Closed
Bug 309695
Opened 19 years ago
Closed 19 years ago
Crash visiting msdn.microsoft.com [@ js_FreeAtomMap]
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
mozilla1.8beta5
People
(Reporter: Biesinger, Assigned: brendan)
References
()
Details
(Keywords: fixed1.8, js1.6)
Attachments
(3 files)
11.55 KB,
text/plain
|
Details | |
42.36 KB,
text/plain
|
Details | |
801 bytes,
patch
|
brendan
:
review+
mrbkap
:
review+
brendan
:
approval1.8b5+
|
Details | Diff | Splinter Review |
I crash visiting the above url, top stack frames:
#0 0x006c170d in js_FreeAtomMap (cx=0x94ff0d8, map=0x10) at
../../../../mozilla/js/src/jsatom.c:972
#1 0x007485c6 in js_DestroyScript (cx=0x94ff0d8, script=0x0) at
../../../../mozilla/js/src/jsscript.c:1328
#2 0x006e6739 in fun_finalize (cx=0x94ff0d8, obj=0x93dfe80) at
../../../../mozilla/js/src/jsfun.c:1108
#3 0x00718393 in js_FinalizeObject (cx=0x94ff0d8, obj=0x93dfe80) at
../../../../mozilla/js/src/jsobj.c:2086
#4 0x006ec7c0 in js_GC (cx=0x94ff0d8, gcflags=0) at
../../../../mozilla/js/src/jsgc.c:1839
Line:
0x006c170d in js_FreeAtomMap (cx=0x94ff0d8, map=0x10) at
../../../../mozilla/js/src/jsatom.c:972
972 if (map->vector) {
Reporter | ||
Comment 1•19 years ago
|
||
Reporter | ||
Comment 2•19 years ago
|
||
Reporter | ||
Comment 3•19 years ago
|
||
oh, I should mention... linux, trunk, seamonkey, gtk2, checkout finish: Do Sep
22 14:18:32 CEST 2005
Comment 4•19 years ago
|
||
fun has ->interpreted as true, u.script as NULL, and the atom is for
"BrowserData". Just to record that (the interpreted && !script combination is
especially interesting to me).
Comment 5•19 years ago
|
||
Note that the patch for bug 308085 can cause us to set fun->interpreted earlier
(I'm not sure if that's a problem, though).
Updated•19 years ago
|
OS: Linux → All
Updated•19 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 6•19 years ago
|
||
Fix coming right away, sorry for this regression from 308085.
Looks like BrowserData is a function somewhere on MSDN with invalid syntax. Can
someone find and post it?
/be
Assignee | ||
Comment 7•19 years ago
|
||
The fix for bug 308085 got approval earlier today (baking results in this bug
were racing that approval) anad it is about to land, with this fix included, on
the 1.8 branch.
/be
Attachment #197149 -
Flags: review+
Attachment #197149 -
Flags: approval1.8b5+
Assignee | ||
Comment 8•19 years ago
|
||
Fixed on trunk and branch.
/be
Assignee | ||
Updated•19 years ago
|
Comment 9•19 years ago
|
||
Comment 10•19 years ago
|
||
Comment on attachment 197149 [details] [diff] [review]
the obvious fix
r=mrbkap
Attachment #197149 -
Flags: review+
Comment 11•19 years ago
|
||
Ah, that's why I couldn't find the interpreted-set that was causing this; the
tree I was looking at didn't have 308085 in it. Thanks!
Comment 12•19 years ago
|
||
*** Bug 309792 has been marked as a duplicate of this bug. ***
Comment 13•19 years ago
|
||
Filed bug 309840 on the fact that our js engine thinks the BrowserData function
is invalid.
Assignee | ||
Comment 14•19 years ago
|
||
(In reply to comment #13)
> Filed bug 309840 on the fact that our js engine thinks the BrowserData function
> is invalid.
Which fact is due to our js engine following ECMA-262 Edition 3. Yeah, yeah --
"real world web standards" (of which I am a proponent) may trump that paper
spec. Bob's spidering will help tell what trumps what.
/be
Verified FIXED using build 2005-09-24-05 SeaMonkey on Windows XP.
Status: RESOLVED → VERIFIED
Comment 16•19 years ago
|
||
*** Bug 310161 has been marked as a duplicate of this bug. ***
Updated•19 years ago
|
Flags: testcase-
Updated•19 years ago
|
Flags: testcase- → testcase?
Comment 17•19 years ago
|
||
When keying in Microsoft's Feedback page, <http://feedback.msn.com/eform.aspx?productkey=hotmail&locale=en-us>
Seamonkey becomes less and less responsive.. like there's a serious conflict there... and it seems that Seamonkey must be uninstalled and re-installed to eliminate what that page messed up in SeaMonkey...
Updated•19 years ago
|
Flags: in-testsuite? → in-testsuite-
You need to log in
before you can comment on or make changes to this bug.
Description
•