Closed
Bug 343842
Opened 18 years ago
Closed 18 years ago
js1_5/Regress/regress-271716-n.js: result: CRASHED type: browser
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 335429
People
(Reporter: bc, Unassigned)
References
()
Details
(Keywords: crash, Whiteboard: [sg:dupe 335429])
Note this test will eat up to 2G of ram. You may not be able to see the crash if you don't have enough memory. Also, disable venkman to make sure you don't get caught in the infinite stack bug.
1.8.0.5 20060706 (the debug dialog looked like it tried to read uninitialized memory)
=> nsIDocShell *docShell = globalObject->GetDocShell();
+ msg {mStorage=0x0012e784 "out of memory" } nsAutoString
+ docShell 0x00000000 nsIDocShell *
+ fileName {mStorage=0x0012e824 "http://test.mozilla.com/tests/mozilla.org/js/js1_5/Regress/regress-271716-n.js寠。
" } nsAutoString
+ globalObject 0x0032002d nsIScriptGlobalObject *
+ cx 0x037b5450 {links={...} interpLevel=1 stackLimit=719252 ...} JSContext *
+ message 0x100f5d88 "out of memory" const char *
+ report 0x0012e930 {filename=0x039ed7b9 "http://test.mozilla.com/tests/mozilla.org/js/js1_5/Regress/regress-271716-n.js" lineno=50 linebuf=0x00000000 <Bad Ptr> ...} JSErrorReport *
+ error {mStorage=0x0012e8c4 "
" } nsCAutoString
status nsEventStatus_eIgnore nsEventStatus
+ context 0x037b5300 {mRefCnt={...} _mOwningThread={...} mContext=0x037b5450 ...} nsIScriptContext *
> gklayout.dll!NS_ScriptErrorReporter(JSContext * cx=0x037b5450, const char * message=0x100f5d88, JSErrorReport * report=0x0012e930) Line 198 + 0x8 bytes C++
js3250.dll!js_ReportOutOfMemory(JSContext * cx=0x037b5450, const JSErrorFormatString * (void *, const char *, const unsigned int)* callback=0x10001f19) Line 755 + 0xf bytes C
js3250.dll!JS_ReportOutOfMemory(JSContext * cx=0x037b5450) Line 4505 + 0xe bytes C
js3250.dll!JS_malloc(JSContext * cx=0x037b5450, unsigned int nbytes=88) Line 1575 + 0x9 bytes C
js3250.dll!js_NewScope(JSContext * cx=0x037b5450, long nrefs=0, JSObjectOps * ops=0x101129c0, JSClass * clasp=0x100f3a08, JSObject * obj=0x72f29d48) Line 146 + 0xb bytes C
js3250.dll!js_GetMutableScope(JSContext * cx=0x037b5450, JSObject * obj=0x72f29d48) Line 71 + 0x69 bytes C
js3250.dll!js_DefineNativeProperty(JSContext * cx=0x037b5450, JSObject * obj=0x72f29d48, long id=12047448, long value=3, int (JSContext *, JSObject *, long, long *)* getter=0x10016e50, int (JSContext *, JSObject *, long, long *)* setter=0x10016fb0, unsigned int attrs=4, unsigned int flags=0, int shortid=0, JSProperty * * propp=0x00000000) Line 2632 + 0xd bytes C
js3250.dll!js_DefineProperty(JSContext * cx=0x037b5450, JSObject * obj=0x72f29d48, long id=12047448, long value=3, int (JSContext *, JSObject *, long, long *)* getter=0x10016e50, int (JSContext *, JSObject *, long, long *)* setter=0x10016fb0, unsigned int attrs=4, JSProperty * * propp=0x00000000) Line 2536 + 0x29 bytes C
js3250.dll!InitArrayObject(JSContext * cx=0x037b5450, JSObject * obj=0x72f29d48, unsigned long length=1, long * vector=0x03a48018) Line 617 + 0x29 bytes C
js3250.dll!Array(JSContext * cx=0x037b5450, JSObject * obj=0x72f29d48, unsigned int argc=1, long * argv=0x03a48018, long * rval=0x0012eb80) Line 1862 + 0x15 bytes C
js3250.dll!js_Invoke(JSContext * cx=0x037b5450, unsigned int argc=1, unsigned int flags=1) Line 1188 + 0x17 bytes C
js3250.dll!js_Interpret(JSContext * cx=0x037b5450, unsigned char * pc=0x039ed6d8, long * result=0x0012f5e0) Line 3128 + 0xf bytes C
js3250.dll!js_Execute(JSContext * cx=0x037b5450, JSObject * chain=0x038bce60, JSScript * script=0x039ed640, JSStackFrame * down=0x00000000, unsigned int flags=0, long * result=0x0012f6e8) Line 1434 + 0x13 bytes C
js3250.dll!JS_EvaluateUCScriptForPrincipals(JSContext * cx=0x037b5450, JSObject * obj=0x038bce60, JSPrincipals * principals=0x02d681f4, const unsigned short * chars=0x039c8510, unsigned int length=2285, const char * filename=0x03a422a8, unsigned int lineno=1, long * rval=0x0012f6e8) Line 4122 + 0x19 bytes C
gklayout.dll!nsJSContext::EvaluateString(const nsAString_internal & aScript={...}, void * aScopeObject=0x038bce60, nsIPrincipal * aPrincipal=0x02d681f0, const char * aURL=0x03a422a8, unsigned int aLineNo=1, const char * aVersion=0x100e0844, nsAString_internal * aRetValue=0x00000000, int * aIsUndefined=0x0012f74c) Line 1061 + 0x43 bytes C++
gklayout.dll!nsScriptLoader::EvaluateScript(nsScriptLoadRequest * aRequest=0x03a41f90, const nsString & aScript={...}) Line 774 C++
gklayout.dll!nsScriptLoader::ProcessRequest(nsScriptLoadRequest * aRequest=0x03a41f90) Line 672 + 0x16 bytes C++
gklayout.dll!nsScriptLoader::OnStreamComplete(nsIStreamLoader * aLoader=0x03a431e0, nsISupports * aContext=0x03a41f90, unsigned int aStatus=0, unsigned int stringLen=2285, const unsigned char * string=0x03a278a8) Line 1039 C++
necko.dll!nsStreamLoader::OnStopRequest(nsIRequest * request=0x03a42378, nsISupports * ctxt=0x03a41f90, unsigned int aStatus=0) Line 137 C++
necko.dll!nsStreamListenerTee::OnStopRequest(nsIRequest * request=0x03a42378, nsISupports * context=0x03a41f90, unsigned int status=0) Line 66 C++
necko.dll!nsHttpChannel::OnStopRequest(nsIRequest * request=0x03a43e10, nsISupports * ctxt=0x00000000, unsigned int status=0) Line 4053 C++
necko.dll!nsInputStreamPump::OnStateStop() Line 507 C++
necko.dll!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream * stream=0x03a43ba0) Line 343 + 0xb bytes C++
xpcom_core.dll!nsInputStreamReadyEvent::EventHandler(PLEvent * plevent=0x03a43f04) Line 120 C++
xpcom_core.dll!PL_HandleEvent(PLEvent * self=0x03a43f04) Line 688 + 0xa bytes C
xpcom_core.dll!PL_ProcessPendingEvents(PLEventQueue * self=0x00bb4a20) Line 623 + 0x9 bytes C
xpcom_core.dll!_md_EventReceiverProc(HWND__ * hwnd=0x001f0288, unsigned int uMsg=49473, unsigned int wParam=0, long lParam=12274208) Line 1408 + 0x9 bytes C
user32.dll!77d48734()
[Frames below may be incorrect and/or missing, no symbols loaded for user32.dll]
user32.dll!77d48816()
user32.dll!77d489cd()
user32.dll!77d49402()
user32.dll!77d48a10()
gkwidget.dll!nsAppShell::Run() Line 135 C++
tkitcmps.dll!nsAppStartup::Run() Line 150 + 0x1a bytes C++
firefox.exe!XRE_main(int argc=4, char * * argv=0x00a07a18, const nsXREAppData * aAppData=0x0042201c) Line 2374 + 0x23 bytes C++
firefox.exe!main(int argc=4, char * * argv=0x00a07a18) Line 61 + 0x12 bytes C++
firefox.exe!mainCRTStartup() Line 338 + 0x11 bytes C
kernel32.dll!_BaseProcessStart@4() + 0x23 bytes
1.8.1a3 20060706 ditto except the top of the stack is
> gklayout.dll!NS_ScriptErrorReporter(JSContext * cx=0x039745f8, const char * message=0x100f4940, JSErrorReport * report=0x0012e9dc) Line 204 + 0x8 bytes C++
trunk: "Application has requested the Runtime to terminate in an unusual way...". Attaching a debugger then running the test shows crash is due to the throw in VC8's |new|.
the first stack you show is a dom crasher and is definitely a dom thing and not a js thing. any bugs about the bad alloc from new are fairly useless as they're duplicates of "reinvent the c++ allocator to behave the way we need it to behave".
|
Reporter | |
Comment 2•18 years ago
|
||
(In reply to comment #1) > the first stack you show is a dom crasher and is definitely a dom thing and not > a js thing. > good point. > any bugs about the bad alloc from new are fairly useless as they're duplicates > of "reinvent the c++ allocator to behave the way we need it to behave". > not useless if they help me keep track of this crap.
Assignee: general → general
Component: JavaScript Engine → DOM
QA Contact: general → ian
|
||
Updated•18 years ago
|
Severity: major → critical
|
|
Reporter | |
Comment 3•18 years ago
|
||
*** This bug has been marked as a duplicate of 335429 ***
Group: security
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
|
||
Updated•17 years ago
|
Whiteboard: [sg:dupe 335429]
|
|
||
Updated•16 years ago
|
Group: core-security
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•