jsdIStackFrame.eval("window", "", 1, result); crashes on [@ BindNameToSlot]

VERIFIED WORKSFORME

Status

()

Core
JavaScript Engine
--
critical
VERIFIED WORKSFORME
11 years ago
7 years ago

People

(Reporter: John J. Barton, Unassigned)

Tracking

({crash})

1.8 Branch
x86
Windows XP
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [firebug-p5], crash signature)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a8) Gecko/2007091216 GranParadiso/3.0a8
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a8) Gecko/2007091216 GranParadiso/3.0a8

talkback 37059874
The line
frame.eval("window", "", 1, result);
in Firebug crashes 2.0.0.7 when the frame is
374@file:/C:/Program%20Files/Mozilla%20Firefox/components/nsBookmarkTransactionManager.js
or sometimes
2342@file:/C:/Program%20Files/Mozilla%20Firefox/components/nsMicrosummaryService.js
I've checked and frame.isValid is true.

The crash is timing dependent.  At least one case the MicrosummaryService eval ran without crashing and the bookmark one crashed.

I'll figure out how to get around this problem.

Reproducible: Sometimes

Steps to Reproduce:
1.
2.
3.
Actual Results:  
BindNameToSlot  [mozilla/js/src/jsemit.c, line 1956]
js_EmitTree  [mozilla/js/src/jsemit.c, line 6192]
js_EmitTree  [mozilla/js/src/jsemit.c, line 5203]
Statements  [mozilla/js/src/jsparse.c, line 1499]
js_CompileTokenStream  [mozilla/js/src/jsparse.c, line 501]
CompileTokenStream  [mozilla/js/src/jsapi.c, line 3774]
JS_CompileUCScriptForPrincipals  [mozilla/js/src/jsapi.c, line 3869]
JS_EvaluateUCInStackFrame  [mozilla/js/src/jsdbgapi.c, line 1023]
jsd_EvaluateUCScriptInStackFrame  [mozilla/js/jsd/jsd_stak.c, line 457]
JSD_AttemptUCScriptInStackFrame  [mozilla/js/jsd/jsdebug.c, line 795]
jsdStackFrame::Eval  [mozilla/js/jsd/jsd_xpc.cpp, line 1920]
(Reporter)

Comment 1

11 years ago
I have only seen this crash with nsMicrosummaryService and nsSearch....js and only when the stack has a single frame. I guess these two files are being compiled in some context that does not expect "window" or eval() or some such. In Firebug I don't need these cases, so I just skip the frame.eval() when there only one frame.

Updated

11 years ago
Assignee: nobody → general
Severity: minor → critical
Component: General → JavaScript Engine
Keywords: crash
Product: Firefox → Core
QA Contact: general → general
Summary: jsdIStackFrame.eval("window", "", 1, result); crashes on BindNameToSlot → jsdIStackFrame.eval("window", "", 1, result); crashes on [@ BindNameToSlot]
Version: unspecified → 1.8 Branch

Updated

10 years ago
Whiteboard: [firebug-p2]
Not sure how to test this to see if it's a problem on trunk, but sounds like (1) there's a workaround in Firebug and (2) users shouldn't encounter nsMicrosummaryService.js / nsBookmarkTransactionManager.js in stacks in normal usage anyway. [Maybe a future issue for Chromebug?]
Whiteboard: [firebug-p2] → [firebug-p5]
John: Are you still seeing this crash in 3.5?
(Reporter)

Comment 4

9 years ago
No, I don't use this kind of code any more, let's let it die.
Thank you.  I am resolving and verifying as Worksforme from John's last comment.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → VERIFIED
Crash Signature: [@ BindNameToSlot]
You need to log in before you can comment on or make changes to this bug.