eval(string) crashes in js_ComputeFilename

RESOLVED DUPLICATE of bug 452295

Status

Core Graveyard
Installer: XPInstall Engine
--
critical
RESOLVED DUPLICATE of bug 452295
9 years ago
2 years ago

People

(Reporter: Karsten Düsterloh, Unassigned)

Tracking

(4 keywords)

1.8 Branch
crash, fixed1.8.1.18, fixed1.9.0.4, regression
Bug Flags:
blocking1.8.1.18 +
wanted1.8.1.x +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [fixed by 452295])

(Reporter)

Description

9 years ago
Calling eval with a string argument in an install.js XPInstall script crashes
Seamonkey 1.1.12 (it doesn't for numeric arguments to eval).

[This is the exact same sympton as in bug 298054, only this time for SM and with a different crash location.]

SM 1.1.11 (rv:1.8.1.16; Gecko/20080702): okay
SM 1.1.12 (rv:1.8.1.17; Gecko/20080829): crashes

Steps to reproduce:
- try to install the evalcrash.xpi addon from bug 298054 attachment 186678 [details] into SM 1.1.12 under Linux or Windows:
  * "before" alert pops up
  * SM crashes


Stack, according to gdb under Linux:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xf275fb90 (LWP 23265)]
0xf7e04b91 in js_ComputeFilename () from ./libmozjs.so
(gdb) bt
#0  0xf7e04b91 in js_ComputeFilename () from ./libmozjs.so
#1  0xf7e04dcc in ?? () from ./libmozjs.so
#2  0xf7dec663 in js_Invoke () from ./libmozjs.so
#3  0xf7df1a9a in js_Interpret () from ./libmozjs.so
#4  0xf7ded0ae in js_Execute () from ./libmozjs.so
#5  0xf7dc2fa6 in JS_EvaluateUCScriptForPrincipals () from ./libmozjs.so
#6  0xf7dc2f24 in JS_EvaluateUCScript () from ./libmozjs.so
#7  0xf7dc2e56 in JS_EvaluateScript () from ./libmozjs.so
#8  0xf4650d04 in ?? () from /xxx/bin/mozilla/seamonkey/1.1.12/seamonkey/components/libxpinstall.so
#9  0xf7d911ca in ?? () from ./libnspr4.so
#10 0xf7d3d4fb in start_thread () from /lib32/libpthread.so.0
#11 0xf757809e in clone () from /lib32/libc.so.6

Comment 1

9 years ago
According to a newsgroup reply by Karsten in <news://news.mozdev.org:119/public.mozdev.mnenhy> (thread subject: Cannot Install Mnenhy Under SeaMonkey 1.1.12; reply date: 29 Sep), this causes SeaMonkey 1.1.12 to crash when attempting to install Mnenhy.  

As implied by Karsten's Description, this is a regression bug that first appeared in 1.1.12.  As such, it should be fixed in the next security/stability release and not put off until SeaMonkey 2.
(Reporter)

Updated

9 years ago
Flags: blocking1.8.1.18?
I don't suppose you can get a narrower regression range?
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.18?
Flags: blocking1.8.1.18+
Keywords: regressionwindow-wanted
(Reporter)

Comment 3

9 years ago
Using nightlies from <http://ftp.mozilla.org/pub/mozilla.org/seamonkey/nightly/2008/07/>, I get this regression window:

nightly 2008-07-15 is okay
nightly 2008-07-16 is broken

The only non-calendar checkin in this (<http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=MOZILLA_1_8_BRANCH&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2008-07-15+00%3A00%3A00&maxdate=2008-07-17+00%3A00%3A00&cvsroot=%2Fcvsroot>) is bug 419848.
(Reporter)

Updated

9 years ago
Keywords: regressionwindow-wanted
Fun fun... Blake, is this something you want to look at?
Blocks: 419848
Already did! I just attached 1.8 and 1.9 versions of the fix for this bug.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 452295
Whiteboard: [fixed by 452295]
Keywords: fixed1.8.1.18, fixed1.9.0.4
(Assignee)

Updated

2 years ago
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.