34425 - javascript assert failure

Status: RESOLVED FIXED

(Core :: JavaScript Engine, defect, P3)

Description

[Hugh Kennedy]

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; N; SunOS 5.6 sun4u; en-US) Mozilla/m14
BuildID: 2000030317

visiting dave titus' site, and clicking on the "mozilla" key
causes M14 to die with a javascript assertion failure on Solaris 2.6
and WinNT4 sp5.

..this is especially sad in view of who dave is :-\

Reproducible: Always
Steps to Reproduce:
1. go to http://www.davetitus.com/
2. click on "Mozilla" key image
3. watch mozilla die


Actual Results: Mozilla dies and says:

Assertion failure: reportp, at jsexn.c:549
Abort


Expected Results: In NN 4.x, the key images do a rollover behavior, changing color,
and clicking on the "mozilla" key image loads Dave's Mozilla page.


Assertion failure: reportp, at jsexn.c:549
Abort



(gdb) bt
#0  0xeeef4c38 in __sigprocmask ()
#1  0xeeeeb9ac in _resetsig ()
#2  0xeeeeb0f4 in _sigon ()
#3  0xeeeedf48 in _thrp_kill ()
#4  0xeee3a5d0 in abort ()
#5  0xef6b0f54 in JS_Assert (s=0xef6b8a88 "reportp", file=0xef6b88f8 "jsexn.c",
ln=549) at jsutil.c:146
#6  0xef647598 in js_ErrorToException (cx=0x21e108, message=0x6bff88 "illegal
character '(' ('\\50') in window name _parent()", reportp=0x0) at jsexn.c:549
#7  0xef628908 in ReportError (cx=0x21e108, message=0x6bff88 "illegal character
'(' ('\\50') in window name _parent()", reportp=0x0) at jscntxt.c:260
#8  0xef628adc in js_ReportErrorVA (cx=0x21e108, flags=0, format=0xef23dff0
"illegal character '%c' ('\\%o') in window name %s", ap=0xefffd4a4) at jscntxt.c:309
#9  0xef61fb58 in JS_ReportError (cx=0x21e108, format=0xef23dff0 "illegal
character '%c' ('\\%o') in window name %s") at jsapi.c:2970
#10 0xef10eb88 in GlobalWindowImpl::CheckWindowName (this=0x21e040, cx=0x21e108,
aName=@0xefffd7d0) at nsGlobalWindow.cpp:2755
#11 0xef10bea0 in GlobalWindowImpl::OpenInternal (this=0x21e040, cx=0x21e108,
argv=0x6d7e40, argc=4, aDialog=1, aReturn=0xefffdb40) at nsGlobalWindow.cpp:2345
#12 0xef106da4 in GlobalWindowImpl::OpenDialog (this=0x21e040, cx=0x21e108,
argv=0x6d7e40, argc=4, aReturn=0xefffdb40) at nsGlobalWindow.cpp:1536
#13 0xec5d7100 in nsBrowserContentHandler::HandleContent (this=0x865200,
aContentType=0xa3bb90 "text/html", aCommand=0xed6dbdc8 "view",
aWindowTarget=0xa231e8 "_parent()", aChannel=0x70e108) at nsBrowserInstance.cpp:2629
#14 0xed6d3160 in nsURILoader::DispatchContent (this=0x1b5888,
aContentType=0xa3bb90 "text/html", aCommand=2, aWindowTarget=0xa231e8
"_parent()", aChannel=0x70e108, aCtxt=0x0, aContentListener=0x0,
aContentTypeToUse=0xefffde70, aContentListenerToUse=0xefffde68,
aAbortProcess=0xefffde64) at nsURILoader.cpp:757
#15 0xed6d070c in nsDocumentOpenInfo::DispatchContent (this=0x644f20,
aChannel=0x70e108, aCtxt=0x0) at nsURILoader.cpp:303
#16 0xed6d02d8 in nsDocumentOpenInfo::OnStartRequest (this=0x644f20,
aChannel=0x70e108, aCtxt=0x0) at nsURILoader.cpp:248
#17 0xebe4b930 in InterceptStreamListener::OnStartRequest (this=0x946788,
channel=0x70e108, ctxt=0x0) at nsCachedNetData.cpp:1100
#18 0xebf79c10 in nsHTTPResponseListener::FinishedResponseHeaders
(this=0xad8998) at nsHTTPResponseListener.cpp:522
#19 0xebf78b50 in nsHTTPResponseListener::OnDataAvailable (this=0xad8998,
channel=0x868fa4, context=0x70e108, i_pStream=0x979218, i_SourceOffset=0,
i_Length=472) at nsHTTPResponseListener.cpp:163
#20 0xee24014c in nsOnDataAvailableEvent::HandleEvent (this=0x91a398) at
nsAsyncStreamListener.cpp:373
#21 0xee23ef50 in nsStreamListenerEvent::HandlePLEvent (aEvent=0xa73820) at
nsAsyncStreamListener.cpp:97
#22 0xef5658c0 in PL_HandleEvent (self=0xa73820) at plevent.c:526
#23 0xef565740 in PL_ProcessPendingEvents (self=0x11ba28) at plevent.c:487
#24 0xef567e28 in nsEventQueueImpl::ProcessPendingEvents (this=0x119ae0) at
nsEventQueue.cpp:298
#25 0xedfccd34 in event_processor_callback (data=0x119ae0, source=6,
condition=GDK_INPUT_READ) at nsAppShell.cpp:141
#26 0xedfcc7e8 in our_gdk_io_invoke (source=0x219538, condition=G_IO_IN,
data=0x1759a0) at nsAppShell.cpp:54
#27 0xedcf5a00 in g_io_unix_dispatch (source_data=0x21af40,
current_time=0xefffe6d8, user_data=0x1759a0) at giounix.c:135
#28 0xedcf76d4 in g_main_dispatch (current_time=0xefffe6d8) at gmain.c:656
#29 0xedcf7f60 in g_main_iterate (block=-305017700, dispatch=1) at gmain.c:874
#30 0xedcf8174 in g_main_run (loop=0x2a1388) at gmain.c:932
#31 0xede495c4 in gtk_main () at gtkmain.c:476
#32 0xedfcd5c4 in nsAppShell::Run (this=0x140da0) at nsAppShell.cpp:304
#33 0xee346db0 in nsAppShellService::Run (this=0x11b928) at
nsAppShellService.cpp:399
#34 0x1cfbc in main1 (argc=1, argv=0xefffebdc, splashScreen=0x0) at
nsAppRunner.cpp:651
#35 0x1d800 in main (argc=1, argv=0xefffebdc) at nsAppRunner.cpp:770
(gdb)

Comment 1

[Hugh Kennedy]

that's the solaris stack trace, btw.
no debuging info on WinNT...

Comment 2

[Richard Zach]

I die too on Linux build 2000.04.08.08.

Comment 3

[rogerl (gone)]

The error report pointer is NULL because there is no frame for the error. 
However errorToException requires an errorNumber, and it's wanting to look in 
the report for that. Either we should pass in the report (error number 0?), or 
allow errorToException to handle a null pointer and generate some kind of 
sensible exception.

Comment 4

[Mike McCabe]

Taking bugs off Roger's plate

Comment 5

[Mike McCabe]

Looks like this has been worked around in the calling code
(nsGlobalWindow.cpp:3311).  Which also refers to 32898.

I think we still need the changes that Roger suggests for robustness, though.

Marking js1.5, nsbeta3.

A good API testcase just came in on jseng; attaching.

Comment 6

[Mike McCabe]

Attachment: C snippet that demonstrates problem using js API.

Comment 7

[Mike McCabe]

Attachment: always create an error report, even if empty.

Comment 8

[Patrick C. Beard]

Patch looks fine, this will prevent an assertion or crash. Marking nsbeta3+.

Comment 9

[Mike McCabe]

Fix checked in.

Comment 10

[Klaus Ziegler]

*** Bug 65226 has been marked as a duplicate of this bug. ***