Closed
Bug 601197
Opened 14 years ago
Closed 14 years ago
JM: Crash on Firebug test for issue 2914
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: dmandelin, Assigned: dmandelin)
References
Details
(Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
845 bytes,
patch
|
billm
:
review+
|
Details | Diff | Splinter Review |
Spun off from bug 599400 comment 11: > I am seeing yet one test case that causes crash and is also related to > clearBreakpoints(), here is a stack trace: > > mozjs.dll!js::StackSegment::getCurrentFrame() Line 86 + 0x8 bytes C++ > mozjs.dll!js::AllFramesIter::operator++() Line 474 + 0x12 bytes C++ > mozjs.dll!js::mjit::Recompiler::recompile() Line 125 + 0x21 bytes C++ > mozjs.dll!JS_ClearTrap(JSContext * cx=0x08307f08, JSScript * script=0x0d271df8, > unsigned char * pc=0x0d271e60, JSTrapStatus (JSContext *, JSScript *, unsigned > char *, unsigned __int64 *, unsigned __int64)* * handlerp=0x00000000, unsigned > __int64 * closurep=0x00000000) Line 335 C++ > jsd3250.dll!jsd_ClearExecutionHook(JSDContext * jsdc=0x039f5ec8, JSDScript * > jsdscript=0x0d274b00, unsigned int pc=220667488) Line 833 + 0x1c bytes C > jsd3250.dll!JSD_ClearExecutionHook(JSDContext * jsdc=0x039f5ec8, JSDScript * > jsdscript=0x0d274b00, unsigned int pc=220667488) Line 552 + 0x11 bytes C > jsd3250.dll!jsdScript::ClearBreakpoint(unsigned int aPC=0) Line 1502 + 0x17 > bytes C++ > > I have modified getCurrentFrame() as follows: > > JS_REQUIRES_STACK JS_ALWAYS_INLINE JSStackFrame * > StackSegment::getCurrentFrame() const > { > JSFrameRegs* regs = getCurrentRegs(); > return regs ? regs->fp : NULL; > } > > and I am seeing that |regs| is an invalid pointer. > > > STR: > 1) Install Firebug 1.6b1 > 2) Open: http://getfirebug.com/tests/content/console/2914/issue2914.html > 3) CRASH > > A glue could be to know that the test is trying to access a parent frame (from > a child frame) and use its window property. Something like as follows: > > parent.window.console.error("iframe error"); > > Honza
Attachment #480190 -
Flags: review?(wmccloskey) → review+
Assignee | ||
Comment 2•14 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/da2be47f32d7
Status: NEW → ASSIGNED
Whiteboard: fixed-in-tracemonkey
Comment 3•14 years ago
|
||
I have been testing this (cloning source from http://hg.mozilla.org/tracemonkey and setting manually debugMode to true) and I see a case where it still crashes. Use the same test, but set the following preference to false. user_pref("extensions.firebug.service.filterSystemURLs", false); Honza
Comment 4•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/da2be47f32d7
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•