Closed
Bug 451884
Opened 16 years ago
Closed 16 years ago
Crash [@ QuoteString] on the nytimes.com site
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
mozilla1.9.1
People
(Reporter: martijn.martijn, Assigned: brendan)
References
()
Details
(4 keywords)
Crash Data
Attachments
(2 files)
293 bytes,
text/html
|
Details | |
1.64 KB,
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
When I have the jit prefs enabled in the latest trunk build of Firefox (javascript.options.jit.chrome and javascript.options.jit.content), then I crash on the site I pasted in the url. http://crash-stats.mozilla.com/report/index/7c9f8e1c-7157-11dd-9678-001a4bd43ed6 0 js3250.dll QuoteString js/src/jsopcode.cpp:587 1 js3250.dll Decompile js/src/jsopcode.cpp:3796 2 js3250.dll DecompileCode js/src/jsopcode.cpp:4698 3 js3250.dll DecompileExpression js/src/jsopcode.cpp:5090 4 js3250.dll js_DecompileValueGenerator js/src/jsopcode.cpp:4967 5 js3250.dll js_ReportValueErrorFlags js/src/jscntxt.cpp:1329 6 js3250.dll js3250.dll@0x58732 7 js3250.dll js_Interpret js/src/jsinterp.cpp:4253 8 js3250.dll js_Execute js/src/jsinterp.cpp:1549 9 js3250.dll js_obj_eval js/src/jsobj.cpp:1341 10 js3250.dll js_Invoke js/src/jsinterp.cpp:1308 11 js3250.dll js_Interpret js/src/jsinterp.cpp:4963 12 js3250.dll js_Execute js/src/jsinterp.cpp:1549 13 js3250.dll JS_EvaluateUCScriptForPrincipals js/src/jsapi.cpp:5054 14 xul.dll nsJSContext::EvaluateString dom/src/base/nsJSEnvironment.cpp:1540 15 xul.dll nsScriptLoader::EvaluateScript content/base/src/nsScriptLoader.cpp:594 16 xul.dll nsScriptLoader::ProcessRequest content/base/src/nsScriptLoader.cpp:504 17 xul.dll nsScriptLoader::ProcessScriptElement content/base/src/nsScriptLoader.cpp:458 18 xul.dll nsContentUtils::HasNonEmptyTextContent content/base/src/nsContentUtils.cpp:3641 19 xul.dll nsScriptElement::MaybeProcessScript content/base/src/nsScriptElement.cpp:188
Comment 1•16 years ago
|
||
I'm seeing this crash with one of my sessions with both JIT prefs at their default value (false). I can't tell which page in the session triggers the crash, though.
Comment 2•16 years ago
|
||
I crash with this stack every time I load Zimbra. :(
Flags: blocking1.9.1?
OS: Windows XP → All
Comment 3•16 years ago
|
||
Brendan's offered to take this. Here's a reduced testcase: (function(k){eval("k.y")})({})
Assignee: general → brendan
Assignee | ||
Comment 6•16 years ago
|
||
Failing reduced testcase: (function(k){eval("k.y")})() /be
Status: NEW → ASSIGNED
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.9.1
Assignee | ||
Comment 7•16 years ago
|
||
Attachment #335680 -
Flags: review?(mrbkap)
Assignee | ||
Comment 8•16 years ago
|
||
Fixed on tracemonkey: http://hg.mozilla.org/tracemonkey/index.cgi/rev/e182535ffade /be
Updated•16 years ago
|
Attachment #335680 -
Flags: review?(mrbkap) → review+
Assignee | ||
Comment 9•16 years ago
|
||
Fixed on mozilla-central: http://hg.mozilla.org/mozilla-central/index.cgi/rev/61ee5bbbe005 /be
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Updated•16 years ago
|
Keywords: regression
Comment 10•16 years ago
|
||
/cvsroot/mozilla/js/tests/js1_5/Regress/regress-451884.js,v <-- regress-451884.js initial revision: 1.1 http://hg.mozilla.org/mozilla-central/rev/3ae03411eae7
Flags: in-testsuite+
Flags: in-litmus-
Updated•16 years ago
|
Flags: blocking1.9.1? → blocking1.9.1+
Comment 11•16 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/61ee5bbbe005
Keywords: fixed1.9.1
Comment 12•16 years ago
|
||
Verified fix on Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b3pre) Gecko/20090122 Shiretoko/3.1b3pre and Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre) Gecko/20090122 Minefield/3.2a1pre
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1 → verified1.9.1
Updated•13 years ago
|
Crash Signature: [@ QuoteString]
You need to log in
before you can comment on or make changes to this bug.
Description
•