Closed Bug 487312 Opened 15 years ago Closed 15 years ago

Assertion failure: slot < fp2->script->nslots, at /home/jimb/mc/in/js/src/jsfun.cpp:2222

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 487271

People

(Reporter: jimb, Unassigned)

References

Details

I was visiting Google Calendar, and then hit C-n to make a new window, and then used the Metacity title bar dropdown menu to put the new window on another screen.

Parent changeset 80f223f6296e (mozilla-central).

Stack trace:

(gdb) where
#0  JS_Assert (s=0xb7e166e3 "slot < fp2->script->nslots", file=0xb7e15db0 "/home/jimb/mc/in/js/src/jsfun.cpp", ln=2222) at /home/jimb/mc/in/js/src/jsutil.cpp:69
#1  0xb7cdb96f in js_NewFlatClosure (cx=0xb1801400, fun=0xa87fe9a0) at /home/jimb/mc/in/js/src/jsfun.cpp:2222
#2  0xb7d021f8 in js_Interpret (cx=0xb1801400) at /home/jimb/mc/in/js/src/jsinterp.cpp:6056
#3  0xb7d0eaaf in js_Execute (cx=0xb1801400, chain=((JSObject *) 0xb19a92c0) [object Window], script=0xa7f6bf60, down=0x0, flags=0, result=0x0) at /home/jimb/mc/in/js/src/jsinterp.cpp:1614
#4  0xb7c9cc61 in JS_EvaluateUCScriptForPrincipals (cx=0xb1801400, obj=((JSObject *) 0xb19a92c0) [object Window], principals=0xb19a65b4, chars=0xa844a008, length=203537, filename=0xa874da28 "http://maps.google.com/intl/en_us/mapfiles/150c/maps2.api/main.js", lineno=1, rval=0x0) at /home/jimb/mc/in/js/src/jsapi.cpp:5179
#5  0xb27a86f6 in nsJSContext::EvaluateString (this=0xb195bbb0, aScript=@0xa87e40b4, aScopeObject=0xb19a92c0, aPrincipal=0xb19a65b0, aURL=0xa874da28 "http://maps.google.com/intl/en_us/mapfiles/150c/maps2.api/main.js", aLineNo=1, aVersion=0, aRetValue=0x0, aIsUndefined=0xbfd2f83c) at /home/jimb/mc/in/dom/base/nsJSEnvironment.cpp:1603
#6  0xb2586ff3 in nsScriptLoader::EvaluateScript (this=0xaeff36d0, aRequest=0xa87e40a0, aScript=@0xa87e40b4) at /home/jimb/mc/in/content/base/src/nsScriptLoader.cpp:686
#7  0xb2586a80 in nsScriptLoader::ProcessRequest (this=0xaeff36d0, aRequest=0xa87e40a0) at /home/jimb/mc/in/content/base/src/nsScriptLoader.cpp:600
#8  0xb258727c in nsScriptLoader::ProcessPendingRequests (this=0xaeff36d0) at /home/jimb/mc/in/content/base/src/nsScriptLoader.cpp:739
#9  0xb2587b01 in nsScriptLoader::OnStreamComplete (this=0xaeff36d0, aLoader=0xa87e4130, aContext=0xa87e40a0, aStatus=0, aStringLen=203537, aString=0xa8401008 "(function(){var f=false,j=null,l=true;function aa(a){throw a;}\nvar m;var ca=_mF[38],da=_mF[39],ea=_mF[41],fa=_mF[45],ga=_mF[49],ha=_mF[57],ia=_mF[60],ja=_mF[69],ka=_mF[88],la=_mF[99],ma=_mF[100],na=_m"...) at /home/jimb/mc/in/content/base/src/nsScriptLoader.cpp:926
#10 0xb5de6168 in nsStreamLoader::OnStopRequest (this=0xa87e4130, request=0xabc52440, ctxt=0xa87e40a0, aStatus=0) at /home/jimb/mc/in/netwerk/base/src/nsStreamLoader.cpp:108
#11 0xb5e08053 in nsHTTPCompressConv::OnStopRequest (this=0xb6a563e0, request=0xabc52440, aContext=0xa87e40a0, aStatus=0) at /home/jimb/mc/in/netwerk/streamconv/converters/nsHTTPCompressConv.cpp:127
#12 0xb5de548b in nsStreamListenerTee::OnStopRequest (this=0xa87f4fe0, request=0xabc52440, context=0xa87e40a0, status=0) at /home/jimb/mc/in/netwerk/base/src/nsStreamListenerTee.cpp:65
#13 0xb5e957d8 in nsHttpChannel::OnStopRequest (this=0xabc52410, request=0xa87f98e0, ctxt=0x0, status=0) at /home/jimb/mc/in/netwerk/protocol/http/src/nsHttpChannel.cpp:4908
#14 0xb5db0e1b in nsInputStreamPump::OnStateStop (this=0xa87f98e0) at /home/jimb/mc/in/netwerk/base/src/nsInputStreamPump.cpp:576
#15 0xb5db06b7 in nsInputStreamPump::OnInputStreamReady (this=0xa87f98e0, stream=0xaa23138c) at /home/jimb/mc/in/netwerk/base/src/nsInputStreamPump.cpp:401
#16 0xb7baf0de in nsInputStreamReadyEvent::Run (this=0xa87e50a0) at /home/jimb/mc/in/xpcom/io/nsStreamUtils.cpp:111
#17 0xb7bdc27a in nsThread::ProcessNextEvent (this=0xb699a3d0, mayWait=1, result=0xbfd2fbfc) at /home/jimb/mc/in/xpcom/threads/nsThread.cpp:510
#18 0xb7b6bd83 in NS_ProcessNextEvent_P (thread=0xb699a3d0, mayWait=1) at nsThreadUtils.cpp:230
#19 0xb4c726e8 in nsBaseAppShell::Run (this=0xb6880290) at /home/jimb/mc/in/widget/src/xpwidgets/nsBaseAppShell.cpp:170
#20 0xb49940e3 in nsAppStartup::Run (this=0xb68dfc70) at /home/jimb/mc/in/toolkit/components/startup/src/nsAppStartup.cpp:192
#21 0xb7e96025 in XRE_main (argc=4, argv=0xbfd30304, aAppData=0xb6906540) at /home/jimb/mc/in/toolkit/xre/nsAppRunner.cpp:3340
#22 0x08049927 in main (argc=4, argv=0xbfd30304) at /home/jimb/mc/in/browser/app/nsBrowserApp.cpp:156
(gdb)
The function being instantiated by the call to js_NewFlatClosure is http://maps.google.com/intl/en_us/mapfiles/150c/maps2.api/main.js:249.
This looks like a dup of bug 487271.

/be
Marking dep for now, dup when patch for bug 487271 is confirmed to fix this bug, assuming it has reproduce-by steps or a reduced testcase (which if the same, will cause a dup sooner ;-).

The URL in comment 1 is 404'ing for me now.

/be
Depends on: 487271
(In reply to comment #2)
> This looks like a dup of bug 487271.

All the crashes in that bug are in js_Invoke; this crash is consistently in js_NewFlatClosure.  We'll see! :)
The underlying bug can bite flat closures as well as display-based non-escaping functions. The second testcase in bug 487271 shows the latter case.

/be
Just loading any of these sites triggers this assertion:

http://www.cupcakesonline.com.au/
http://www.re-member.jp/
http://planetfallout.gamespy.com/
That was mozilla-central.  On TM tip, the URLs in comment 6 work fine.
I know my bugs by smell.

/be
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.