Closed Bug 309695 Opened 19 years ago Closed 19 years ago

Crash visiting msdn.microsoft.com [@ js_FreeAtomMap]

Categories

(Core :: JavaScript Engine, defect, P1)

defect

Tracking

()

VERIFIED FIXED
mozilla1.8beta5

People

(Reporter: Biesinger, Assigned: brendan)

References

()

Details

(Keywords: fixed1.8, js1.6)

Attachments

(3 files)

I crash visiting the above url, top stack frames: #0 0x006c170d in js_FreeAtomMap (cx=0x94ff0d8, map=0x10) at ../../../../mozilla/js/src/jsatom.c:972 #1 0x007485c6 in js_DestroyScript (cx=0x94ff0d8, script=0x0) at ../../../../mozilla/js/src/jsscript.c:1328 #2 0x006e6739 in fun_finalize (cx=0x94ff0d8, obj=0x93dfe80) at ../../../../mozilla/js/src/jsfun.c:1108 #3 0x00718393 in js_FinalizeObject (cx=0x94ff0d8, obj=0x93dfe80) at ../../../../mozilla/js/src/jsobj.c:2086 #4 0x006ec7c0 in js_GC (cx=0x94ff0d8, gcflags=0) at ../../../../mozilla/js/src/jsgc.c:1839 Line: 0x006c170d in js_FreeAtomMap (cx=0x94ff0d8, map=0x10) at ../../../../mozilla/js/src/jsatom.c:972 972 if (map->vector) {
oh, I should mention... linux, trunk, seamonkey, gtk2, checkout finish: Do Sep 22 14:18:32 CEST 2005
fun has ->interpreted as true, u.script as NULL, and the atom is for "BrowserData". Just to record that (the interpreted && !script combination is especially interesting to me).
Note that the patch for bug 308085 can cause us to set fun->interpreted earlier (I'm not sure if that's a problem, though).
Status: UNCONFIRMED → NEW
Ever confirmed: true
Fix coming right away, sorry for this regression from 308085. Looks like BrowserData is a function somewhere on MSDN with invalid syntax. Can someone find and post it? /be
Assignee: general → brendan
Depends on: 308085
Flags: blocking1.8b5+
Keywords: js1.6
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.8beta5
Attached patch the obvious fixSplinter Review
The fix for bug 308085 got approval earlier today (baking results in this bug were racing that approval) anad it is about to land, with this fix included, on the 1.8 branch. /be
Attachment #197149 - Flags: review+
Attachment #197149 - Flags: approval1.8b5+
Fixed on trunk and branch. /be
Status: NEW → RESOLVED
Closed: 19 years ago
Keywords: fixed1.8
Resolution: --- → FIXED
Blocks: 308085
No longer depends on: 308085
Comment on attachment 197149 [details] [diff] [review] the obvious fix r=mrbkap
Attachment #197149 - Flags: review+
Ah, that's why I couldn't find the interpreted-set that was causing this; the tree I was looking at didn't have 308085 in it. Thanks!
*** Bug 309792 has been marked as a duplicate of this bug. ***
Filed bug 309840 on the fact that our js engine thinks the BrowserData function is invalid.
(In reply to comment #13) > Filed bug 309840 on the fact that our js engine thinks the BrowserData function > is invalid. Which fact is due to our js engine following ECMA-262 Edition 3. Yeah, yeah -- "real world web standards" (of which I am a proponent) may trump that paper spec. Bob's spidering will help tell what trumps what. /be
Verified FIXED using build 2005-09-24-05 SeaMonkey on Windows XP.
Status: RESOLVED → VERIFIED
*** Bug 310161 has been marked as a duplicate of this bug. ***
Flags: testcase-
Flags: testcase- → testcase?
When keying in Microsoft's Feedback page, <http://feedback.msn.com/eform.aspx?productkey=hotmail&locale=en-us> Seamonkey becomes less and less responsive.. like there's a serious conflict there... and it seems that Seamonkey must be uninstalled and re-installed to eliminate what that page messed up in SeaMonkey...
Flags: in-testsuite? → in-testsuite-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: