Closed
Bug 596669
Opened 14 years ago
Closed 14 years ago
Fennec Android crash in jsstr.cpp:ReplaceCallback
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(fennec2.0b1+)
VERIFIED
FIXED
Tracking | Status | |
---|---|---|
fennec | 2.0b1+ | --- |
People
(Reporter: stechz, Assigned: cdleary)
References
Details
(Keywords: crash)
Attachments
(1 file)
631 bytes,
patch
|
cdleary
:
review+
|
Details | Diff | Splinter Review |
This is Android on Nexus One (ignore scratchbox directories, quirk of my build): (gdb) bt #0 0xafd0f1b8 in memcpy () from libc.so #1 0x82a6d26c in ReplaceCallback (cx=0x4af01380, count=<value optimized out>, p=<value optimized out>) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsstr.cpp:2181 #2 0x82a657a2 in DoMatch (cx=0x4af01380, vp=0x4b0001d0, str=0x4b574300, rep=<value optimized out>, callback=0x82a6ced1 <ReplaceCallback(JSContext*, size_t, void*)>, data=0x48111540, flags=REPLACE_ARGS) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsstr.cpp:1833 #3 0x82a6bb8e in str_replace_regexp (cx=0x4af01380, argc=2, vp=0x4b0001d0) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsstr.cpp:2350 #4 js::str_replace (cx=0x4af01380, argc=2, vp=0x4b0001d0) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsstr.cpp:2466 #5 0x82b1fbb0 in js::Interpret (cx=0x4af01380, entryFrame=<value optimized out>, inlineCallCount=Cannot access memory at address 0x98a00000 ) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsinterp.cpp:4611 #6 0x82a0f884 in js::RunScript (cx=0x4af01380, script=<value optimized out>, fun=<value optimized out>, scopeChain=<value optimized out>) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsinterp.cpp:468 #7 0x82a105fc in js::Invoke (cx=0x4af01380, argsRef=<value optimized out>, flags=<value optimized out>) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsinterp.cpp:614 #8 0x82a10b78 in js::ExternalInvoke (cx=0x4af01380, thisv=..., fval=..., argc=1, argv=0x48111c28, rval=0x48111ce8) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsinterp.cpp:644 #9 0x829d50cc in ExternalInvoke (cx=0x4af01380, obj=<value optimized out>, fval=9304612810792172060, argc=1, argv=0x48111c28, rval=0x48111ce8) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsinterp.h:729 #10 JS_CallFunctionValue (cx=0x4af01380, obj=<value optimized out>, fval=9304612810792172060, argc=1, argv=0x48111c28, rval=0x48111ce8) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsapi.cpp:4747 #11 0x826d6004 in nsXPCWrappedJSClass::CallMethod (this=0x4b744040, wrapper=0x82f057d8, methodIndex=<value optimized out>, info=0x47e9fe38, nativeParams=0x48111d78) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/xpconnect/src/xpcwrappedjsclass.cpp:1692 #12 0x826d3298 in nsXPCWrappedJS::CallMethod (this=0x82f057d8, methodIndex=3, info=0x47e9fe38, params=<value optimized out>) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/xpconnect/src/xpcwrappedjs.cpp:571 #13 0x8293f1e0 in PrepareAndDispatch (self=0x4b68b7a0, methodIndex=<value optimized out>, args=0x48111e34) at /scratchbox/users/ben/home/ben/projects/cedar/xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:132 #14 0x8293e914 in SharedStub () from /scratchbox/users/ben/home/ben/projects/cedar/mobilebase-android/dist/bin/libxul.so #15 0x8293e914 in SharedStub () from /scratchbox/users/ben/home/ben/projects/cedar/mobilebase-android/dist/bin/libxul.so Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Updated•14 years ago
|
tracking-fennec: --- → 2.0b1+
Reporter | ||
Comment 1•14 years ago
|
||
In ReplaceCallback, chars is aligned properly.
Reporter | ||
Comment 2•14 years ago
|
||
Also from bug 595868 metacrash bug: #0 0xafd0f1b8 in memcpy () from libc.so #1 0x82a6be94 in ReplaceCallback (cx=0x49d01380, count=<value optimized out>, p=<value optimized out>) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsstr.cpp:2181 #2 0x82a6438a in DoMatch (cx=0x49d01380, vp=0x49e00108, str=0x4a375260, rep=<value optimized out>, callback=0x82a6baf9 <ReplaceCallback(JSContext*, size_t, void*)>, data=0x487b41b8, flags=REPLACE_ARGS) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsstr.cpp:1833 #3 0x82a6a7b6 in str_replace_regexp (cx=0x49d01380, argc=2, vp=0x49e00108) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsstr.cpp:2350 #4 js::str_replace (cx=0x49d01380, argc=2, vp=0x49e00108) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsstr.cpp:2466 #5 0x82b1eb16 in js::Interpret (cx=0x49d01380, entryFrame=<value optimized out>, inlineCallCount=Cannot access memory at address 0x9a300000 ) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsinterp.cpp:4611 #6 0x82a0e36c in js::RunScript (cx=0x49d01380, script=<value optimized out>, fun=<value optimized out>, scopeChain=<value optimized out>) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsinterp.cpp:468 #7 0x82a0f0ec in js::Invoke (cx=0x49d01380, argsRef=<value optimized out>, flags=<value optimized out>) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsinterp.cpp:614 #8 0x82a0f668 in js::ExternalInvoke (cx=0x49d01380, thisv=..., fval=..., argc=1, argv=0x487b48a0, rval=0x487b4960) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsinterp.cpp:644 #9 0x829d3b74 in ExternalInvoke (cx=0x49d01380, obj=<value optimized out>, fval=9304612810792172060, argc=1, argv=0x487b48a0, rval=0x487b4960) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsinterp.h:729 #10 JS_CallFunctionValue (cx=0x49d01380, obj=<value optimized out>, fval=9304612810792172060, argc=1, argv=0x487b48a0, rval=0x487b4960) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/jsapi.cpp:4747 #11 0x826d4bf4 in nsXPCWrappedJSClass::CallMethod (this=0x4a737f10, wrapper=0x82f04458, methodIndex=<value optimized out>, info=0x47e9fe38, nativeParams=0x487b49f0) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/xpconnect/src/xpcwrappedjsclass.cpp:1692 #12 0x826d1e88 in nsXPCWrappedJS::CallMethod (this=0x82f04458, methodIndex=3, info=0x47e9fe38, params=<value optimized out>) at /scratchbox/users/ben/home/ben/projects/cedar/js/src/xpconnect/src/xpcwrappedjs.cpp:571 #13 0x8293dc18 in PrepareAndDispatch (self=0x4a7067a0, methodIndex=<value optimized out>, args=0x487b4aac) at /scratchbox/users/ben/home/ben/projects/cedar/xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:132 #14 0x8293d34c in SharedStub () from /scratchbox/users/ben/home/ben/projects/cedar/mobilebase-android/dist/bin/libxul.so #15 0x8293d34c in SharedStub () from /scratchbox/users/ben/home/ben/projects/cedar/mobilebase-android/dist/bin/libxul.so
Updated•14 years ago
|
Severity: normal → blocker
Reporter | ||
Updated•14 years ago
|
Severity: blocker → normal
Keywords: crash
Summary: Fennec Android crash in jsstr.cpp → Fennec Android crash in jsstr.cpp:ReplaceCallback
Updated•14 years ago
|
Severity: normal → blocker
Reporter | ||
Comment 3•14 years ago
|
||
This is for cedar/mobile2 builds BTW, after JM merge had landed.
Updated•14 years ago
|
Assignee: nobody → cdleary
Reporter | ||
Comment 4•14 years ago
|
||
Looks like this is the place it is crashing in JS: http://mxr.mozilla.org/mozilla-central/source/toolkit/mozapps/update/nsUpdateTimerManager.js#201
Reporter | ||
Comment 5•14 years ago
|
||
It sounds like as a last resort we may be able to compile without compiled regexps to fix this problem.
Reporter | ||
Comment 6•14 years ago
|
||
We are seeing bogus values being given for regular expression matching begin and end values. Sounds like an unsigned/signed issue perhaps?
Reporter | ||
Comment 7•14 years ago
|
||
Something in the YARR is giving us bogus offsets for pattern matching. Disabling YARR seems to fix all my crash problems on Android.
Attachment #475586 -
Flags: review?(sayrer)
Comment 8•14 years ago
|
||
using this patch I was able to start fennec on a linux-arm device.
Assignee | ||
Updated•14 years ago
|
Attachment #475586 -
Flags: review?(sayrer) → review+
Comment 9•14 years ago
|
||
pushed http://hg.mozilla.org/mozilla-central/rev/b9ff2a9339e2
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Comment 10•14 years ago
|
||
verified FIXED on build: Mozilla/5.0 (Android; Linux armv71; Nokia N900; en-US; rv:2.0b6pre) Gecko/20100916 Namoroka/4.0b7pre Fennec/2.0b1pre
Status: RESOLVED → VERIFIED
Updated•14 years ago
|
Flags: in-testsuite?
You need to log in
before you can comment on or make changes to this bug.
Description
•