Closed Bug 457788 Opened 11 years ago Closed 11 years ago

eval(string) crashes in js_ComputeFilename

Categories

(Core Graveyard :: Installer: XPInstall Engine, defect, critical)

1.8 Branch
defect
Not set
critical

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 452295

People

(Reporter: mnyromyr, Unassigned)

References

Details

(4 keywords, Whiteboard: [fixed by 452295])

Calling eval with a string argument in an install.js XPInstall script crashes
Seamonkey 1.1.12 (it doesn't for numeric arguments to eval).

[This is the exact same sympton as in bug 298054, only this time for SM and with a different crash location.]

SM 1.1.11 (rv:1.8.1.16; Gecko/20080702): okay
SM 1.1.12 (rv:1.8.1.17; Gecko/20080829): crashes

Steps to reproduce:
- try to install the evalcrash.xpi addon from bug 298054 attachment 186678 [details] into SM 1.1.12 under Linux or Windows:
  * "before" alert pops up
  * SM crashes


Stack, according to gdb under Linux:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xf275fb90 (LWP 23265)]
0xf7e04b91 in js_ComputeFilename () from ./libmozjs.so
(gdb) bt
#0  0xf7e04b91 in js_ComputeFilename () from ./libmozjs.so
#1  0xf7e04dcc in ?? () from ./libmozjs.so
#2  0xf7dec663 in js_Invoke () from ./libmozjs.so
#3  0xf7df1a9a in js_Interpret () from ./libmozjs.so
#4  0xf7ded0ae in js_Execute () from ./libmozjs.so
#5  0xf7dc2fa6 in JS_EvaluateUCScriptForPrincipals () from ./libmozjs.so
#6  0xf7dc2f24 in JS_EvaluateUCScript () from ./libmozjs.so
#7  0xf7dc2e56 in JS_EvaluateScript () from ./libmozjs.so
#8  0xf4650d04 in ?? () from /xxx/bin/mozilla/seamonkey/1.1.12/seamonkey/components/libxpinstall.so
#9  0xf7d911ca in ?? () from ./libnspr4.so
#10 0xf7d3d4fb in start_thread () from /lib32/libpthread.so.0
#11 0xf757809e in clone () from /lib32/libc.so.6
According to a newsgroup reply by Karsten in <news://news.mozdev.org:119/public.mozdev.mnenhy> (thread subject: Cannot Install Mnenhy Under SeaMonkey 1.1.12; reply date: 29 Sep), this causes SeaMonkey 1.1.12 to crash when attempting to install Mnenhy.  

As implied by Karsten's Description, this is a regression bug that first appeared in 1.1.12.  As such, it should be fixed in the next security/stability release and not put off until SeaMonkey 2.
Flags: blocking1.8.1.18?
I don't suppose you can get a narrower regression range?
Flags: wanted1.8.1.x+
Flags: blocking1.8.1.18?
Flags: blocking1.8.1.18+
Fun fun... Blake, is this something you want to look at?
Blocks: 419848
Already did! I just attached 1.8 and 1.9 versions of the fix for this bug.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 452295
Whiteboard: [fixed by 452295]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.