Last Comment Bug 510040 - Fix JS debugger crash on 64-bit: don't truncate PC to jsuint in jsds_FilterHook
: Fix JS debugger crash on 64-bit: don't truncate PC to jsuint in jsds_FilterHook
Status: RESOLVED FIXED
[firebug-p1]
:
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86_64 Linux
: -- minor (vote)
: mozilla1.9.3a1
Assigned To: Marti Raudsepp
: jsd
Mentors:
: 513556 540546 540731 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-08-12 12:29 PDT by Marti Raudsepp
Modified: 2011-07-08 00:24 PDT (History)
14 users (show)
mbeltzner: blocking1.9.2-
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
beta4-fixed
.8-fixed


Attachments
fix_jsds_filterhook_pc_64bit_truncate.patch (784 bytes, patch)
2009-08-12 12:30 PDT, Marti Raudsepp
timeless: review+
mbeltzner: approval1.9.2+
dveditz: approval1.9.1.8+
Details | Diff | Review

Description Marti Raudsepp 2009-08-12 12:29:19 PDT
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.2) Gecko/20090812 Gentoo Firefox/3.5.2
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.2) Gecko/20090812 Gentoo Firefox/3.5.2

64-bit Firefox 3.5.2 crashes after installing the Chromebug extension, even if you don't specify -chromebug from the command line. This is the culprit.


Reproducible: Always

Steps to Reproduce:
1. Install the Chromebug extension (chromebug-1.5.0a2.xpi) on a 64-bit browser from http://getfirebug.com/releases/chromebug/
2. Restart Firefox.
3. Witness segfault

Actual Results:  
*snip*
#4  <signal handler called>
#5  0x00007fd59348d208 in js_GetOpcode (cx=0x7fd57e2cdc00, script=0x7fd57d794000, pc=0x7d7952b0 <Address 0x7d7952b0 out of bounds>)
    at jsscript.h:325
#6  0x00007fd593490357 in js_PCToLineNumber (cx=0x7fd57e2cdc00, script=0x7fd57d794000, pc=0x7d7952b0 <Address 0x7d7952b0 out of bounds>)
    at jsscript.cpp:1808
#7  0x00007fd5933bca9f in JS_PCToLineNumber (cx=0x7fd57e2cdc00, script=0x7fd57d794000, pc=0x7d7952b0 <Address 0x7d7952b0 out of bounds>)
    at jsdbgapi.cpp:956
#8  0x00007fd591e3f4d7 in jsd_GetClosestLine (jsdc=0x7fd57e211380, jsdscript=0x7fd57d8bd5e0, pc=2105103024) at jsd_scpt.c:523
#9  0x00007fd591e3a001 in JSD_GetClosestLine (jsdc=0x7fd57e211380, jsdscript=0x7fd57d8bd5e0, pc=2105103024) at jsdebug.c:337
^--- PC is a 32-bit integer value, truncated :(
#10 0x00007fd591e44f1f in jsds_FilterHook (jsdc=0x7fd57e211380, state=0x7fd57d792780) at jsd_xpc.cpp:400
^--- jsds_FilterHook extracts PC from the struct again
#11 0x00007fd591e45c64 in jsds_ExecutionHookProc (jsdc=0x7fd57e211380, jsdthreadstate=0x7fd57d792780, type=1, callerdata=0x1, 
    rval=0x7fffbad23a08) at jsd_xpc.cpp:680
#12 0x00007fd591e3d3b3 in jsd_CallExecutionHook (jsdc=0x7fd57e211380, cx=0x7fd5831fcc00, type=1, 
    hook=0x7fd591e45903 <jsds_ExecutionHookProc>, hookData=0x1, rval=0x7fffbad23a08) at jsd_hook.c:177
^--- PC gets stored in a structure
#13 0x00007fd591e3fc91 in jsd_TrapHandler (cx=0x7fd5831fcc00, script=0x7fd57d794000, pc=0x7fd57d7952b0 "S", rval=0x7fffbad23a08, 
    closure=0x7fd57d769a01) at jsd_scpt.c:758
*snip*

^--- PC is a 64-bit value, intact


Workaround: remove Chromebug extension by brute force.
% rm -rf ~/.mozilla/firefox/*/extensions/chromebug@johnjbarton.com/
Comment 1 Marti Raudsepp 2009-08-12 12:30:29 PDT
Created attachment 394095 [details] [diff] [review]
fix_jsds_filterhook_pc_64bit_truncate.patch
Comment 2 Kevin Brosnan 2009-08-12 12:44:44 PDT
Ask for review from one of the JSD module owners.
Comment 3 Kevin Brosnan 2009-08-12 12:45:34 PDT
The list of potential reviewers can be found at http://www.mozilla.org/owners.html#javascript-debugger-backend
Comment 4 Marti Raudsepp 2009-08-12 12:55:11 PDT
Comment on attachment 394095 [details] [diff] [review]
fix_jsds_filterhook_pc_64bit_truncate.patch

There ya go. Sorry, I was confused because your patch review system is very different from what I'm used to.

PS: Josh Soref's email on the link above is timeless@mozdev.org, but Bugzilla doesn't accept that as a reviewer.
Comment 5 Boris Zbarsky [:bz] (Out June 25-July 6) 2009-08-13 08:41:10 PDT
Comment on attachment 394095 [details] [diff] [review]
fix_jsds_filterhook_pc_64bit_truncate.patch

Needs approval...
Comment 6 Dão Gottwald [:dao] 2009-08-17 05:29:19 PDT
http://hg.mozilla.org/mozilla-central/rev/ecf63fdc78b7
Comment 7 Mike Beltzner [:beltzner, not reading bugmail] 2009-11-19 08:17:09 PST
Doesn't block as 64-bit isn't a supported platform, but has been baking forever, so I'm fine to take the patch on the 1.9.2 branch.

Possibly related to the other Firebug 64-bit crasher, bug 513556?
Comment 8 timeless 2009-11-19 08:31:58 PST
*** Bug 513556 has been marked as a duplicate of this bug. ***
Comment 9 Brendan Eich [:brendan] 2009-11-19 10:22:16 PST
Needs branch landing still. Who will do the deed?

/be
Comment 10 Boris Zbarsky [:bz] (Out June 25-July 6) 2009-11-19 11:37:32 PST
Pushed http://hg.mozilla.org/releases/mozilla-1.9.2/rev/1d93cf3812b6
Comment 11 Daniel Veditz [:dveditz] 2009-12-18 12:10:00 PST
Comment on attachment 394095 [details] [diff] [review]
fix_jsds_filterhook_pc_64bit_truncate.patch

Approved for 1.9.1.8, a=dveditz for release-drivers
Comment 12 Reed Loden [:reed] (use needinfo?) 2009-12-30 18:50:26 PST
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/98a1c2674fc2
Comment 13 timeless 2010-01-19 07:07:40 PST
*** Bug 540546 has been marked as a duplicate of this bug. ***
Comment 14 timeless 2010-01-19 18:04:49 PST
*** Bug 540731 has been marked as a duplicate of this bug. ***
Comment 15 timeless 2010-01-21 07:34:50 PST
*** Bug 513556 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.