Closed
Bug 42670
Opened 24 years ago
Closed 24 years ago
Recurse-to-death on uncaught JS exception (toLowerCase is not a function) [WAS: Crash Browser with this URL]
Categories
(Core :: DOM: Core & HTML, defect, P1)
Core
DOM: Core & HTML
Tracking
()
VERIFIED
FIXED
M18
People
(Reporter: namonai, Assigned: jst)
References
()
Details
(Keywords: crash, Whiteboard: [nsbeta3+][HAVE FIX])
Attachments
(2 files)
|
255 bytes,
text/html
|
Details | |
|
1.06 KB,
patch
|
Details | Diff | Splinter Review |
Go to the mentioned URL and login (or create a user if you aren't in the Delphi chat system. The browser will crash while trying to render the form layout. http://login.delphi.com/dir-login/index.asp?webtag=FOXNEWSTECH&lgnDST=http%3A%2F %2Fwww%2Edelphi%2Ecom%2Ffoxnewstech%2Fstart%2F
|
||
Comment 1•24 years ago
|
||
Yes, this crashes on PC/Linux, build 2000061420. Seems to be an uncontrolled
recursion. Here's a stack trace from a 6/9-M16 build (shouldn't have changed
much since then):
#97 0x401a61a2 in js_ReportErrorAgain (cx=0x87996b0,
message=0x8bab6b0 "TypeError: arguments[0].toLowerCase is not a function",
reportp=0x8bab440) at ../../../mozilla/js/src/jscntxt.c:560
#98 0x401c3993 in js_ReportUncaughtException (cx=0x87996b0)
at ../../../mozilla/js/src/jsexn.c:671
#99 0x4019ece9 in JS_CallFunctionValue (cx=0x87996b0, obj=0x889c7e0,
fval=144027512, argc=1, argv=0xbfe07ff0, rval=0xbfe07ebc)
at ../../../mozilla/js/src/jsapi.c:2803
#100 0x4039a297 in nsJSContext::CallEventHandler (this=0x87b85f0,
aTarget=0x889c7e0, aHandler=0x895af78, argc=1, argv=0xbfe07ff0,
aBoolResult=0xbfe07f40, aReverseReturnResult=1)
at ../../../../mozilla/dom/src/base/nsJSEnvironment.cpp:788
#101 0x403e687c in nsJSEventListener::HandleEvent (this=0x8769370,
aEvent=0x8baaf6c)
at ../../../../mozilla/dom/src/events/nsJSEventListener.cpp:154
#102 0x413b532c in nsEventListenerManager::HandleEventSubType (this=0x8769320,
aListenerStruct=0x8900630, aDOMEvent=0x8baaf6c, aCurrentTarget=0x87b8528,
aSubType=8, aPhaseFlags=7)
at ../../../../mozilla/layout/events/src/nsEventListenerManager.cpp:754
#103 0x413b6eb5 in nsEventListenerManager::HandleEvent (this=0x8769320,
aPresContext=0x87f84a8, aEvent=0xbfe085f0, aDOMEvent=0xbfe08490,
aCurrentTarget=0x87b8528, aFlags=7, aEventStatus=0xbfe08630)
at ../../../../mozilla/layout/events/src/nsEventListenerManager.cpp:1323
#104 0x403a6d0e in GlobalWindowImpl::HandleDOMEvent (this=0x87b8518,
aPresContext=0x87f84a8, aEvent=0xbfe085f0, aDOMEvent=0xbfe08490, aFlags=1,
aEventStatus=0xbfe08630)
at ../../../../mozilla/dom/src/base/nsGlobalWindow.cpp:412
#105 0x40397ba2 in NS_ScriptErrorReporter (cx=0x87996b0,
message=0x89cd110 "TypeError: arguments[0].toLowerCase is not a function",
report=0x8baacb8)
at ../../../../mozilla/dom/src/base/nsJSEnvironment.cpp:104
#106 0x401a61a2 in js_ReportErrorAgain (cx=0x87996b0,
message=0x8baaf28 "TypeError: arguments[0].toLowerCase is not a function",
reportp=0x8baacb8) at ../../../mozilla/js/src/jscntxt.c:560
#107 0x401c3993 in js_ReportUncaughtException (cx=0x87996b0)
at ../../../mozilla/js/src/jsexn.c:671
This seems to be a javascript error. Confirming bug. Needs to be reassigned.
|
||
Comment 2•24 years ago
|
||
here's my trace with M16 release build crash under win 98:
nsXULElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\rdf\content\src\nsXULElement.cpp, line 3342]
nsXULElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\rdf\content\src\nsXULElement.cpp, line 3407]
nsXULElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\rdf\content\src\nsXULElement.cpp, line 3407]
nsXULElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\rdf\content\src\nsXULElement.cpp, line 3407]
nsXULElement::HandleChromeEvent
[d:\builds\seamonkey\mozilla\rdf\content\src\nsXULElement.cpp, line 4484]
GlobalWindowImpl::HandleDOMEvent
[d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 400]
NS_ScriptErrorReporter
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 106]
js_ReportErrorAgain
[d:\builds\seamonkey\mozilla\js\src\jscntxt.c, line 561]
js_ReportUncaughtException
[d:\builds\seamonkey\mozilla\js\src\jsexn.c, line 674]
JS_CallFunctionValue
[d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2805]
nsJSContext::CallEventHandler
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 792]
nsJSEventListener::HandleEvent
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 155]
nsEventListenerManager::HandleEventSubType
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line
755]
nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line
1330]
GlobalWindowImpl::HandleDOMEvent
[d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 404]
NS_ScriptErrorReporter
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 106]
js_ReportErrorAgain
[d:\builds\seamonkey\mozilla\js\src\jscntxt.c, line 561]
js_ReportUncaughtException
[d:\builds\seamonkey\mozilla\js\src\jsexn.c, line 674]
JS_CallFunctionValue
[d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2805]
nsJSContext::CallEventHandler
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 792]
nsJSEventListener::HandleEvent
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 155]
nsEventListenerManager::HandleEventSubType
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line
755]
nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line
1330]
GlobalWindowImpl::HandleDOMEvent
[d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 404]
NS_ScriptErrorReporter
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 106]
js_ReportErrorAgain
[d:\builds\seamonkey\mozilla\js\src\jscntxt.c, line 561]
js_ReportUncaughtException
[d:\builds\seamonkey\mozilla\js\src\jsexn.c, line 674]
JS_CallFunctionValue
[d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2805]
nsJSContext::CallEventHandler
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 792]
nsJSEventListener::HandleEvent
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 155]
nsEventListenerManager::HandleEventSubType
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line
755]
nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line
1330]
GlobalWindowImpl::HandleDOMEvent
[d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 404]
NS_ScriptErrorReporter
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 106]
js_ReportErrorAgain
[d:\builds\seamonkey\mozilla\js\src\jscntxt.c, line 561]
js_ReportUncaughtException
[d:\builds\seamonkey\mozilla\js\src\jsexn.c, line 674]
JS_CallFunctionValue
[d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2805]
nsJSContext::CallEventHandler
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 792]
nsJSEventListener::HandleEvent
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 155]
nsEventListenerManager::HandleEventSubType
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line
755]
nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line
1330]
GlobalWindowImpl::HandleDOMEvent
[d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 404]
NS_ScriptErrorReporter
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 106]
js_ReportErrorAgain
[d:\builds\seamonkey\mozilla\js\src\jscntxt.c, line 561]
js_ReportUncaughtException
[d:\builds\seamonkey\mozilla\js\src\jsexn.c, line 674]
JS_CallFunctionValue
[d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2805]
nsJSContext::CallEventHandler
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 792]
nsJSEventListener::HandleEvent
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 155]
nsEventListenerManager::HandleEventSubType
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line
755]
nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line
1330]
GlobalWindowImpl::HandleDOMEvent
[d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 404]
NS_ScriptErrorReporter
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 106]
js_ReportErrorAgain
[d:\builds\seamonkey\mozilla\js\src\jscntxt.c, line 561]
js_ReportUncaughtException
[d:\builds\seamonkey\mozilla\js\src\jsexn.c, line 674]
JS_CallFunctionValue
[d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2805]
nsJSContext::CallEventHandler
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 792]
nsJSEventListener::HandleEvent
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp, line 155]
nsEventListenerManager::HandleEventSubType
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line
755]
nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\layout\events\src\nsEventListenerManager.cpp, line
1330]
GlobalWindowImpl::HandleDOMEvent
[d:\builds\seamonkey\mozilla\dom\src\base\nsGlobalWindow.cpp, line 404]
NS_ScriptErrorReporter
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp, line 106]
js_ReportErrorAgain
[d:\builds\seamonkey\mozilla\js\src\jscntxt.c, line 561]
js_ReportUncaughtException
[d:\builds\seamonkey\mozilla\js\src\jsexn.c, line 674]
JS_CallFunctionValue
[d:\builds\seamonkey\mozilla\js\src\jsapi.c, line 2805]
|
|
||
Comment 3•24 years ago
|
||
updating component and setting default owner.
Assignee: asa → waterson
Component: Browser-General → RDF
QA Contact: doronr → tever
|
||
Comment 4•24 years ago
|
||
Set correct component. We're getting a stack overflow that looks something like what I'm seeing below. The script is generating the following error: TypeError: arguments[0].toLowerCase is not a function This posts an error event, which seems to generate the same error again. mccabe: you probably know the most about this? GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x03453ed0, nsIPresContext * 0x0344f3b0, nsEvent * 0x0012cd8c, nsIDOMEvent * * 0x0012cbc0, unsigned int 0x00000001, nsEventStatus * 0x0012ce54) line 400 NS_ScriptErrorReporter(JSContext * 0x034544b0, const char * 0x035d0640, JSErrorReport * 0x035d10a0) line 106 js_ReportErrorAgain(JSContext * 0x034544b0, const char * 0x035d3870, JSErrorReport * 0x035d10a0) line 560 + 21 bytes js_ReportUncaughtException(JSContext * 0x034544b0) line 671 + 17 bytes JS_CallFunctionValue(JSContext * 0x034544b0, JSObject * 0x029adb00, long 0x02ae1868, unsigned int 0x00000001, long * 0x0012cf88, long * 0x0012cf28) line 2803 + 9 bytes nsJSContext::CallEventHandler(nsJSContext * const 0x03453e70, void * 0x029adb00, void * 0x02ae1868, unsigned int 0x00000001, void * 0x0012cf88, int * 0x0012cf84, int 0x00000001) line 788 + 33 bytes nsJSEventListener::HandleEvent(nsIDOMEvent * 0x035d18f4) line 154 + 64 bytes nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x034790f0, nsIDOMEvent * 0x035d18f4, nsIDOMEventTarget * 0x03453ee0, unsigned int 0x00000008, unsigned int 0x00000007) line 754 + 19 bytes nsEventListenerManager::HandleEvent(nsIPresContext * 0x0344f3b0, nsEvent * 0x0012d62c, nsIDOMEvent * * 0x0012d460, nsIDOMEventTarget * 0x03453ee0, unsigned int 0x00000007, nsEventStatus * 0x0012d6f4) line 1323 + 39 bytes GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x03453ed0, nsIPresContext * 0x0344f3b0, nsEvent * 0x0012d62c, nsIDOMEvent * * 0x0012d460, unsigned int 0x00000001, nsEventStatus * 0x0012d6f4) line 413 NS_ScriptErrorReporter(JSContext * 0x034544b0, const char * 0x035d0640, JSErrorReport * 0x035d1d70) line 106 js_ReportErrorAgain(JSContext * 0x034544b0, const char * 0x035d19a0, JSErrorReport * 0x035d1d70) line 560 + 21 bytes js_ReportUncaughtException(JSContext * 0x034544b0) line 671 + 17 bytes JS_CallFunctionValue(JSContext * 0x034544b0, JSObject * 0x029adb00, long 0x02ae1868, unsigned int 0x00000001, long * 0x0012d828, long * 0x0012d7c8) line 2803 + 9 bytes nsJSContext::CallEventHandler(nsJSContext * const 0x03453e70, void * 0x029adb00, void * 0x02ae1868, unsigned int 0x00000001, void * 0x0012d828, int * 0x0012d824, int 0x00000001) line 788 + 33 bytes nsJSEventListener::HandleEvent(nsIDOMEvent * 0x035d05d4) line 154 + 64 bytes nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x034790f0, nsIDOMEvent * 0x035d05d4, nsIDOMEventTarget * 0x03453ee0, unsigned int 0x00000008, unsigned int 0x00000007) line 754 + 19 bytes nsEventListenerManager::HandleEvent(nsIPresContext * 0x0344f3b0, nsEvent * 0x0012decc, nsIDOMEvent * * 0x0012dd00, nsIDOMEventTarget * 0x03453ee0, unsigned int 0x00000007, nsEventStatus * 0x0012df94) line 1323 + 39 bytes GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x03453ed0, nsIPresContext * 0x0344f3b0, nsEvent * 0x0012decc, nsIDOMEvent * * 0x0012dd00, unsigned int 0x00000001, nsEventStatus * 0x0012df94) line 413 NS_ScriptErrorReporter(JSContext * 0x034544b0, const char * 0x035d0640, JSErrorReport * 0x035d0b00) line 106 js_ReportErrorAgain(JSContext * 0x034544b0, const char * 0x035d06f0, JSErrorReport * 0x035d0b00) line 560 + 21 bytes js_ReportUncaughtException(JSContext * 0x034544b0) line 671 + 17 bytes JS_CallFunctionValue(JSContext * 0x034544b0, JSObject * 0x029adb00, long 0x02ae1868, unsigned int 0x00000001, long * 0x0012e0c8, long * 0x0012e068) line 2803 + 9 bytes nsJSContext::CallEventHandler(nsJSContext * const 0x03453e70, void * 0x029adb00, void * 0x02ae1868, unsigned int 0x00000001, void * 0x0012e0c8, int * 0x0012e0c4, int 0x00000001) line 788 + 33 bytes nsJSEventListener::HandleEvent(nsIDOMEvent * 0x035af0a4) line 154 + 64 bytes nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x034790f0, nsIDOMEvent * 0x035af0a4, nsIDOMEventTarget * 0x03453ee0, unsigned int 0x00000008, unsigned int 0x00000007) line 754 + 19 bytes nsEventListenerManager::HandleEvent(nsIPresContext * 0x0344f3b0, nsEvent * 0x0012e76c, nsIDOMEvent * * 0x0012e5a0, nsIDOMEventTarget * 0x03453ee0, unsigned int 0x00000007, nsEventStatus * 0x0012e834) line 1323 + 39 bytes GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x03453ed0, nsIPresContext * 0x0344f3b0, nsEvent * 0x0012e76c, nsIDOMEvent * * 0x0012e5a0, unsigned int 0x00000001, nsEventStatus * 0x0012e834) line 413
Assignee: waterson → mccabe
Component: RDF → DOM Level 0
|
||
Comment 7•24 years ago
|
||
Here are Brendan's comments from bug 46414, which has been marked as a duplicate of this bug: ------- Additional Comments From Brendan Eich 2000-07-25 20:00 ------- onerror requires careful handling by the DOM's NS_ScriptErrorReporter, because the scripted error event handler may itself suffer a runtime error. The classic codebase dealt with this indirectly, by limiting the number of errors reported per page. You could still chew stack nesting the user-defined error reporter, but with a low limit (5, IIRC), you wouldn't crash due to stack overflow. Also, setting window.onerror = null; should suppress default error reporting. Does it? /be
|
|
||
Comment 8•24 years ago
|
||
Updating summary to match that of bug 46414
Summary: Crash Browser with this URL → Recurse-to-death on uncaught JS exception (toLowerCase is not a function) [WAS: Crash Browser with this URL]
|
||
Comment 9•24 years ago
|
||
Looks like the DOM event generated at nsJSEnvironment.cpp:107 ends up generating an error of its own. Possibly as a result of an error in the window's onerror handler? Seems likely we need a recursion stopper either in the nsJSEnvironment.cpp error code, or better in whatever it is that ends up calling the onerror handler for the page. This looks more tied to DOM events than the JS engine itself; jst, can you handle it?
Assignee: mccabe → jst
|
Assignee | |
Comment 10•24 years ago
|
||
*** Bug 46717 has been marked as a duplicate of this bug. ***
|
|
Assignee | |
Comment 11•24 years ago
|
||
I have a hack in my tree that solves this problem, I'll get this fixed for beta3.
Status: NEW → ASSIGNED
Keywords: nsbeta3
OS: Linux → All
Hardware: PC → All
Whiteboard: nsbeta3+
Target Milestone: --- → M18
|
|
Assignee | |
Updated•24 years ago
|
Priority: P3 → P1
Whiteboard: nsbeta3+ → [nsbeta3+]
|
|
Assignee | |
Comment 12•24 years ago
|
||
|
|
Assignee | |
Comment 13•24 years ago
|
||
|
|
Assignee | |
Updated•24 years ago
|
Whiteboard: [nsbeta3+] → [nsbeta3+][HAVE FIX]
|
|
Assignee | |
Comment 14•24 years ago
|
||
The above patch is checked in, r=brendan@mozilla.org Marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
|
||
Comment 15•24 years ago
|
||
verified: WinNT 2000082308 Linux 2000082408 mac8.6 2000082408
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•