Last Comment Bug 457788 - eval(string) crashes in js_ComputeFilename
: eval(string) crashes in js_ComputeFilename
Status: RESOLVED DUPLICATE of bug 452295
[fixed by 452295]
: crash, fixed1.8.1.18, fixed1.9.0.4, regression
Product: Core Graveyard
Classification: Graveyard
Component: Installer: XPInstall Engine (show other bugs)
: 1.8 Branch
: All All
-- critical (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
Depends on:
Blocks: 419848
  Show dependency treegraph
Reported: 2008-09-29 17:34 PDT by Karsten Düsterloh
Modified: 2015-12-11 07:21 PST (History)
8 users (show)
dveditz: blocking1.8.1.18+
dveditz: wanted1.8.1.x+
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Description User image Karsten Düsterloh 2008-09-29 17:34:47 PDT
Calling eval with a string argument in an install.js XPInstall script crashes
Seamonkey 1.1.12 (it doesn't for numeric arguments to eval).

[This is the exact same sympton as in bug 298054, only this time for SM and with a different crash location.]

SM 1.1.11 (rv:; Gecko/20080702): okay
SM 1.1.12 (rv:; Gecko/20080829): crashes

Steps to reproduce:
- try to install the evalcrash.xpi addon from bug 298054 attachment 186678 [details] into SM 1.1.12 under Linux or Windows:
  * "before" alert pops up
  * SM crashes

Stack, according to gdb under Linux:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xf275fb90 (LWP 23265)]
0xf7e04b91 in js_ComputeFilename () from ./
(gdb) bt
#0  0xf7e04b91 in js_ComputeFilename () from ./
#1  0xf7e04dcc in ?? () from ./
#2  0xf7dec663 in js_Invoke () from ./
#3  0xf7df1a9a in js_Interpret () from ./
#4  0xf7ded0ae in js_Execute () from ./
#5  0xf7dc2fa6 in JS_EvaluateUCScriptForPrincipals () from ./
#6  0xf7dc2f24 in JS_EvaluateUCScript () from ./
#7  0xf7dc2e56 in JS_EvaluateScript () from ./
#8  0xf4650d04 in ?? () from /xxx/bin/mozilla/seamonkey/1.1.12/seamonkey/components/
#9  0xf7d911ca in ?? () from ./
#10 0xf7d3d4fb in start_thread () from /lib32/
#11 0xf757809e in clone () from /lib32/
Comment 1 User image David E. Ross 2008-10-01 12:36:39 PDT
According to a newsgroup reply by Karsten in <news://> (thread subject: Cannot Install Mnenhy Under SeaMonkey 1.1.12; reply date: 29 Sep), this causes SeaMonkey 1.1.12 to crash when attempting to install Mnenhy.  

As implied by Karsten's Description, this is a regression bug that first appeared in 1.1.12.  As such, it should be fixed in the next security/stability release and not put off until SeaMonkey 2.
Comment 2 User image Daniel Veditz [:dveditz] 2008-10-09 09:39:34 PDT
I don't suppose you can get a narrower regression range?
Comment 4 User image Samuel Sidler (old account; do not CC) 2008-10-10 07:19:59 PDT
Fun fun... Blake, is this something you want to look at?
Comment 5 User image Blake Kaplan (:mrbkap) 2008-10-10 12:43:20 PDT
Already did! I just attached 1.8 and 1.9 versions of the fix for this bug.

*** This bug has been marked as a duplicate of bug 452295 ***

Note You need to log in before you can comment on or make changes to this bug.