Closed
Bug 704460
Opened 13 years ago
Closed 11 years ago
Crash in js_ValueToString with Firebug
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: scoobidiver, Unassigned)
Details
(Keywords: crash, regression, Whiteboard: [firebug-p1])
Crash Data
It's #15 top crasher on Mac OS X in 9.0b2, #59 in 10.0a2. Signature js_ValueToString UUID b3770d54-cf60-44f5-93bb-ef9b32111118 Date Processed 2011-11-18 16:26:28.876487 Uptime 22049 Last Crash 1.0 days before submission Install Age 3.2 days since version was first installed. Install Time 2011-11-15 18:36:29 Product Firefox Version 9.0 Build ID 20111109112850 Release Channel beta OS Mac OS X OS Version 10.5.8 9L30 Build Architecture x86 Build Architecture Info family 6 model 23 stepping 6 Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash Address 0xffffffff8b000093 App Notes Renderers: 0x22600,0x20400 Frame Module Signature [Expand] Source 0 XUL js_ValueToString js/src/jsobj.h:1501 1 XUL JS_ValueToString js/src/jsapi.cpp:492 2 XUL jsd_GetValueString js/jsd/jsd_val.c:239 3 XUL jsd_GetValueProperty js/jsd/jsd_val.c:594 4 XUL jsdValue::GetProperty js/jsd/jsd_xpc.cpp:2425 5 XUL XUL@0xfea62f 6 XUL XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:3150 7 XUL XPC_WN_CallMethod js/src/xpconnect/src/xpcwrappednativejsops.cpp:1629 8 XUL js::mjit::stubs::UncachedCallHelper js/src/jscntxtinlines.h:296 9 XUL js::mjit::stubs::UncachedCall js/src/methodjit/InvokeHelpers.cpp:434 10 @0x56b6c7b5 11 XUL js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:866 12 @0x249b77cf 13 XUL js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:945 14 XUL js::RunScript js/src/jsinterp.cpp:611 15 XUL js::InvokeKernel js/src/jsinterp.cpp:678 16 XUL js_fun_apply js/src/jsinterp.h:167 17 XUL js::mjit::stubs::UncachedCallHelper js/src/jscntxtinlines.h:296 18 XUL js::mjit::stubs::UncachedCall js/src/methodjit/InvokeHelpers.cpp:434 19 @0x35d0403d 20 XUL js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:866 21 @0x249b7747 22 XUL js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:945 23 XUL js::RunScript js/src/jsinterp.cpp:611 24 XUL js::InvokeKernel js/src/jsinterp.cpp:678 25 XUL js::Invoke js/src/jsinterp.h:167 26 XUL JS_CallFunctionValue js/src/jsapi.cpp:5039 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=js_ValueToString
Comment 1•13 years ago
|
||
This is inside JSD so presumably it's Firebug-related.
Comment 2•13 years ago
|
||
I believe, http://code.google.com/p/fbug/issues/detail?id=5075 is related to this. It also describes a test case. Sebastian
Updated•13 years ago
|
Whiteboard: [firebug-p1]
Reporter | ||
Comment 3•12 years ago
|
||
(In reply to David Mandelin from comment #1) > This is inside JSD so presumably it's Firebug-related. Confirmed by correlations in 9.0.1: js_ValueToString|EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE (28 crashes) 100% (28/28) vs. 19% (456/2456) firebug@software.joehewitt.com (Firebug, https://addons.mozilla.org/addon/1843)
Summary: Crash in js_ValueToString → Crash in js_ValueToString with Firebug
Comment 4•12 years ago
|
||
Can anyone reproduce this with Nightly (12), Aurora (11), or Beta (10b5 or later -- not yet released, but should come out on Friday)? I'm suspecting bug 712289 (which you probably can't see, but the patch has landed on all branches now.)
Comment 5•12 years ago
|
||
I asked in the related Firebug issue, if someone can still reproduce this crash. Sebastian
Comment 6•12 years ago
|
||
Related issue: http://code.google.com/p/fbug/issues/detail?id=5075 Honza
Reporter | ||
Comment 7•11 years ago
|
||
There have been no crashes for the last four weeks after 10.0.2.
Status: NEW → RESOLVED
Crash Signature: [@ js_ValueToString ] → [@ js_ValueToString ]
[@ js_ValueToString(JSContext*, JS::Value const&) ]
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•