This bug was filed from the Socorro interface and is
report bp-e5e6d8d2-718b-40f7-8d3e-cf7c62110830 .
I am filing this bug for the user who actually experienced it.
More crash reports for the page in question:
Also, not sure of the proper component, so chose General for the moment.
Does the linked URL crash reliably, or only sometimes?
For me that link has crashed every time I let Noscript to "allow all this page" but not if I allow only rchelicopterfun.com...
For me, it has not crashed at all. Others in the mozillazine forum (http://forums.mozillazine.org/viewtopic.php?p=11194661#p11194661) evidently are only seeing this intermittently if they seeing more than one crash.
For me, its 100%, even with a new profile.
I tried, again, after disabling AdBlock Plus and got this crash:
For me this page crashes reliably in a TI nightly from a few days ago. Looking into now...
This page crashes it every time for me on today's nightly (built from e6591ea9b27b):
Created attachment 557071 [details] [diff] [review]
Patch for the rchelicopters.com crash. Regalloc bug when hoisting computations from accesses like arguments[x]. I'm not sure how many of the EnterMethodJIT crashes this will address (this is a blanket signature for all jitcode crashes), but all the crashes I looked at *could* have been caused by this bug.
Just tested with an hourly build based on cset:
and no more crashes on the linked URL as reported. Thanks for the quick work. Do want to leave this open, or should it be now be closed ?
Lets close this one, future jitcode crashes with this signature will be for different reasons. I also tested the link in comment 7 with and without this patch, and it looks to be the same (fixed) issue.
Scooby, this isn't the bug you're looking for. This is brand new code.
Can someone on this bug who was able to reproduce it before please verify the fix on Firefox 9?
At least for for me, no crash anymore using Firefox 9b4:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0) Gecko/20100101 Firefox/9.0 ID:20111130065942