Closed Bug 702905 Opened 13 years ago Closed 13 years ago

Crash in JSC::Yarr::Interpreter::matchDisjunction

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
10 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla10

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash, regression)

Crash Data

It's #19 top crasher in 10.0a2 and #32 in 11.0a1.

Stack traces look like:
Frame 	Module 	Signature [Expand] 	Source
0 	mozjs.dll 	JSC::Yarr::Interpreter::matchDisjunction 	js/src/yarr/YarrInterpreter.cpp:1098
1 	mozjs.dll 	JSC::Yarr::Interpreter::interpret 	js/src/yarr/YarrInterpreter.cpp:1400
2 	mozjs.dll 	JSC::Yarr::interpret 	js/src/yarr/YarrInterpreter.cpp:1900
3 	mozjs.dll 	js::RegExpPrivateCode::execute 	js/src/vm/RegExpObject-inl.h:350
4 	mozjs.dll 	js::RegExpPrivate::execute 	js/src/vm/RegExpObject.cpp:212
5 	mozjs.dll 	ExecuteRegExpImpl<js::RegExpPrivate> 	js/src/builtin/RegExp.cpp:135
6 	mozjs.dll 	ExecuteRegExp 	js/src/builtin/RegExp.cpp:565
7 	mozjs.dll 	js::regexp_exec 	js/src/builtin/RegExp.cpp:584
8 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:629
9 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:3948
10 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:584
11 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:647
12 	mozjs.dll 	js::Invoke 	js/src/jsinterp.cpp:679
13 	mozjs.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:5199
14 	xul.dll 	nsJSContext::CallEventHandler 	dom/base/nsJSEnvironment.cpp:1937
15 	xul.dll 	nsGlobalWindow::RunTimeout 	dom/base/nsGlobalWindow.cpp:9307
16 	xul.dll 	nsGlobalWindow::TimerCallback 	dom/base/nsGlobalWindow.cpp:9747
17 	xul.dll 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:425
18 	xul.dll 	nsTimerEvent::Run 	xpcom/threads/nsTimerImpl.cpp:521
19 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:631
20 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:134
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=JSC%3A%3AYarr%3A%3AInterpreter%3A%3AmatchDisjunction%28JSC%3A%3AYarr%3A%3AByteDisjunction*%2C%20JSC%3A%3AYarr%3A%3AInterpreter%3A%3ADisjunctionContext*%2C%20bool%2C%20bool%29
There have been no crashes in 11.0a1/20111115 and above.
This was fixed by the backout for bug 702426.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla10
You need to log in before you can comment on or make changes to this bug.