Closed
Bug 310607
Opened 19 years ago
Closed 19 years ago
crash when iterating over Object.prototype, use eval in the loop, have parameter prototype
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: daniel, Unassigned)
Details
(Keywords: crash)
Attachments
(1 file)
|
402 bytes,
text/html
|
Details |
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
var f = new Foo();
f.go("bar");
function Foo() {
this.go = function(prototype) {
alert("Start");
for(var i in Object.prototype) {
alert("Here");
eval("5+4");
}
alert("End");
};
}
This script causes firefox to crash every time. When run, "Start" and "End"
are alerted ("Here" is never reached -- nor the eval clause!). Remove the
eval or change the paramater to say 'p' and the problem is resolved.
Reproducible: Always
Steps to Reproduce:
1.run the script
2.
3.
Actual Results:
Browser crashes.
Expected Results:
alerted "Start" and "End" and continued on its merry way.
|
||
Comment 1•19 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20050930 Firefox/1.4 ID:2005093004 Crashes in 1.0.7 but not in trunk and branch builds.
|
||
Comment 2•19 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b5) Gecko/20050930 Firefox/1.4 ID:2005093008 WFM
Assignee: nobody → aaronleventhal
Component: General → Keyboard: Find as you Type
Keywords: crash
Product: Firefox → Core
QA Contact: general → keyboard.fayt
Version: unspecified → 1.7 Branch
Assignee: aaronleventhal → general
Component: Keyboard: Find as you Type → JavaScript Engine
QA Contact: keyboard.fayt → general
|
||
Comment 3•19 years ago
|
||
Checking in regress-310607.js;
/cvsroot/mozilla/js/tests/js1_5/Regress/regress-310607.js,v <-- regress-310607.js
initial revision: 1.1
done
No crash in 1.5 or 1.6, but does crash in 1.0.7
Assertion failure: obj && prop, at c:/work/mozilla/builds/ff/1.0.x/mozilla/js/src/jsfun.c:747
they are both 0x0
NTDLL! 7c901230()
call_enumerate(JSContext * 0x04b2d998, JSObject * 0x00000000) line 747 + 34 bytes
js_PutCallObject(JSContext * 0x04b2d998, JSStackFrame * 0x0012e48c) line 574 + 13 bytes
js_Invoke(JSContext * 0x04b2d998, unsigned int 0x00000001, unsigned int 0x00000000) line 988 + 16 bytes
js_Interpret(JSContext * 0x04b2d998, long * 0x0012ed30) line 2998 + 15 bytes
js_Execute(JSContext * 0x04b2d998, JSObject * 0x04b298d8, JSScript * 0x04c58450, JSStackFrame * 0x00000000, unsigned int 0x00000000, long * 0x0012ee48) line 1173 + 13 bytes
JS_EvaluateUCScriptForPrincipals(JSContext * 0x04b2d998, JSObject * 0x04b298d8, JSPrincipals * 0x04bee788, const unsigned short * 0x04c56ae0, unsigned int 0x00000914, const char * 0x04c1a708, unsigned int 0x00000001, long * 0x0012ee48) line 3649 + 25 bytes
nsJSContext::EvaluateString(const nsAString & {...}, void * 0x04b298d8, nsIPrincipal * 0x04bee780, const char * 0x04c1a708, unsigned int 0x00000001, const char * 0x100ba430, nsAString & {...}, int * 0x0012ee94) line 946 + 67 bytes
nsScriptLoader::EvaluateScript(nsScriptLoadRequest * 0x04c18428, const nsString & {...}) line 668
nsScriptLoader::ProcessRequest(nsScriptLoadRequest * 0x04c18428) line 581 + 22 bytes
nsScriptLoader::OnStreamComplete(nsScriptLoader * const 0x04bee5ec, nsIStreamLoader * 0x04c1f410, nsISupports * 0x04c18428, unsigned int 0x00000000, unsigned int 0xffffffff, const char * 0x04c27d05) line 905
nsStreamLoader::OnStopRequest(nsStreamLoader * const 0x04c1f414, nsIRequest * 0x04c1dd78, nsISupports * 0x04c18428, unsigned int 0x00000000) line 144
nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x04bf7d48, nsIRequest * 0x04c1dd78, nsISupports * 0x04c18428, unsigned int 0x00000000) line 66
nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x04c1dd80, nsIRequest * 0x04c23248, nsISupports * 0x00000000, unsigned int 0x00000000) line 3739
nsInputStreamPump::OnStateStop() line 499
nsInputStreamPump::OnInputStreamReady(nsInputStreamPump * const 0x04c2324c, nsIAsyncInputStream * 0x04c030ac) line 339 + 11 bytes
nsInputStreamReadyEvent::EventHandler(PLEvent * 0x04c23374) line 119
PL_HandleEvent(PLEvent * 0x04c23374) line 673 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00efb998) line 608 + 9 bytes
nsEventQueueImpl::ProcessPendingEvents(nsEventQueueImpl * const 0x00efb8d0) line 398 + 12 bytes
nsWindow::DispatchPendingEvents() line 3678
nsWindow::ProcessMessage(unsigned int 0x00000200, unsigned int 0x00000000, long 0x00b9012c, long * 0x0012f784) line 4030
nsWindow::WindowProc(HWND__ * 0x000603be, unsigned int 0x00000200, unsigned int 0x00000000, long 0x00b9012c) line 1349 + 27 bytes
USER32! 77d48734()
USER32! 77d48816()
USER32! 77d489cd()
USER32! 77d48a10()
nsAppShell::Run(nsAppShell * const 0x02dcc0c0) line 135
nsAppShellService::Run(nsAppShellService * const 0x02dcc000) line 495
xre_main(int 0x00000004, char * * 0x003e6ce8, const nsXREAppData * 0x0041e01c kAppData) line 1907 + 35 bytes
main(int 0x00000004, char * * 0x003e6ce8) line 58 + 18 bytes
mainCRTStartup() line 338 + 17 bytes
marking WONTFIX unless this has other ramifications than just a crash.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Flags: testcase+
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•