Closed
Bug 687856
Opened 13 years ago
Closed 13 years ago
crash [@ mozjs.dll]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: alice0775, Assigned: bhackett1024)
References
()
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
1.66 KB,
patch
|
dvander
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-08df7520-37e4-45cd-96c8-a52c72110920 . ============================================================= Build Identifier: http://hg.mozilla.org/mozilla-central/rev/648d084ca28e Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0a1) Gecko/20110920 Firefox/9.0a1 ID:20110920030905 Browser crashes when zoom-in Google Maps Reproducible: Always Steps to Reproduce: 1. Open Firefox with clean profile 2. Open http://maps.google.com/ 3. Zoom in maps by mouse wheel or slider Actual Results: Browser crashes Expected Results: Browser should not crash Regression window(m-c) Works: http://hg.mozilla.org/mozilla-central/rev/ea2f892d9439 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0a1) Gecko/20110919 Firefox/9.0a1 ID:20110919123348 Crashes: http://hg.mozilla.org/mozilla-central/rev/648d084ca28e Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0a1) Gecko/20110920 Firefox/9.0a1 ID:20110920030905 Pushlog: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=ea2f892d9439&tochange=648d084ca28e
Reporter | ||
Updated•13 years ago
|
Assignee: nobody → general
Component: General → JavaScript Engine
Product: Firefox → Core
QA Contact: general → general
Assignee | ||
Updated•13 years ago
|
Assignee: general → bhackett1024
Comment 1•13 years ago
|
||
Using build based on hourly m-c win32: https://hg.mozilla.org/mozilla-central/rev/a89ac13dbeb9 I saw no crashes after playing with google-maps quite a bit trying to make it crash.
Comment 2•13 years ago
|
||
Would mozjs.dll@0x13d9a be considered a different signature? From crash report https://crash-stats.mozilla.com/report/index/bp-6edcf16c-7c5c-41dd-87d3-5b6242110920
Reporter | ||
Comment 3•13 years ago
|
||
(In reply to Jim Jeffery not reading bug-mail 1/2/11 from comment #1) > Using build based on hourly m-c win32: > https://hg.mozilla.org/mozilla-central/rev/a89ac13dbeb9 > > I saw no crashes after playing with google-maps quite a bit trying to make > it crash. using latest m-c hourly http://hg.mozilla.org/mozilla-central/rev/a89ac13dbeb9 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0a1) Gecko/20110919 Firefox/9.0a1 ID:20110919225448 It also crashes bp-b1af37ee-5f92-4d1f-b135-419582110920
Comment 4•13 years ago
|
||
(In reply to Alice0775 White from comment #3) > (In reply to Jim Jeffery not reading bug-mail 1/2/11 from comment #1) > > Using build based on hourly m-c win32: > > https://hg.mozilla.org/mozilla-central/rev/a89ac13dbeb9 > > > > I saw no crashes after playing with google-maps quite a bit trying to make > > it crash. > using latest m-c hourly > http://hg.mozilla.org/mozilla-central/rev/a89ac13dbeb9 > Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0a1) Gecko/20110919 Firefox/9.0a1 > ID:20110919225448 > > It also crashes > bp-b1af37ee-5f92-4d1f-b135-419582110920 Indeed, I just re-tested. seems to crash about the 3rd click on the + arrow to zoom in the map.
Comment 5•13 years ago
|
||
(In reply to Ray Murphy (WildcatRay) from comment #2) > Would mozjs.dll@0x13d9a be considered a different signature? > > From crash report > https://crash-stats.mozilla.com/report/index/bp-6edcf16c-7c5c-41dd-87d3- > 5b6242110920 On this crash, I used the mouse wheel to zoom in one click. Then, after a momentary pause, I zoomed out one click. Shortly thereafter, the browser crashed.
Assignee | ||
Comment 6•13 years ago
|
||
On Mac I can't get this to reproduce at all, but it does on Windows. It may only manifest on x86. Building a windows tree...
Comment 7•13 years ago
|
||
I see the crash on a clean profile with Windows XP on today's nightly. It seems to happen after three or four middle-mouse zooms. I was not able to cause a crash in safe mode (two attempts of about two minutes of constant scrolling each time). http://crash-stats.mozilla.com/report/index/bp-c31e5a5b-22be-464d-adff-3cf172110920 http://crash-stats.mozilla.com/report/index/bp-5a854cc6-a9a2-43b9-9204-e380c2110920 http://crash-stats.mozilla.com/report/index/bp-f5c88986-747d-43b7-b64d-1f1032110920
OS: Windows 7 → All
Reporter | ||
Comment 8•13 years ago
|
||
On Linux build bp-60f98c91-aed7-48cb-b540-c12c22110920 http://hg.mozilla.org/mozilla-central/rev/648d084ca28e Mozilla/5.0 (X11; Linux i686; rv:9.0a1) Gecko/20110920 Firefox/9.0a1 ID:20110920030905
Assignee | ||
Comment 9•13 years ago
|
||
Regression from bug 686000. After returning from a stub call we check the result type against observed types while still in jitcode, but could clobber a live register while doing so --- the FrameState keeps callee-save registers live across inline stub calls.
Attachment #561275 -
Flags: review?(dvander)
Updated•13 years ago
|
Attachment #561275 -
Flags: review?(dvander) → review+
Assignee | ||
Comment 10•13 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/397abdbd54a8
Whiteboard: inbound
Updated•13 years ago
|
Summary: crash mozjs → crash [@ mozjs.dll]
Assignee | ||
Comment 11•13 years ago
|
||
Also landed straight to m-c to make sure this ends up in tomorrow's nightly. https://hg.mozilla.org/mozilla-central/rev/2d29d3a3b314
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: inbound
Comment 12•13 years ago
|
||
Using today's Nightly nightly, it appears that the patch has fixed things. Thanks, Brian.
You need to log in
before you can comment on or make changes to this bug.
Description
•