User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a8) Gecko/2007091216 GranParadiso/3.0a8 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a8) Gecko/2007091216 GranParadiso/3.0a8 talkback 37059874 The line frame.eval("window", "", 1, result); in Firebug crashes 18.104.22.168 when the frame is 374@file:/C:/Program%20Files/Mozilla%20Firefox/components/nsBookmarkTransactionManager.js or sometimes 2342@file:/C:/Program%20Files/Mozilla%20Firefox/components/nsMicrosummaryService.js I've checked and frame.isValid is true. The crash is timing dependent. At least one case the MicrosummaryService eval ran without crashing and the bookmark one crashed. I'll figure out how to get around this problem. Reproducible: Sometimes Steps to Reproduce: 1. 2. 3. Actual Results: BindNameToSlot [mozilla/js/src/jsemit.c, line 1956] js_EmitTree [mozilla/js/src/jsemit.c, line 6192] js_EmitTree [mozilla/js/src/jsemit.c, line 5203] Statements [mozilla/js/src/jsparse.c, line 1499] js_CompileTokenStream [mozilla/js/src/jsparse.c, line 501] CompileTokenStream [mozilla/js/src/jsapi.c, line 3774] JS_CompileUCScriptForPrincipals [mozilla/js/src/jsapi.c, line 3869] JS_EvaluateUCInStackFrame [mozilla/js/src/jsdbgapi.c, line 1023] jsd_EvaluateUCScriptInStackFrame [mozilla/js/jsd/jsd_stak.c, line 457] JSD_AttemptUCScriptInStackFrame [mozilla/js/jsd/jsdebug.c, line 795] jsdStackFrame::Eval [mozilla/js/jsd/jsd_xpc.cpp, line 1920]
I have only seen this crash with nsMicrosummaryService and nsSearch....js and only when the stack has a single frame. I guess these two files are being compiled in some context that does not expect "window" or eval() or some such. In Firebug I don't need these cases, so I just skip the frame.eval() when there only one frame.
Assignee: nobody → general
Severity: minor → critical
Product: Firefox → Core
QA Contact: general → general
Summary: jsdIStackFrame.eval("window", "", 1, result); crashes on BindNameToSlot → jsdIStackFrame.eval("window", "", 1, result); crashes on [@ BindNameToSlot]
Not sure how to test this to see if it's a problem on trunk, but sounds like (1) there's a workaround in Firebug and (2) users shouldn't encounter nsMicrosummaryService.js / nsBookmarkTransactionManager.js in stacks in normal usage anyway. [Maybe a future issue for Chromebug?]
Whiteboard: [firebug-p2] → [firebug-p5]
John: Are you still seeing this crash in 3.5?
No, I don't use this kind of code any more, let's let it die.
Thank you. I am resolving and verifying as Worksforme from John's last comment.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.