Closed
Bug 619585
Opened 14 years ago
Closed 14 years ago
crash in [@ js::RegExpStatics::updateFromMatch(JSContext*, JSString*, int*, unsigned int) ] [@ js_GetProperty ]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 606882
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | betaN+ |
People
(Reporter: marcia, Assigned: paul.biggar)
References
()
Details
(Keywords: crash, regression, reproducible)
Crash Data
Attachments
(1 file)
|
2.79 KB,
text/plain
|
Details |
Reproduced from bughunter using Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8) Gecko/20100101 Firefox/4.0b8. Reproducible on Mac as well but I get a different stack.
STR:
1. Load the URL.
2. Crash 100%
http://crash-stats.mozilla.com/report/index/b10aa738-83f8-4525-941b-6d8272101215 is my report from Win 7.
Frame Module Signature [Expand] Source
0 mozjs.dll js::RegExpStatics::updateFromMatch js/src/jsregexp.h:188
|
Reporter | |
Comment 1•14 years ago
|
||
https://crash-stats.mozilla.com/report/index/c32f60be-897f-4c8c-b7cd-f0f4b2101215 is my report on Mac.
|
||
Updated•14 years ago
|
blocking2.0: --- → betaN+
Keywords: regression
|
Assignee | |
Updated•14 years ago
|
Assignee: general → pbiggar
|
|
Reporter | |
Comment 3•14 years ago
|
||
[@ js_GetProperty ] is the stack I get when I crash today using Mac today using the same URL.
Summary: crash in [@ js::RegExpStatics::updateFromMatch(JSContext*, JSString*, int*, unsigned int) ] → crash in [@ js::RegExpStatics::updateFromMatch(JSContext*, JSString*, int*, unsigned int) ] [@ js_GetProperty ]
|
|
Assignee | |
Comment 4•14 years ago
|
||
Am having trouble getting a stack trace and symbols when I run this on Mac.
|
||
Comment 5•14 years ago
|
||
(In reply to comment #4)
> Am having trouble getting a stack trace and symbols when I run this on Mac.
You may need to build with -fno-omit-framepointer to get a decent stack.
|
|
Assignee | |
Comment 6•14 years ago
|
||
(In reply to comment #5)
> You may need to build with -fno-omit-framepointer to get a decent stack.
Am running a debug build, no optimizations, so there should be a framepointer anyway.
|
|
Assignee | |
Comment 7•14 years ago
|
||
Can't reproduce on linux 32-bit. Looks like I just wont be able to get this into a debugger. Going to go printf from here on it :-/
|
|
Assignee | |
Comment 8•14 years ago
|
||
I can no longer reproduce this, so the site must have been fixed.
I'm attaching a test case with the regex which was being run when the crash hit. However, I'm not sure it's really a regex problem.
|
|
Reporter | |
Comment 9•14 years ago
|
||
I wonder if this might be a dupe of Bug 595351 since I think bc was crashing with the same site, which was harvested from the same source.
|
|
Assignee | |
Comment 10•14 years ago
|
||
(In reply to comment #9)
> I wonder if this might be a dupe of Bug 595351 since I think bc was crashing
> with the same site, which was harvested from the same source.
Reading from the comments there, it looks like this might be one of many real bugs involved in bug 595351. I think it's best to keep this separate.
|
|
Assignee | |
Comment 11•14 years ago
|
||
I got sent a non-public test case. I can reduce it to a 1-liner which shows the bug is definitely in YARR.
|
|
Assignee | |
Comment 12•14 years ago
|
||
The 1 liner:
"ABC".match("A+(?:X?(?:|(?:))(?:(?:B)?C+w?w?)?)*");
is basically the same as bug 606882, with the same stack trace (and the same source site - even though that no longer reproduces), so it must be a dup. Also, cdleary is in a much better position to fix this than I.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
|
||
Updated•14 years ago
|
Crash Signature: [@ js::RegExpStatics::updateFromMatch(JSContext*, JSString*, int*, unsigned int) ]
[@ js_GetProperty ]
You need to log in
before you can comment on or make changes to this bug.
Description
•