Closed Bug 381346 Opened 19 years ago Closed 19 years ago

Assertion failure: x->cp >= (gData->cpbegin + cap->index)

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 379056

People

(Reporter: moco, Unassigned)

References

()

Details

(Keywords: assertion, testcase)

with my trunk, windows debug build I'm able to hit the following js assertion (and then we exit): Assertion failure: x->cp >= (gData->cpbegin + cap->index), at c:/builds/trunk-no -places/mozilla/js/src/jsregexp.c:2876 Steps to reproduce: 1) visit http://forums.mozillazine.org/viewtopic.php?p=2886790#2886790 2) right click on the image below "[before]" and load the link in a new tab. the link is http://img95.imageshack.us/my.php?image=aaalv4.jpg My build is: "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a5pre) Gecko/20070518 Minefield/3.0a5pre" from the debugger: filename = 0x0b9e2791 "http://srs.targetpoint.com/resources/inc/banner.js" principals = 0x04ba8554 {codebase=0x07c1fd50 "http://img95.imageshack.us/my.php?image=aaalv4.jpg" getPrincipalArray=0x01379b00 globalPrivilegesEnabled=0x01379b10 ...} here's the stack: ntdll.dll!7c901230() [Frames below may be incorrect and/or missing, no symbols loaded for ntdll.dll] js3250.dll!JS_Assert(const char * s=0x005ae470, const char * file=0x005ae43c, int ln=0x00000b3c) Line 59 C js3250.dll!ExecuteREBytecode(REGlobalData * gData=0x0012eef4, REMatchState * x=0x076dd998) Line 2876 + 0x2b bytes C js3250.dll!MatchRegExp(REGlobalData * gData=0x0012eef4, REMatchState * x=0x076dd998) Line 3269 + 0xd bytes C js3250.dll!js_ExecuteRegExp(JSContext * cx=0x08f02db8, JSRegExp * re=0x078b6f18, JSString * str=0x061c2780, unsigned int * indexp=0x0012efbc, int test=0x00000001, long * rval=0x0012f0d0) Line 3386 + 0xd bytes C js3250.dll!match_or_replace(JSContext * cx=0x08f02db8, JSObject * obj=0x061c2784, unsigned int argc=0x00000002, long * argv=0x07de66bc, int (JSContext *, long, GlobData *)* glob=0x0053f850, GlobData * data=0x0012f020, long * rval=0x0012f0d0) Line 1193 + 0x1b bytes C js3250.dll!str_replace(JSContext * cx=0x08f02db8, JSObject * obj=0x061c2784, unsigned int argc=0x00000002, long * argv=0x07de66bc, long * rval=0x0012f0d0) Line 1627 + 0x22 bytes C js3250.dll!js_Invoke(JSContext * cx=0x08f02db8, unsigned int argc=0x00000002, unsigned int flags=0x00000000) Line 1332 + 0x20 bytes C js3250.dll!js_Interpret(JSContext * cx=0x08f02db8, unsigned char * pc=0x084056dd, long * result=0x0012f6d8) Line 4025 + 0xf bytes C js3250.dll!js_Execute(JSContext * cx=0x08f02db8, JSObject * chain=0x05ea12a0, JSScript * script=0x08059c30, JSStackFrame * down=0x00000000, unsigned int flags=0x00000000, long * result=0x0012f804) Line 1591 + 0x13 bytes C > js3250.dll!JS_EvaluateUCScriptForPrincipals(JSContext * cx=0x08f02db8, JSObject * obj=0x05ea12a0, JSPrincipals * principals=0x04ba8554, const unsigned short * chars=0x07faf030, unsigned int length=0x00003683, const char * filename=0x061e1f48, unsigned int lineno=0x00000001, long * rval=0x0012f804) Line 4800 + 0x19 bytes C gklayout.dll!nsJSContext::EvaluateString(const nsAString_internal & aScript={...}, void * aScopeObject=0x05ea12a0, nsIPrincipal * aPrincipal=0x04ba8550, const char * aURL=0x061e1f48, unsigned int aLineNo=0x00000001, unsigned int aVersion=0x00000000, nsAString_internal * aRetValue=0x00000000, int * aIsUndefined=0x0012f8ec) Line 1350 + 0x43 bytes C++ gklayout.dll!nsScriptLoader::EvaluateScript(nsScriptLoadRequest * aRequest=0x0bc9c430, const nsString & aScript={...}) Line 607 + 0x63 bytes C++ gklayout.dll!nsScriptLoader::ProcessRequest(nsScriptLoadRequest * aRequest=0x0bc9c430) Line 521 + 0x13 bytes C++ gklayout.dll!nsScriptLoader::ProcessPendingRequests() Line 655 C++ gklayout.dll!nsScriptLoader::OnStreamComplete(nsIStreamLoader * aLoader=0x08257150, nsISupports * aContext=0x0bc9c430, unsigned int aStatus=0x00000000, unsigned int aStringLen=0x00003683, const unsigned char * aString=0x07f3a418) Line 804 C++ necko.dll!nsStreamLoader::OnStopRequest(nsIRequest * request=0x061e1ff8, nsISupports * ctxt=0x0bc9c430, unsigned int aStatus=0x00000000) Line 110 C++ necko.dll!nsHTTPCompressConv::OnStopRequest(nsIRequest * request=0x061e1ff8, nsISupports * aContext=0x0bc9c430, unsigned int aStatus=0x00000000) Line 125 C++ necko.dll!nsStreamListenerTee::OnStopRequest(nsIRequest * request=0x061e1ff8, nsISupports * context=0x0bc9c430, unsigned int status=0x00000000) Line 66 C++ necko.dll!nsHttpChannel::OnStopRequest(nsIRequest * request=0x07c71f80, nsISupports * ctxt=0x00000000, unsigned int status=0x00000000) Line 4289 C++ necko.dll!nsInputStreamPump::OnStateStop() Line 571 C++ necko.dll!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream * stream=0x07c71d58) Line 395 + 0xb bytes C++ xpcom_core.dll!nsInputStreamReadyEvent::Run() Line 112 C++ xpcom_core.dll!nsThread::ProcessNextEvent(int mayWait=0x00000001, int * result=0x0012fb28) Line 483 C++ xpcom_core.dll!NS_ProcessNextEvent_P(nsIThread * thread=0x00bad568, int mayWait=0x00000001) Line 227 + 0x16 bytes C++ gkwidget.dll!nsBaseAppShell::Run() Line 154 + 0xc bytes C++ tkitcmps.dll!nsAppStartup::Run() Line 171 + 0x1c bytes C++ xul.dll!XRE_main(int argc=0x00000001, char * * argv=0x00ba9850, const nsXREAppData * aAppData=0x004036e0) Line 2824 + 0x25 bytes C++ firefox.exe!main(int argc=0x00000001, char * * argv=0x00ba9850) Line 65 + 0x13 bytes C++ firefox.exe!__tmainCRTStartup() Line 586 + 0x19 bytes C firefox.exe!mainCRTStartup() Line 403 C kernel32.dll!7c816fd7()
not sure if it is related, but on a relatively recent trunk nightly [1], I see this in the error console for the page that causes the js assert in my debug build: Error: uncaught exception: Permission denied to call method Location.toString [1] Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a5pre) Gecko/20070517 Minefield/3.0a5pre
Reduced testcase to trigger this assertion: "23".match(/(\d+){5,}/);
Severity: normal → critical
Keywords: assertion, testcase
OS: Windows XP → All
Hardware: PC → All
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
A testcase for this bug was already added in the original bug (bug 379056).
Flags: in-testsuite-
You need to log in before you can comment on or make changes to this bug.