crash omitting values in array literal

VERIFIED DUPLICATE of bug 39141

Status

()

Core
JavaScript Engine
P3
critical
VERIFIED DUPLICATE of bug 39141
18 years ago
16 years ago

People

(Reporter: Martin Jacobs, Assigned: Mike McCabe)

Tracking

({crash, js1.5})

Trunk
All
Windows 95
crash, js1.5
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

18 years ago
From Bugzilla Helper:
User-Agent: Mozilla/4.7 [en] (Win95; I)
BuildID:    2000032206

No problem with NN4 nor IE4/5.  
48 pages (out of 72) of site www.bestmat.be crash when opening, all with same 
report (see below).  


Reproducible: Always
Steps to Reproduce:
1. try www.bestmat.be/en/case_01.html 
2. try www.bestmat.be/en/rammer.html 
3. try www.bestmat.be/en/kramer.html 

Actual Results:  always crashes

Expected Results:  display properly like NN4 and IE4/5 do.  

Allways this report : 
NETSCP6 a causé une défaillance de page dans
 le module JS3250.DLL à 0147:60a8e148.
Registres :
EAX=000000f6 CS=0147 EIP=60a8e148 EFLGS=00010206
EBX=00000000 SS=014f ESP=0068f004 EBP=0068f0fc
ECX=0068f708 DS=014f ESI=0068f6f0 FS=43a7
EDX=0a511d86 ES=014f EDI=0aafe550 GS=0000
Octets à CS : EIP :
89 43 10 0f b7 43 06 8b c8 2b 4e 30 89 46 30 89 
Etat de la pile :
0068f6f0 00000000 09c87220 00000000 00000000 00000000 000005dc 000000f0 0ab01c00 
0aaefe04 00000000 00000000 0068f068 601a0f7a 0a9d9690 0ab01c00

Comment 1

18 years ago
Confirmed with (win98 2000080208)
MOZILLA caused an invalid page fault in
module JS3250.DLL at 015f:60b7e7b4.
Registers:
EAX=000000f6 CS=015f EIP=60b7e7b4 EFLGS=00010216
EBX=00000000 SS=0167 ESP=0068ed6c EBP=0068ee74
ECX=0068f4d0 DS=0167 ESI=0068f4b8 FS=198f
EDX=00000007 ES=0167 EDI=020d7c00 GS=0000
Bytes at CS:EIP:
89 43 10 0f b7 43 06 8b c8 2b 4e 30 89 46 30 89 
Stack dump:
0068f4b8 02103640 01bcb710 00000000 00000000 020b6c10 00000000 00000000 0068ee84 
0139a8e7 00000000 01b1e628 00000000 01ed84a0 00000000 0139a926 

Comment 2

18 years ago
Confirmed on 080204 win98.

Adding kw crash
Keywords: crash

Updated

18 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Reporter)

Comment 3

18 years ago
suggesting js1.5 keyword
(Reporter)

Updated

18 years ago
Keywords: js1.5
(Reporter)

Comment 4

18 years ago
Found reason of crashes.  
Please try : 
myArray=[,,"this","or",,"that];
NN4 and IE4/5 evaluate myArray[0], myArray[1] and myArray[4] as null.  
But Mozilla explodes. 
Shouldn't.  
(Reporter)

Comment 5

18 years ago
(updated www.bestmat.be site for overcoming this bug; no crash anymore).  
Here is a simple example of how to make Mozilla mad : 

<HTML><HEAD><TITLE>Mozilla Array() bug</title>
<!-- author martin.jacobs@skynet.be --> 
</head>
<BODY>
<SCRIPT language="JavaScript1.2">
var myArray= [,,"Laurel",,"and","Hardy",]; 
for (var i= 0; i<myArray.length; i++) { 
	if (myArray[i] && myArray[i] != null)document.writeln(myArray[i]+" ") }
</script>
</body> 
(Reporter)

Comment 6

18 years ago
Note that this bug only happens in array literal declarations.  
Following classic construction works fine : 
<HTML><HEAD><TITLE>Mozilla Array() bug</title>
<!-- author martin.jacobs@skynet.be --> 
</head>
<BODY>
<SCRIPT type="text/javascript" language="JavaScript1.2">
var myArray= new Array(); 
myArray[2]= "Laurel"; 
myArray[4]= "and"; 
myArray[5]= "Hardy"; 
for (var i= 0; i< myArray.length; i++) { 
	if (myArray[i] && myArray[i] != null) document.writeln(myArray[i]+" ") }
</script>
</body> 
(Reporter)

Updated

18 years ago
Summary: crash when accessing this (and other) page in this site → crash omitting values in array literal

Comment 7

18 years ago
Assigning to mccabe, as may be the same issue as bug 39141 -
Assignee: rogerl → mccabe
(Reporter)

Comment 8

18 years ago
Agreed. Who'll win the golden wristwatch ? 
Changing platform to all.  
Hardware: PC → All
(Assignee)

Comment 9

18 years ago
Marking as dup of 39141.

*** This bug has been marked as a duplicate of 39141 ***
Status: NEW → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → DUPLICATE

Comment 10

18 years ago
vrfy dup
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.