Closed Bug 625763 Opened 14 years ago Closed 14 years ago

Startup Crash [@ js::PropertyTable::capacity] with gczeal 2

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 625191

People

(Reporter: bc, Unassigned)

Details

(Whiteboard: [sg:dupe 625191]) 

1. set gczeal 2
2. start 2.0.0 on linux/mac
3. crash

ss due to this=0xdadadada (where are our debug malloc markers documented?)

#6  0x029a8c09 in js::PropertyTable::capacity (this=0xdadadada) at /work/mozilla/builds/2.0.0/mozilla/js/src/jsscope.h:249
#7  0x029a8c37 in js::PropertyTable::needsToGrow (this=0xdadadada) at /work/mozilla/builds/2.0.0/mozilla/js/src/jsscope.h:253
#8  0x029a5441 in js::Shape::getChild (this=0xa9d0034, cx=0xa8619b0, child=..., listp=0xbfb76188) at /work/mozilla/builds/2.0.0/mozilla/js/src/jsscope.cpp:474
#9  0x029aaed0 in js::Bindings::add (this=0xbfb76188, cx=0xa8619b0, name=0xb0a320a0, kind=ARGUMENT) at /work/mozilla/builds/2.0.0/mozilla/js/src/jsscript.cpp:158
#10 0x028845bc in js::Bindings::addArgument (this=0xbfb76188, cx=0xa8619b0, name=0xb0a320a0, slotp=0xbfb76186) at /work/mozilla/builds/2.0.0/mozilla/js/src/jsscript.h:247
#11 0x0287d7b9 in JS_CompileUCFunctionForPrincipals (cx=0xa8619b0, obj=0x0, principals=0xa110dc4, name=0xbfb76390 "openPopup", nargs=7, argnames=0xaa18a18, chars=0xaa18e28, 
    length=295, filename=0xbfb7633c "chrome://global/content/bindings/popup.xml", lineno=41) at /work/mozilla/builds/2.0.0/mozilla/js/src/jsapi.cpp:4738
#12 0x0287d563 in JS_CompileUCFunctionForPrincipalsVersion (cx=0xa8619b0, obj=0x0, principals=0xa110dc4, name=0xbfb76390 "openPopup", nargs=7, argnames=0xaa18a18, 
    chars=0xaa18e28, length=295, filename=0xbfb7633c "chrome://global/content/bindings/popup.xml", lineno=41, version=JSVERSION_ECMA_5)
    at /work/mozilla/builds/2.0.0/mozilla/js/src/jsapi.cpp:4694
#13 0x018c9da2 in nsJSContext::CompileFunction (this=0xa44d100, aTarget=0xb0a16508, aName=..., aArgCount=7, aArgArray=0xaa18a18, aBody=..., 
    aURL=0xbfb7633c "chrome://global/content/bindings/popup.xml", aLineNo=41, aVersion=185, aShared=1, aFunctionObject=0xbfb763d0)
    at /work/mozilla/builds/2.0.0/mozilla/dom/base/nsJSEnvironment.cpp:2095
#14 0x01870de2 in nsXBLProtoImplMethod::CompileMember (this=0xaa18c88, aContext=0xa44d100, aClassStr=..., aClassObject=0xb0a16508)
    at /work/mozilla/builds/2.0.0/mozilla/content/xbl/src/nsXBLProtoImplMethod.cpp:247
#15 0x0187246c in nsXBLProtoImpl::CompilePrototypeMembers (this=0xaa18578, aBinding=0xa862f88) at /work/mozilla/builds/2.0.0/mozilla/content/xbl/src/nsXBLProtoImpl.cpp:190
#16 0x01872077 in nsXBLProtoImpl::InitTargetObjects (this=0xaa18578, aBinding=0xa862f88, aContext=0xa5ecfa0, aBoundElement=0xa9a1a20, aScriptObjectHolder=0xbfb76534, 
    aTargetClassObject=0xbfb76530) at /work/mozilla/builds/2.0.0/mozilla/content/xbl/src/nsXBLProtoImpl.cpp:111
#
crap, probably a dupe of bug 625191. I missed it because it didn't include the namespace in the summary. :-(
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 625191]
Group: core-security
You need to log in before you can comment on or make changes to this bug.