Closed
Bug 455646
Opened 16 years ago
Closed 16 years ago
TM: Crash at youtube.com on history navigation + NoScript [js_FillPropertyCache]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: fehe, Assigned: brendan)
References
()
Details
(Keywords: crash)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1pre) Gecko/20080916043910 Firefox/2.0.0.11 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1pre) Gecko/20080916043910 Firefox/2.0.0.11 Under very specific conditions, with JIT chrome enabled, Firefox crashes when navigating either forward or backwards (in history) at Youtube.com. The additional conditions are the presence of NoScript and general.useragent.extra.firefox being set to something like Firefox/2.0.0.11. Crash Signature: js_FillPropertyCache http://crash-stats.mozilla.com/report/index/27ba51fd-8444-11dd-92d5-001cc45a2c28 http://crash-stats.mozilla.com/report/index/c51bba63-8444-11dd-b741-0013211cbf8a http://crash-stats.mozilla.com/report/index/24601d91-8459-11dd-b006-0013211cbf8a http://crash-stats.mozilla.com/report/index/6984521c-8454-11dd-99d0-001321b13766 Reproducible: Always Steps to Reproduce: 1. Create a new profile 2. Install NoScript 3. Change the value of general.useragent.extra.firefox to Firefox/2.0.0.11 4. Enable javascript.options.jit.chrome (set it to true) 5. Restart Firefox 6. Go to http://www.youtube.com and click a video 7. Right-click the NoScript icon (in the status bar) and select "Temporarily allow all this page" 8. Allow the video to play for about 10 seconds and, while the video is still playing, left-click one of the related videos on the right (so it loads in the same tab). 9. Allow that second video to play for about 10 seconds then click the Back toolbar button 10. The result should be a crash. If you do not immediately crash, try clicking the Forward toolbar button.
Component: General → JavaScript Engine
Product: Firefox → Core
Version: unspecified → Trunk
Updated•16 years ago
|
Assignee | ||
Comment 1•16 years ago
|
||
May be WFM, will try to reproduce. Reporter, if you could try the latest tracemonkey tinderbox build, or tonights mozilla-central (Firefox 3.1 pre) build and see whether it reproduces, that would be a big help. Thanks, /be
Assignee: nobody → brendan
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.9.1?
I can still reproduce easily with both tracemonkey tinderbox and mozilla-central (Firefox 3.1 pre)builds, though the crash signature is now: [@ nanojit::LirBufWriter::insImm(int) ] (I now opened Bug 456981) TraceMonkey: http://crash-stats.mozilla.com/report/index/c1849051-8b08-11dd-95ea-001a4bd43ef6?p=1 Mozilla-Central: http://crash-stats.mozilla.com/report/index/1e3af180-8b07-11dd-bb34-001cc4e2bf68?p=1 TraceMonkey build: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1pre) Gecko/20080925034925 Firefox/2.0.0.11 Mozilla-Central build: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1pre) Gecko/20080925033548 Firefox/2.0.0.11
I should clarify that I can no longer reproduce this bug, specifically, but the steps for this crash still produce a crash, which I have now reported as Bug 456981
Comment 4•16 years ago
|
||
Ok, WFM this bug, and bumped priority on the other one. Testing 456981 now.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
Updated•16 years ago
|
Flags: blocking1.9.1? → blocking1.9.1+
You need to log in
before you can comment on or make changes to this bug.
Description
•