Closed
Bug 342790
Opened 19 years ago
Closed 18 years ago
Crash in js1_5/extensions/regress-336409-[12].js
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: bc, Unassigned)
References
Details
(Keywords: crash, regression)
per request from jay, this is forked from bug 336409 for crashes on 1.8.0.5 and trunk at least.
------- Comment #23 From Bob Clary 2006-06-26 13:24 PDT [reply] -------
I am getting intermittent crashes in 1.5.0.5/all platforms, I doubt it is the
same bug but I can't verify the fix.
On WinXp I get varying stacks:
> xpcom_core.dll!TimerThread::Run() Line 252 + 0x3 bytes C++
xpcom_core.dll!nsThread::Main(void * arg=0x013ff970) Line 118 + 0x1a
bytes C++
nspr4.dll!_PR_NativeRunThread(void * arg=0x013fe430) Line 436 + 0xd
bytes
[Frames below may be incorrect and/or missing, no symbols loaded for
nspr4.dll]
nspr4.dll!pr_root(void * arg=0x013fe430) Line 112 + 0xd bytes
MSVCRTD.DLL!_threadstartex(void * ptd=0x013fe660) Line 212 + 0xd bytes
C
kernel32.dll!_BaseThreadStart@8() + 0x37 bytes
and
> js3250.dll!QuoteString(Sprinter * sp=0x0012e998, JSString * str=0x02b45df8, unsigned short quote=0x0022) Line 459 + 0x8 bytes C
js3250.dll!js_QuoteString(JSContext * cx=0x03111c98, JSString *
str=0x02b45df8, unsigned short quote=0x0022) Line 497 + 0x12 bytes C
js3250.dll!js_ValueToSource(JSContext * cx=0x03111c98, long
v=0x02b45dfc) Line 2792 + 0x12 bytes C
js3250.dll!js_obj_toSource(JSContext * cx=0x03111c98, JSObject *
obj=0x02b45ea0, unsigned int argc=0x00000000, long * argv=0x033bde10, long *
rval=0x0012eb80) Line 898 + 0x13 bytes C
js3250.dll!js_Invoke(JSContext * cx=0x03111c98, unsigned int
argc=0x00000000, unsigned int flags=0x00000000) Line 1188 + 0x17 bytes C
js3250.dll!js_Interpret(JSContext * cx=0x03111c98, unsigned char *
pc=0x033d6676, long * result=0x0012f5e0) Line 3583 + 0xf bytes C
js3250.dll!js_Execute(JSContext * cx=0x03111c98, JSObject *
chain=0x02b16e70, JSScript * script=0x033d6548, JSStackFrame * down=0x00000000,
unsigned int flags=0x00000000, long * result=0x0012f6e8) Line 1434 + 0x13
bytes C
js3250.dll!JS_EvaluateUCScriptForPrincipals(JSContext * cx=0x03111c98,
JSObject * obj=0x02b16e70, JSPrincipals * principals=0x0100d2b4, const unsigned
short * chars=0x033b9ad8, unsigned int length=0x000009d6, const char *
filename=0x033cce58, unsigned int lineno=0x00000001, long * rval=0x0012f6e8)
Line 4122 + 0x19 bytes C
gklayout.dll!nsJSContext::EvaluateString(const nsAString_internal &
aScript={...}, void * aScopeObject=0x02b16e70, nsIPrincipal *
aPrincipal=0x0100d2b0, const char * aURL=0x033cce58, unsigned int
aLineNo=0x00000001, const char * aVersion=0x100e0844, nsAString_internal *
aRetValue=0x00000000, int * aIsUndefined=0x0012f74c) Line 1061 + 0x43 bytes
C++
gklayout.dll!nsScriptLoader::EvaluateScript(nsScriptLoadRequest *
aRequest=0x033cd998, const nsString & aScript={...}) Line 774 C++
gklayout.dll!nsScriptLoader::ProcessRequest(nsScriptLoadRequest *
aRequest=0x033cd998) Line 672 + 0x16 bytes C++
gklayout.dll!nsScriptLoader::OnStreamComplete(nsIStreamLoader *
aLoader=0x033b3720, nsISupports * aContext=0x033cd998, unsigned int
aStatus=0x00000000, unsigned int stringLen=0x000009d6, const unsigned char *
string=0x033cf4e8) Line 1039 C++
necko.dll!nsStreamLoader::OnStopRequest(nsIRequest *
request=0x033ccf28, nsISupports * ctxt=0x033cd998, unsigned int
aStatus=0x00000000) Line 137 C++
necko.dll!nsStreamListenerTee::OnStopRequest(nsIRequest *
request=0x033ccf28, nsISupports * context=0x033cd998, unsigned int
status=0x00000000) Line 66 C++
necko.dll!nsHttpChannel::OnStopRequest(nsIRequest * request=0x033cf388,
nsISupports * ctxt=0x00000000, unsigned int status=0x00000000) Line 4053
C++
necko.dll!nsInputStreamPump::OnStateStop() Line 507 C++
necko.dll!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream *
stream=0x033c5680) Line 343 + 0xb bytes C++
xpcom_core.dll!nsInputStreamReadyEvent::EventHandler(PLEvent *
plevent=0x033cf47c) Line 120 C++
xpcom_core.dll!PL_HandleEvent(PLEvent * self=0x033cf47c) Line 688 +
0xa bytes C
xpcom_core.dll!PL_ProcessPendingEvents(PLEventQueue * self=0x00f92368)
Line 623 + 0x9 bytes C
xpcom_core.dll!_md_EventReceiverProc(HWND__ * hwnd=0x0045031c, unsigned
int uMsg=0x0000c143, unsigned int wParam=0x00000000, long lParam=0x00f92368)
Line 1408 + 0x9 bytes C
user32.dll!77d48734()
[Frames below may be incorrect and/or missing, no symbols loaded for
user32.dll]
------- Comment #24 From Bob Clary 2006-06-26 13:31 PDT [reply] -------
comment 23 was for 1.5.0.5/browser for js1_5/Regress/regress-336409-1.js.
I also get crashes in trunk/browser on windows and mac for
js1_5/Regress/regress-336409-2.js with stacks like
ntdll.dll!_RtlAllocateHeap@12() + 0xe5a bytes
> msvcr80d.dll!_heap_alloc_base(unsigned int size=0x00000238) Line 105 + 0x28 bytes C
msvcr80d.dll!_heap_alloc_dbg(unsigned int nSize=0x00000214, int
nBlockUse=0x00000002, const char * szFileName=0x102ccf50, int nLine=0x000001b2)
Line 409 + 0x9 bytes C++
msvcr80d.dll!_nh_malloc_dbg(unsigned int nSize=0x00000214, int
nhFlag=0x00000000, int nBlockUse=0x00000002, const char *
szFileName=0x102ccf50, int nLine=0x000001b2) Line 266 + 0x15 bytes C++
msvcr80d.dll!_malloc_dbg(unsigned int nSize=0x00000214, int
nBlockUse=0x00000002, const char * szFileName=0x102ccf50, int nLine=0x000001b2)
Line 189 + 0x1b bytes C++
msvcr80d.dll!_calloc_dbg(unsigned int nNum=0x00000001, unsigned int
nSize=0x00000214, int nBlockUse=0x00000002, const char * szFileName=0x102ccf50,
int nLine=0x000001b2) Line 561 + 0x15 bytes C++
msvcr80d.dll!__CRTDLL_INIT(void * hDllHandle=0x10200000, unsigned long
dwReason=0x00000002, void * lpreserved=0x00000000) Line 434 + 0x18 bytes
C
msvcr80d.dll!_CRTDLL_INIT(void * hDllHandle=0x10200000, unsigned long
dwReason=0x00000002, void * lpreserved=0x00000000) Line 214 + 0x11 bytes C
ntdll.dll!_LdrpCallInitRoutine@16() + 0x14 bytes
ntdll.dll!_LdrpInitializeThread@4() + 0xcb bytes
ntdll.dll!__LdrpInitialize@12() + 0x78 bytes
ntdll.dll!_KiUserApcDispatcher@20() + 0x7 bytes
I can't verify on the trunk either.
|
||
Updated•19 years ago
|
Group: security
|
||
Updated•18 years ago
|
Summary: Crash injs1_5/Regress/regress-336409-[12].js → Crash in js1_5/Regress/regress-336409-[12].js
|
|
||
Updated•18 years ago
|
Assignee: general → crowder
|
|
||
Comment 1•18 years ago
|
||
I am probably not a good owner for this bug, not sure who is.
Assignee: crowder → general
|
||
Comment 2•18 years ago
|
||
Bob, is this still crashing? Also, is this browser-only?
|
Reporter | |
Comment 3•18 years ago
|
||
WFM 1.8.1, 1.9.0 Linux Debug browser|shell. Lets leave hidden until 2.0.0.5 comes out.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
Summary: Crash in js1_5/Regress/regress-336409-[12].js → Crash in js1_5/extensions/regress-336409-[12].js
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
|
||
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•