Closed
Bug 601197
Opened 15 years ago
Closed 15 years ago
JM: Crash on Firebug test for issue 2914
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: dmandelin, Assigned: dmandelin)
References
Details
(Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
845 bytes,
patch
|
billm
:
review+
|
Details | Diff | Splinter Review |
Spun off from bug 599400 comment 11:
> I am seeing yet one test case that causes crash and is also related to
> clearBreakpoints(), here is a stack trace:
>
> mozjs.dll!js::StackSegment::getCurrentFrame() Line 86 + 0x8 bytes C++
> mozjs.dll!js::AllFramesIter::operator++() Line 474 + 0x12 bytes C++
> mozjs.dll!js::mjit::Recompiler::recompile() Line 125 + 0x21 bytes C++
> mozjs.dll!JS_ClearTrap(JSContext * cx=0x08307f08, JSScript * script=0x0d271df8,
> unsigned char * pc=0x0d271e60, JSTrapStatus (JSContext *, JSScript *, unsigned
> char *, unsigned __int64 *, unsigned __int64)* * handlerp=0x00000000, unsigned
> __int64 * closurep=0x00000000) Line 335 C++
> jsd3250.dll!jsd_ClearExecutionHook(JSDContext * jsdc=0x039f5ec8, JSDScript *
> jsdscript=0x0d274b00, unsigned int pc=220667488) Line 833 + 0x1c bytes C
> jsd3250.dll!JSD_ClearExecutionHook(JSDContext * jsdc=0x039f5ec8, JSDScript *
> jsdscript=0x0d274b00, unsigned int pc=220667488) Line 552 + 0x11 bytes C
> jsd3250.dll!jsdScript::ClearBreakpoint(unsigned int aPC=0) Line 1502 + 0x17
> bytes C++
>
> I have modified getCurrentFrame() as follows:
>
> JS_REQUIRES_STACK JS_ALWAYS_INLINE JSStackFrame *
> StackSegment::getCurrentFrame() const
> {
> JSFrameRegs* regs = getCurrentRegs();
> return regs ? regs->fp : NULL;
> }
>
> and I am seeing that |regs| is an invalid pointer.
>
>
> STR:
> 1) Install Firebug 1.6b1
> 2) Open: http://getfirebug.com/tests/content/console/2914/issue2914.html
> 3) CRASH
>
> A glue could be to know that the test is trying to access a parent frame (from
> a child frame) and use its window property. Something like as follows:
>
> parent.window.console.error("iframe error");
>
> Honza
Assignee | ||
Comment 1•15 years ago
|
||
Attachment #480190 -
Flags: review?(wmccloskey)
Attachment #480190 -
Flags: review?(wmccloskey) → review+
Assignee | ||
Comment 2•15 years ago
|
||
Status: NEW → ASSIGNED
Whiteboard: fixed-in-tracemonkey
Comment 3•15 years ago
|
||
I have been testing this (cloning source from http://hg.mozilla.org/tracemonkey and setting manually debugMode to true) and I see a case where it still crashes.
Use the same test, but set the following preference to false.
user_pref("extensions.firebug.service.filterSystemURLs", false);
Honza
Comment 4•15 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•