Closed Bug 351122 Opened 14 years ago Closed 14 years ago
Repeated crashes [@ block
This has been happening a lot in recent builds - normally something associated with Gmail but I can't work out exactly what. TB22779112W, TB22778371Z,TB22783972X are all examples of this. If I find out exactly how to reproduce I'll post a reply.
This crash occurs on 1.8, too, according to Talkback. Incident ID: 22783972 Stack Signature block_getProperty 1aedeef9 Product ID FirefoxTrunk Build ID 2006090104 Trigger Time 2006-09-01 13:29:09.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module js3250.dll + (0002f4d4) URL visited User Comments Since Last Crash 7087 sec Total Uptime 23674 sec Trigger Reason Access violation Source File, Line No. c:\builds\tinderbox\fx-trunk-cairo\winnt_5.2_depend\mozilla\js\src\jsobj.c, line 1960 Stack Trace block_getProperty [mozilla\js\src\jsobj.c, line 1960] js_PutBlockObject [mozilla\js\src\jsobj.c, line 1935] PutBlockObjects [mozilla\js\src\jsinterp.c, line 522] js_Invoke [mozilla\js\src\jsinterp.c, line 1385]
Severity: major → critical
Summary: Repeated crashes [@js3250.dll + (0002f4d4)] → Repeated crashes [@ block_getProperty]
Same drill as for JSOP_SETSP. The scope chain, unlike the block chain, can link to an outer function's block clone. /be
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.8.1
What's the threshold for topcrash? Anyone who knows, please this if it is one. /be
Attachment #236510 - Flags: review?(mrbkap) → review+
Fixed on trunk. /be
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
jay, comment 3? someone found this with Jesse's fuzzer but didn't file it.
This is the combination of the incorrect "fix" patch from this bug, and the followup patch in bug 351204. /be
Comment on attachment 236591 [details] [diff] [review] 1.8 branch roll-up patch a=dbaron. Please land on the MOZILLA_1_8_BRANCH and add the fixed1.8.1 keyword once you have done so.
Attachment #236591 - Flags: approval1.8.1? → approval1.8.1+
Roll-up patch landed on the 1.8 branch. /be
I know this has been marked as fixed but even on todays builds I'm still getting this crash when opening a link from G-Mail and then closing the G-Mail tab: TB22848559Q, TB22849793Z are both from todays builds. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060903 Minefield/3.0a1 - Build ID: 2006090304
(In reply to comment #9) > I know this has been marked as fixed but even on todays builds I'm still > getting this crash when opening a link from G-Mail and then closing the G-Mail > tab: > > TB22848559Q, TB22849793Z are both from todays builds. The followup patch (bug 351204) went in after midnight Pacific -- was it in this build, for sure? /be
(In reply to comment #10) > The followup patch (bug 351204) went in after midnight Pacific -- was it in > this build, for sure? > > /be > Just download the latest hourly build: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060904 Minefield/3.0a1 - Build ID: 2006090401 And I can still reproduce the crash. On investigation though its in the same cases but now its crashing @AllocSlots. TB22871716G, TB22871792H This is normally reproduced by middle clicking a Bugzilla link in G-Mail, closing the G-mail tab before the Bugzilla page has finished loading. Not even shure if this is the same bug.
Ryan, please file a new bug. Those stacks look very bogus. Maybe dbaron or jay can comment here, or in the new bug if you file it before they read this. /be
(In reply to comment #12) > Ryan, please file a new bug. Those stacks look very bogus. Maybe dbaron or > jay can comment here, or in the new bug if you file it before they read this. > > /be > Done, reported as bug 351329.
You need to log in before you can comment on or make changes to this bug.