const 0x00000000, nsIStreamLoader * 0x00000000, nsISupports * 0x023773c8, unsigned int 23394000, unsigned int 4294967295, const unsigned char * 0x00000000) line 973 nsStreamLoader::OnStopRequest(nsStreamLoader * const 0x028b182c, nsIRequest * 0x023a0400, nsISupports * 0x023773c8, unsigned int 0) line 137 nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x0253ee40, nsIRequest * 0x023a0400, nsISupports * 0x023773c8, unsigned int 0) line 65 + 21 bytes nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x00000000, nsIRequest * 0x023d30e0, nsISupports * 0x00000000, unsigned int 0) line 3802 nsInputStreamPump::OnStateStop(nsInputStreamPump * const 0x0253e19c) line 507 nsInputStreamPump::OnInputStreamReady(nsInputStreamPump * const 0x023d30e4, nsIAsyncInputStream * 0x0228c878) line 344 nsOutputStreamReadyEvent::EventHandler(PLEvent * 0x027567cc) line 119 PL_HandleEvent(PLEvent * 0x027567cc) line 699 PL_ProcessPendingEvents(PLEventQueue * 0x0084b690) line 633 + 6 bytes _md_EventReceiverProc(HWND__ * 0x77d48808, unsigned int 0, unsigned int 1244720, long 2010417573) line 1436 USER32! 77d70494() USER32! 77d70494() GKWIDGET! 01374d11() MOZILLA! 004073b0() while (n > m) { lrc = lrs->topChunk; JS_ASSERT(lrc != &lrs->firstChunk); lrs->topChunk = lrc->down; => JS_free(cx, lrc); --n; }
|
Reporter | |
Comment 1•20 years ago
|
||
Oops, I accidentally copied my local server urls. The correct (public) urls are: http://bclary.com/2004/10/03/js-tests/menu.html http://bclary.com/2004/10/03/js-tests.zip http://bclary.com/2004/10/03/results/
|
||
Updated•20 years ago
|
Severity: normal → critical
|
||
Comment 2•20 years ago
|
||
Didn't I fix this with this checkin: revision 3.57 date: 2005/03/29 01:40:30; author: brendan%mozilla.org; state: Exp; lines: +1 -1 - Fix longstanding goof in js_PushLocalRoot, where m (n % local-root-chunk) was returned rather than n (the index of lrs->scopeMark). I'm mortified. /be
|
|
Reporter | |
Comment 3•20 years ago
|
||
I still crash but not with this stack. We can either morph this for the other crashes or resolve it wfm. ?
|
|
||
Comment 4•20 years ago
|
||
New bug, please. This bug was definitely fixed, you can prove it in the js shell. Also, any hope of a reduced xpcshell or js shell test? /be
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 5•20 years ago
|
||
(In reply to comment #4) > New bug, please. This bug was definitely fixed, you can prove it in the js shell. IIRC, the e4x suite passed without crashes when I found this one. Filed bug 290020 on the other crasher. > > Also, any hope of a reduced xpcshell or js shell test? There is always hope, misguided, but hope none the less. :-) I'll try.
Status: RESOLVED → VERIFIED
|
|
Reporter | |
Updated•19 years ago
|
Flags: testcase-
You need to log in
before you can comment on or make changes to this bug.
Description
•