Closed
Bug 510040
Opened 16 years ago
Closed 16 years ago
Fix JS debugger crash on 64-bit: don't truncate PC to jsuint in jsds_FilterHook
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.9.3a1
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | beta4-fixed |
| status1.9.1 | --- | .8-fixed |
People
(Reporter: marti, Assigned: marti)
References
Details
(Whiteboard: [firebug-p1])
Attachments
(1 file)
|
784 bytes,
patch
|
timeless
:
review+
beltzner
:
approval1.9.2+
dveditz
:
approval1.9.1.8+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.2) Gecko/20090812 Gentoo Firefox/3.5.2
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.2) Gecko/20090812 Gentoo Firefox/3.5.2
64-bit Firefox 3.5.2 crashes after installing the Chromebug extension, even if you don't specify -chromebug from the command line. This is the culprit.
Reproducible: Always
Steps to Reproduce:
1. Install the Chromebug extension (chromebug-1.5.0a2.xpi) on a 64-bit browser from http://getfirebug.com/releases/chromebug/
2. Restart Firefox.
3. Witness segfault
Actual Results:
*snip*
#4 <signal handler called>
#5 0x00007fd59348d208 in js_GetOpcode (cx=0x7fd57e2cdc00, script=0x7fd57d794000, pc=0x7d7952b0 <Address 0x7d7952b0 out of bounds>)
at jsscript.h:325
#6 0x00007fd593490357 in js_PCToLineNumber (cx=0x7fd57e2cdc00, script=0x7fd57d794000, pc=0x7d7952b0 <Address 0x7d7952b0 out of bounds>)
at jsscript.cpp:1808
#7 0x00007fd5933bca9f in JS_PCToLineNumber (cx=0x7fd57e2cdc00, script=0x7fd57d794000, pc=0x7d7952b0 <Address 0x7d7952b0 out of bounds>)
at jsdbgapi.cpp:956
#8 0x00007fd591e3f4d7 in jsd_GetClosestLine (jsdc=0x7fd57e211380, jsdscript=0x7fd57d8bd5e0, pc=2105103024) at jsd_scpt.c:523
#9 0x00007fd591e3a001 in JSD_GetClosestLine (jsdc=0x7fd57e211380, jsdscript=0x7fd57d8bd5e0, pc=2105103024) at jsdebug.c:337
^--- PC is a 32-bit integer value, truncated :(
#10 0x00007fd591e44f1f in jsds_FilterHook (jsdc=0x7fd57e211380, state=0x7fd57d792780) at jsd_xpc.cpp:400
^--- jsds_FilterHook extracts PC from the struct again
#11 0x00007fd591e45c64 in jsds_ExecutionHookProc (jsdc=0x7fd57e211380, jsdthreadstate=0x7fd57d792780, type=1, callerdata=0x1,
rval=0x7fffbad23a08) at jsd_xpc.cpp:680
#12 0x00007fd591e3d3b3 in jsd_CallExecutionHook (jsdc=0x7fd57e211380, cx=0x7fd5831fcc00, type=1,
hook=0x7fd591e45903 <jsds_ExecutionHookProc>, hookData=0x1, rval=0x7fffbad23a08) at jsd_hook.c:177
^--- PC gets stored in a structure
#13 0x00007fd591e3fc91 in jsd_TrapHandler (cx=0x7fd5831fcc00, script=0x7fd57d794000, pc=0x7fd57d7952b0 "S", rval=0x7fffbad23a08,
closure=0x7fd57d769a01) at jsd_scpt.c:758
*snip*
^--- PC is a 64-bit value, intact
Workaround: remove Chromebug extension by brute force.
% rm -rf ~/.mozilla/firefox/*/extensions/chromebug@johnjbarton.com/
|
Assignee | |
Comment 1•16 years ago
|
||
|
|
Assignee | |
Updated•16 years ago
|
Version: unspecified → 3.5 Branch
|
||
Comment 2•16 years ago
|
||
Ask for review from one of the JSD module owners.
Component: Extension Compatibility → JavaScript Debugging APIs
Product: Firefox → Core
QA Contact: extension.compatibility → jsd
Version: 3.5 Branch → 1.9.1 Branch
|
|
||
Comment 3•16 years ago
|
||
The list of potential reviewers can be found at http://www.mozilla.org/owners.html#javascript-debugger-backend
|
|
Assignee | |
Comment 4•16 years ago
|
||
Comment on attachment 394095 [details] [diff] [review]
fix_jsds_filterhook_pc_64bit_truncate.patch
There ya go. Sorry, I was confused because your patch review system is very different from what I'm used to.
PS: Josh Soref's email on the link above is timeless@mozdev.org, but Bugzilla doesn't accept that as a reviewer.
Attachment #394095 -
Attachment description: Patch to fix this issue → fix_jsds_filterhook_pc_64bit_truncate.patch
Attachment #394095 -
Flags: review?(timeless)
Attachment #394095 -
Flags: review?(timeless) → review+
|
|
||
Updated•16 years ago
|
|
||
Comment 5•16 years ago
|
||
Comment on attachment 394095 [details] [diff] [review]
fix_jsds_filterhook_pc_64bit_truncate.patch
Needs approval...
Attachment #394095 -
Flags: approval1.9.2?
|
||
Comment 6•16 years ago
|
||
Status: NEW → RESOLVED
Closed: 16 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3
|
||
Updated•16 years ago
|
Target Milestone: mozilla1.9.3 → mozilla1.9.3a1
|
|
||
Updated•16 years ago
|
Flags: blocking1.9.2?
|
||
Comment 7•16 years ago
|
||
Doesn't block as 64-bit isn't a supported platform, but has been baking forever, so I'm fine to take the patch on the 1.9.2 branch.
Possibly related to the other Firebug 64-bit crasher, bug 513556?
Flags: blocking1.9.2? → blocking1.9.2-
|
|
||
Updated•16 years ago
|
Attachment #394095 -
Flags: approval1.9.2? → approval1.9.2+
|
||
Comment 9•16 years ago
|
||
Needs branch landing still. Who will do the deed?
/be
|
|
||
Comment 10•16 years ago
|
||
status1.9.2:
--- → final-fixed
|
||
Updated•16 years ago
|
Attachment #394095 -
Flags: approval1.9.1.7?
|
|
||
Updated•16 years ago
|
See Also: → https://launchpad.net/bugs/449744
|
||
Updated•16 years ago
|
Attachment #394095 -
Flags: approval1.9.1.8? → approval1.9.1.8+
|
|
||
Comment 11•16 years ago
|
||
Comment on attachment 394095 [details] [diff] [review]
fix_jsds_filterhook_pc_64bit_truncate.patch
Approved for 1.9.1.8, a=dveditz for release-drivers
|
||
Comment 12•16 years ago
|
||
status1.9.1:
--- → .8-fixed
Summary: [PATCH] Fix JS debugger crash on 64-bit: don't truncate PC to jsuint in jsds_FilterHook → Fix JS debugger crash on 64-bit: don't truncate PC to jsuint in jsds_FilterHook
|
||
Updated•15 years ago
|
Whiteboard: [firebug-p1]
|
||
Updated•14 years ago
|
Component: JavaScript Debugging/Profiling APIs → JavaScript Engine
You need to log in
before you can comment on or make changes to this bug.
Description
•