Closed Bug 702905 Opened 14 years ago Closed 14 years ago

Crash in JSC::Yarr::Interpreter::matchDisjunction

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
10 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla10

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash, regression)

Crash Data

It's #19 top crasher in 10.0a2 and #32 in 11.0a1. Stack traces look like: Frame Module Signature [Expand] Source 0 mozjs.dll JSC::Yarr::Interpreter::matchDisjunction js/src/yarr/YarrInterpreter.cpp:1098 1 mozjs.dll JSC::Yarr::Interpreter::interpret js/src/yarr/YarrInterpreter.cpp:1400 2 mozjs.dll JSC::Yarr::interpret js/src/yarr/YarrInterpreter.cpp:1900 3 mozjs.dll js::RegExpPrivateCode::execute js/src/vm/RegExpObject-inl.h:350 4 mozjs.dll js::RegExpPrivate::execute js/src/vm/RegExpObject.cpp:212 5 mozjs.dll ExecuteRegExpImpl<js::RegExpPrivate> js/src/builtin/RegExp.cpp:135 6 mozjs.dll ExecuteRegExp js/src/builtin/RegExp.cpp:565 7 mozjs.dll js::regexp_exec js/src/builtin/RegExp.cpp:584 8 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:629 9 mozjs.dll js::Interpret js/src/jsinterp.cpp:3948 10 mozjs.dll js::RunScript js/src/jsinterp.cpp:584 11 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:647 12 mozjs.dll js::Invoke js/src/jsinterp.cpp:679 13 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5199 14 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:1937 15 xul.dll nsGlobalWindow::RunTimeout dom/base/nsGlobalWindow.cpp:9307 16 xul.dll nsGlobalWindow::TimerCallback dom/base/nsGlobalWindow.cpp:9747 17 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:425 18 xul.dll nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:521 19 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:631 20 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:134 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=JSC%3A%3AYarr%3A%3AInterpreter%3A%3AmatchDisjunction%28JSC%3A%3AYarr%3A%3AByteDisjunction*%2C%20JSC%3A%3AYarr%3A%3AInterpreter%3A%3ADisjunctionContext*%2C%20bool%2C%20bool%29
There have been no crashes in 11.0a1/20111115 and above.
This was fixed by the backout for bug 702426.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla10
You need to log in before you can comment on or make changes to this bug.