Closed
Bug 305883
Opened 19 years ago
Closed 19 years ago
E4X: Spidermonkey shell crashes on empty XMLList intializer
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: bc, Assigned: mrbkap)
Details
(Keywords: crash, regression, verified1.8)
Attachments
(1 file)
|
2.01 KB,
patch
|
brendan
:
review+
brendan
:
approval1.8b4+
|
Details | Diff | Splinter Review |
Stack Signature js_EmitTree() 4033d327 I've forked this bug from bug 290499 since the platform is different. Let me know if that is ok, or if I should reopen such bugs. The probably occurs on the trunk, but I haven't set up parallel branch and trunk tests yet. Email Address mozqa@mozilla.com Product ID Firefox15 Build ID 2005082405 Trigger Time 2005-08-25 01:32:44.0 Platform LinuxIntel Operating System Linux 2.6.9-11.ELsmp Module libmozjs.so + (0002ef0b) URL visited e4x/Regress/regress-290499.js User Comments Since Last Crash 0 sec Total Uptime 1 sec Trigger Reason SIGSEGV: Segmentation Fault: (signal 11) Source File, Line No. /builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsemit.c, line 4712 Stack Trace js_EmitTree() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsemit.c, line 4712] js_EmitTree() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsemit.c, line 3797] Statements() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsparse.c, line 2107] js_CompileTokenStream() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsparse.c, line 469] CompileTokenStream() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsapi.c, line 3345] JS_CompileUCScriptForPrincipals() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsapi.c, line 3428] JS_EvaluateUCScriptForPrincipals() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/js/src/jsapi.c, line 3859] nsJSContext::EvaluateString() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp, line 146] nsScriptLoader::EvaluateScript() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/content/base/src/nsScriptLoader.cpp, line 704] nsScriptLoader::ProcessRequest() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/content/base/src/nsScriptLoader.cpp, line 659] nsScriptLoader::OnStreamComplete() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/content/base/src/nsScriptLoader.cpp, line 1020] nsStreamLoader::OnStopRequest() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/netwerk/base/src/nsStreamLoader.cpp, line 712] nsStreamListenerTee::OnStopRequest() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/netwerk/base/src/nsStreamListenerTee.cpp, line 66] nsHttpChannel::OnStopRequest() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp, line 1149] nsInputStreamPump::OnStateStop() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/netwerk/base/src/nsInputStreamPump.cpp, line 1149] nsInputStreamPump::OnInputStreamReady() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/netwerk/base/src/nsInputStreamPump.cpp, line 343] nsInputStreamReadyEvent::EventHandler() PL_HandleEvent() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/xpcom/threads/plevent.c, line 689] PL_ProcessPendingEvents() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/xpcom/threads/plevent.c, line 623] nsEventQueueImpl::ProcessPendingEvents() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/xpcom/threads/nsEventQueue.cpp, line 423] event_processor_callback() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/widget/src/gtk2/nsAppShell.cpp, line 67] libglib-2.0.so.0 + 0x47907 (0x0066f907) libglib-2.0.so.0 + 0x2374b (0x0064b74b) libglib-2.0.so.0 + 0x251d2 (0x0064d1d2) libglib-2.0.so.0 + 0x2547f (0x0064d47f) libgtk-x11-2.0.so.0 + 0x10a6a7 (0x040df6a7) nsAppShell::Run() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/widget/src/gtk2/nsAppShell.cpp, line 141] nsAppStartup::Run() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 146] XRE_main() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/toolkit/xre/nsAppRunner.cpp, line 2324] main() [/builds/tinderbox/Fx-Mozilla1.8/Linux_2.4.21-27.0.4.ELsmp_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 62] libc.so.6 + 0x14e23 (0x00b13e23)
|
Assignee | |
Comment 1•19 years ago
|
||
I'm not sure that the actual crash fix (jsemit.c) is the cleanest way to fix this bug. We do need to emit JSOP_STARTXML, though.
|
|
Assignee | |
Comment 2•19 years ago
|
||
I'd hate to ship with this regerssion.
Flags: blocking1.8b4?
Keywords: regression
|
||
Comment 3•19 years ago
|
||
Comment on attachment 193902 [details] [diff] [review] fix the decompiler, too r+a=me, I'll plus the bug too, this is a straight fix for a recent regression. /be
Attachment #193902 -
Flags: review?(brendan)
Attachment #193902 -
Flags: review+
Attachment #193902 -
Flags: approval1.8b4+
|
||
Updated•19 years ago
|
Flags: blocking1.8b4? → blocking1.8b4+
|
||
Comment 5•19 years ago
|
||
Bob, can you verify through the test automation that this crash is gone after the checkin? If so, please resolve this verified and add the verified1.8 keyword. Thanks.
|
Reporter | |
Comment 6•19 years ago
|
||
no longer crashes with MozillaOrgFirefox15LinuxIntel2005090105
Status: RESOLVED → VERIFIED
Keywords: fixed1.8 → verified1.8
|
|
Reporter | |
Updated•19 years ago
|
Flags: testcase+
You need to log in
before you can comment on or make changes to this bug.
Description
•