Closed
Bug 340655
Opened 18 years ago
Closed 18 years ago
crashes while browsing [@ JS_GetReservedSlot()] with google toolbar
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 340129
People
(Reporter: pieter, Unassigned)
Details
(Keywords: crash)
Crash Data
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
with firefox 1.5.0.4 I get many segmentation faults while browsing.
Starting firefox in a console, I see:
/usr/local/firefox/run-mozilla.sh: line 131: 12964 Segmentation fault "$prog" ${1+"$@"}
I experienced it on two completely different linux systems (one gentoo, one CentOS)
Reproducible: Sometimes
TB19594548E
TB19594515Z
|
||
Comment 1•18 years ago
|
||
Incident ID: 19594548
Stack Signature JS_GetReservedSlot() 89351ad7
Product ID Firefox15
Build ID 2006050817
Trigger Time 2006-06-07 03:09:03.0
Platform LinuxIntel
Operating System Linux 2.6.16-ck10
Module libmozjs.so + (00016ac3)
URL visited
User Comments
Since Last Crash 0 sec
Total Uptime 5 sec
Trigger Reason SIGSEGV: Segmentation Fault: (signal 11)
Source File, Line No. /builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsapi.c, line 3328
Stack Trace
JS_GetReservedSlot() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsapi.c, line 3328]
RewrapIfDeepWrapper() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/xpconnect/src/XPCNativeWrapper.cpp, line 298]
XPC_NW_GetOrSetProperty() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/xpconnect/src/XPCNativeWrapper.cpp, line 588]
XPC_NW_GetProperty() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/xpconnect/src/XPCNativeWrapper.cpp, line 596]
js_GetProperty() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 3001]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 472]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
MarkSharpObjects() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 481]
js_EnterSharpObject() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 540]
js_obj_toSource() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 672]
js_Invoke() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsinterp.c, line 1188]
js_InternalInvoke() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsinterp.c, line 1286]
js_TryMethod() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsobj.c, line 4075]
js_ValueToSource() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsstr.c, line 2802]
str_uneval() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsstr.c, line 477]
js_Invoke() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsinterp.c, line 1188]
js_Interpret() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsinterp.c, line 3584]
js_Invoke() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsinterp.c, line 1208]
fun_apply() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsfun.c, line 1666]
js_Invoke() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsinterp.c, line 1188]
js_Interpret() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsinterp.c, line 3584]
js_Invoke() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsinterp.c, line 1208]
js_Interpret() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsinterp.c, line 3584]
js_Invoke() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsinterp.c, line 1208]
fun_apply() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsfun.c, line 1666]
js_Invoke() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsinterp.c, line 1188]
js_Interpret() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsinterp.c, line 3584]
js_Invoke() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/jsinterp.c, line 1208]
nsXPCWrappedJSClass::CallMethod() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1373]
nsXPCWrappedJS::CallMethod() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 462]
PrepareAndDispatch() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_gcc_x86_unix.cpp, line 100]
nsTimerImpl::Fire() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/xpcom/threads/nsTimerImpl.cpp, line 398]
handleTimerEvent() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/xpcom/threads/nsTimerImpl.cpp, line 462]
PL_HandleEvent() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/xpcom/threads/plevent.c, line 689]
PL_ProcessPendingEvents() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/xpcom/threads/plevent.c, line 623]
nsEventQueueImpl::ProcessPendingEvents() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/xpcom/threads/nsEventQueue.cpp, line 421]
event_processor_callback() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/widget/src/gtk2/nsAppShell.cpp, line 67]
libglib-2.0.so.0 + 0x5921d (0x4c6c121d)
libglib-2.0.so.0 + 0x299b3 (0x4c6919b3)
libglib-2.0.so.0 + 0x2c110 (0x4c694110)
libglib-2.0.so.0 + 0x2c49a (0x4c69449a)
libgtk-x11-2.0.so.0 + 0x15b5b5 (0x4d3685b5)
nsAppShell::Run() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/widget/src/gtk2/nsAppShell.cpp, line 141]
nsAppStartup::Run() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 151]
XRE_main() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/toolkit/xre/nsAppRunner.cpp, line 2376]
main() [/builds/tinderbox/Fx-Mozilla1.8.0-Release/Linux_2.4.21-37.EL_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 62]
libc.so.6 + 0x15896 (0x4c144896)
Keywords: crash
Summary: segmentation faults while browsing → crashes while browsing [@ JS_GetReservedSlot()]
Version: unspecified → 1.5.0.x Branch
|
|
||
Comment 2•18 years ago
|
||
Does that happen in the safe mode / using a clean profile as well?
kinda interesting the js_EnterSharpObject bits, I wonder if GC hit something that should have been rooted :).
There's only one xpconnect class in play (nsXPCWrappedJSClass), so exonerating xpconnect shouldn't be hard (but I'm going to improperly skip that step).
Assignee: nobody → general
Component: General → JavaScript Engine
Product: Firefox → Core
QA Contact: general → general
Version: 1.5.0.x Branch → 1.8 Branch
|
Reporter | |
Comment 4•18 years ago
|
||
it's google's toolbar version 2.0.20060515L
Had it installed on both computers. After uninstalling all mysterious crashes went away.
Is this behaviour ok? Shouldn't firefox be able to handle bad extensions?
in short, "no" an extension is chrome and can do whatever it likes including intentionally reformatting your computer's drives (as long as you're allowed to) or crashing the browser.
but in general, "yes" most extensions aren't malicious and most things they do should not crash geckos.
Summary: crashes while browsing [@ JS_GetReservedSlot()] → crashes while browsing [@ JS_GetReservedSlot()] with google toolbar
|
||
Comment 6•18 years ago
|
||
possibly a dupe of bug 340129
|
||
Comment 7•18 years ago
|
||
Pieter, please try a Firefox 1.5.0.5 nightly build from tomorrow and see if this is still happening. <http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla1.8.0/>
|
|
Reporter | |
Comment 8•18 years ago
|
||
Bob, tnx for the fix. Installed nightly build 2006/06/17 and no crash after 4 hours of browsing with googlebar installed.
I can't say anything conclusive, but so far it's flawless.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
*** This bug has been marked as a duplicate of 340129 ***
Resolution: FIXED → DUPLICATE
|
||
Updated•13 years ago
|
Crash Signature: [@ JS_GetReservedSlot()]
You need to log in
before you can comment on or make changes to this bug.
Description
•