Closed
Bug 314887
Opened 19 years ago
Closed 19 years ago
crash if I open this site [@ js_GetGCThingFlags]
Categories
(Core :: JavaScript Engine, defect, P1)
Tracking
()
VERIFIED
FIXED
mozilla1.8rc1
People
(Reporter: nemu.asakura, Assigned: brendan)
References
()
Details
(Keywords: crash, js1.6, verified1.8)
Crash Data
Attachments
(3 files)
81 bytes,
text/javascript
|
Details | |
150 bytes,
text/html
|
Details | |
1.32 KB,
patch
|
mrbkap
:
review+
mtschrep
:
approval1.8rc2+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8) Gecko/20051102 Firefox/1.5 (tete009)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8) Gecko/20051102 Firefox/1.5 (tete009)
same as summary.
Reproducible: Always
Comment 1•19 years ago
|
||
Happens for me with trunk nightly. TB11394596Y
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051102 Firefox/1.6a1
Stack:
js_GetGCThingFlags [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 231]
js_GC [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 1801]
js_ForceGC [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/js/src/jsgc.c, line 1510]
nsAppStartup::Run [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 162]
main [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 61]
kernel32.dll + 0x16d4f (0x7c816d4f)
Assignee: nobody → general
Severity: normal → critical
Status: UNCONFIRMED → NEW
Component: General → JavaScript Engine
Ever confirmed: true
Keywords: crash
Product: Firefox → Core
QA Contact: general → general
Summary: crash if I open this site. → crash if I open this site [@ js_GetGCThingFlags]
Version: unspecified → Trunk
Comment 2•19 years ago
|
||
Assertion failure: JSVAL_IS_GCTHING(lrc->roots[m]), at c:/work/mozilla/builds/ff/trunk/mozilla/js/src/jscntxt.c:660
Stack to assert:
js_MarkLocalRoots(JSContext * 0x0411aee8, JSLocalRootStack * 0x040a86b0) line 660 + 55 bytes
js_GC(JSContext * 0x0411aee8, unsigned int 0x00000000) line 1801 + 19 bytes
js_ForceGC(JSContext * 0x0411aee8, unsigned int 0x00000000) line 1510 + 13 bytes
JS_GC(JSContext * 0x0411aee8) line 1830 + 11 bytes
nsJSContext::Notify(nsJSContext * const 0x0411ae78, nsITimer * 0x0416da88) line 2161 + 13 bytes
nsTimerImpl::Fire() line 398
nsTimerManager::FireNextIdleTimer(nsTimerManager * const 0x012c54c0) line 628
nsAppShell::Run(nsAppShell * const 0x032e6a20) line 142
nsAppStartup::Run(nsAppStartup * const 0x032e6980) line 161 + 26 bytes
XRE_main(int 0x00000003, char * * 0x003f6f48, const nsXREAppData * 0x0042101c kAppData) line 2289 + 35 bytes
main(int 0x00000003, char * * 0x003f6f48) line 61 + 18 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 7c816d4f()
+ name 0x00000000 ""
+ cx 0x0411aee8
- lrs 0x040a86b0
scopeMark 0x00000000
rootCount 0x0000009f
+ topChunk 0x040a86bc
+ firstChunk {...}
n 0x0000009e
m 0x0000009e
mark 0x00000000
+ lrc 0x040a86bc
lrc->roots[m] 0x80000001
Comment 3•19 years ago
|
||
Comment 4•19 years ago
|
||
top.htm crashed as soon as it loaded when it referenced base.js from the local file system, but when loaded from bugzilla, you need to view source after it loads.
Comment 5•19 years ago
|
||
No crash in: 1.9a1_2005102721
Crash in: 1.9a1_2005102813
Comment 6•19 years ago
|
||
(In reply to comment #5)
> No crash in: 1.9a1_2005102721
> Crash in: 1.9a1_2005102813
no crash in 1.9a1: 2005102809
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.9a1) Gecko/20051028 SeaMonkey/1.1a
crash in current nightly: TB11409480Y
Checkins:
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=SeaMonkeyAll&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2005-10-28+08%3A00&maxdate=2005-10-28+14%3A00&cvsroot=%2Fcvsroot
maybe Bug 313952:
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=SeaMonkeyAll&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2005-10-28+11%3A07&maxdate=2005-10-28+11%3A14&cvsroot=%2Fcvsroot
Assignee | ||
Comment 7•19 years ago
|
||
Big dumb inconsistency, obvious fix, safe for 1.8 and must fix -- this will be a topcrash.
/be
Attachment #201768 -
Flags: review?(mrbkap)
Attachment #201768 -
Flags: approval1.8rc2?
Assignee | ||
Updated•19 years ago
|
Assignee: general → brendan
Flags: blocking1.8rc2+
Keywords: js1.6
Priority: -- → P1
Target Milestone: --- → mozilla1.8rc1
Updated•19 years ago
|
Attachment #201768 -
Flags: review?(mrbkap) → review+
Assignee | ||
Comment 8•19 years ago
|
||
Fixed on trunk.
/be
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Comment 9•19 years ago
|
||
This probably already is a topcrash over in bug 314484. I should have caught this when I did the original review :-/
Assignee | ||
Comment 10•19 years ago
|
||
(In reply to comment #9)
> This probably already is a topcrash over in bug 314484.
Don't think so -- bug 314484 happens only on branch, and started spiking talkback on 11-oct, IIRC. The checkin that caused this bug hit the trunk on 28-oct.
/be
Updated•19 years ago
|
Attachment #201768 -
Flags: approval1.8rc2? → approval1.8rc2+
Comment 12•19 years ago
|
||
Checking in regress-314887.js;
/cvsroot/mozilla/js/tests/js1_6/Regress/regress-314887.js,v <-- regress-314887.js
initial revision: 1.1
done
Flags: testcase+
Updated•14 years ago
|
Crash Signature: [@ js_GetGCThingFlags]
You need to log in
before you can comment on or make changes to this bug.
Description
•