Closed
Bug 351122
Opened 17 years ago
Closed 17 years ago
Repeated crashes [@ block_getProperty]
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla1.8.1
People
(Reporter: sciguyryan, Assigned: brendan)
References
Details
(Keywords: crash, fixed1.8.1)
Crash Data
Attachments
(2 files)
|
805 bytes,
patch
|
Details | Diff | Splinter Review | |
|
961 bytes,
patch
|
brendan
:
review+
dbaron
:
approval1.8.1+
|
Details | Diff | Splinter Review |
This has been happening a lot in recent builds - normally something associated with Gmail but I can't work out exactly what. TB22779112W, TB22778371Z,TB22783972X are all examples of this. If I find out exactly how to reproduce I'll post a reply.
|
||
Comment 1•17 years ago
|
||
This crash occurs on 1.8, too, according to Talkback. Incident ID: 22783972 Stack Signature block_getProperty 1aedeef9 Product ID FirefoxTrunk Build ID 2006090104 Trigger Time 2006-09-01 13:29:09.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module js3250.dll + (0002f4d4) URL visited User Comments Since Last Crash 7087 sec Total Uptime 23674 sec Trigger Reason Access violation Source File, Line No. c:\builds\tinderbox\fx-trunk-cairo\winnt_5.2_depend\mozilla\js\src\jsobj.c, line 1960 Stack Trace block_getProperty [mozilla\js\src\jsobj.c, line 1960] js_PutBlockObject [mozilla\js\src\jsobj.c, line 1935] PutBlockObjects [mozilla\js\src\jsinterp.c, line 522] js_Invoke [mozilla\js\src\jsinterp.c, line 1385]
Severity: major → critical
Keywords: crash
Summary: Repeated crashes [@js3250.dll + (0002f4d4)] → Repeated crashes [@ block_getProperty]
|
Assignee | |
Comment 2•17 years ago
|
||
Same drill as for JSOP_SETSP. The scope chain, unlike the block chain, can link to an outer function's block clone. /be
Assignee: general → brendan
Status: NEW → ASSIGNED
Attachment #236510 -
Flags: review?(mrbkap)
Attachment #236510 -
Flags: approval1.8.1?
|
|
Assignee | |
Updated•17 years ago
|
Flags: blocking1.8.1?
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.8.1
|
|
Assignee | |
Comment 3•17 years ago
|
||
What's the threshold for topcrash? Anyone who knows, please this if it is one. /be
|
||
Updated•17 years ago
|
Flags: blocking1.8.1? → blocking1.8.1+
|
||
Updated•17 years ago
|
Attachment #236510 -
Flags: review?(mrbkap) → review+
|
|
Assignee | |
Comment 4•17 years ago
|
||
Fixed on trunk. /be
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
||
Comment 5•17 years ago
|
||
jay, comment 3? someone found this with Jesse's fuzzer but didn't file it.
Flags: in-testsuite-
|
|
Assignee | |
Updated•17 years ago
|
Attachment #236510 -
Flags: review+
Attachment #236510 -
Flags: approval1.8.1?
|
|
Assignee | |
Comment 6•17 years ago
|
||
This is the combination of the incorrect "fix" patch from this bug, and the followup patch in bug 351204. /be
Attachment #236591 -
Flags: review+
Attachment #236591 -
Flags: approval1.8.1?
|
||
Comment 7•17 years ago
|
||
Comment on attachment 236591 [details] [diff] [review] 1.8 branch roll-up patch a=dbaron. Please land on the MOZILLA_1_8_BRANCH and add the fixed1.8.1 keyword once you have done so.
Attachment #236591 -
Flags: approval1.8.1? → approval1.8.1+
|
Reporter | |
Comment 9•17 years ago
|
||
I know this has been marked as fixed but even on todays builds I'm still getting this crash when opening a link from G-Mail and then closing the G-Mail tab: TB22848559Q, TB22849793Z are both from todays builds. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060903 Minefield/3.0a1 - Build ID: 2006090304
|
|
Assignee | |
Comment 10•17 years ago
|
||
(In reply to comment #9) > I know this has been marked as fixed but even on todays builds I'm still > getting this crash when opening a link from G-Mail and then closing the G-Mail > tab: > > TB22848559Q, TB22849793Z are both from todays builds. The followup patch (bug 351204) went in after midnight Pacific -- was it in this build, for sure? /be
|
|
Reporter | |
Comment 11•17 years ago
|
||
(In reply to comment #10) > The followup patch (bug 351204) went in after midnight Pacific -- was it in > this build, for sure? > > /be > Just download the latest hourly build: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060904 Minefield/3.0a1 - Build ID: 2006090401 And I can still reproduce the crash. On investigation though its in the same cases but now its crashing @AllocSlots. TB22871716G, TB22871792H This is normally reproduced by middle clicking a Bugzilla link in G-Mail, closing the G-mail tab before the Bugzilla page has finished loading. Not even shure if this is the same bug.
|
|
Assignee | |
Comment 12•17 years ago
|
||
Ryan, please file a new bug. Those stacks look very bogus. Maybe dbaron or jay can comment here, or in the new bug if you file it before they read this. /be
|
|
Reporter | |
Comment 13•17 years ago
|
||
(In reply to comment #12) > Ryan, please file a new bug. Those stacks look very bogus. Maybe dbaron or > jay can comment here, or in the new bug if you file it before they read this. > > /be > Done, reported as bug 351329.
|
||
Updated•13 years ago
|
Crash Signature: [@ block_getProperty]
| Comment hidden (spam) |
| Comment hidden (spam) |
| Comment hidden (spam) |
You need to log in
before you can comment on or make changes to this bug.
Description
•