Closed
Bug 704460
Opened 13 years ago
Closed 11 years ago
Crash in js_ValueToString with Firebug
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: scoobidiver, Unassigned)
Details
(Keywords: crash, regression, Whiteboard: [firebug-p1])
Crash Data
It's #15 top crasher on Mac OS X in 9.0b2, #59 in 10.0a2. Signature js_ValueToString UUID b3770d54-cf60-44f5-93bb-ef9b32111118 Date Processed 2011-11-18 16:26:28.876487 Uptime 22049 Last Crash 1.0 days before submission Install Age 3.2 days since version was first installed. Install Time 2011-11-15 18:36:29 Product Firefox Version 9.0 Build ID 20111109112850 Release Channel beta OS Mac OS X OS Version 10.5.8 9L30 Build Architecture x86 Build Architecture Info family 6 model 23 stepping 6 Crash Reason EXC_BAD_ACCESS / KERN_INVALID_ADDRESS Crash Address 0xffffffff8b000093 App Notes Renderers: 0x22600,0x20400 Frame Module Signature [Expand] Source 0 XUL js_ValueToString js/src/jsobj.h:1501 1 XUL JS_ValueToString js/src/jsapi.cpp:492 2 XUL jsd_GetValueString js/jsd/jsd_val.c:239 3 XUL jsd_GetValueProperty js/jsd/jsd_val.c:594 4 XUL jsdValue::GetProperty js/jsd/jsd_xpc.cpp:2425 5 XUL XUL@0xfea62f 6 XUL XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:3150 7 XUL XPC_WN_CallMethod js/src/xpconnect/src/xpcwrappednativejsops.cpp:1629 8 XUL js::mjit::stubs::UncachedCallHelper js/src/jscntxtinlines.h:296 9 XUL js::mjit::stubs::UncachedCall js/src/methodjit/InvokeHelpers.cpp:434 10 @0x56b6c7b5 11 XUL js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:866 12 @0x249b77cf 13 XUL js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:945 14 XUL js::RunScript js/src/jsinterp.cpp:611 15 XUL js::InvokeKernel js/src/jsinterp.cpp:678 16 XUL js_fun_apply js/src/jsinterp.h:167 17 XUL js::mjit::stubs::UncachedCallHelper js/src/jscntxtinlines.h:296 18 XUL js::mjit::stubs::UncachedCall js/src/methodjit/InvokeHelpers.cpp:434 19 @0x35d0403d 20 XUL js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:866 21 @0x249b7747 22 XUL js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:945 23 XUL js::RunScript js/src/jsinterp.cpp:611 24 XUL js::InvokeKernel js/src/jsinterp.cpp:678 25 XUL js::Invoke js/src/jsinterp.h:167 26 XUL JS_CallFunctionValue js/src/jsapi.cpp:5039 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=js_ValueToString
|
||
Comment 1•13 years ago
|
||
This is inside JSD so presumably it's Firebug-related.
|
||
Comment 2•13 years ago
|
||
I believe, http://code.google.com/p/fbug/issues/detail?id=5075 is related to this. It also describes a test case. Sebastian
|
||
Updated•13 years ago
|
Whiteboard: [firebug-p1]
|
Reporter | |
Comment 3•12 years ago
|
||
(In reply to David Mandelin from comment #1) > This is inside JSD so presumably it's Firebug-related. Confirmed by correlations in 9.0.1: js_ValueToString|EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE (28 crashes) 100% (28/28) vs. 19% (456/2456) firebug@software.joehewitt.com (Firebug, https://addons.mozilla.org/addon/1843)
Summary: Crash in js_ValueToString → Crash in js_ValueToString with Firebug
|
||
Comment 4•12 years ago
|
||
Can anyone reproduce this with Nightly (12), Aurora (11), or Beta (10b5 or later -- not yet released, but should come out on Friday)? I'm suspecting bug 712289 (which you probably can't see, but the patch has landed on all branches now.)
|
|
||
Comment 5•12 years ago
|
||
I asked in the related Firebug issue, if someone can still reproduce this crash. Sebastian
|
|
||
Comment 6•12 years ago
|
||
Related issue: http://code.google.com/p/fbug/issues/detail?id=5075 Honza
|
|
Reporter | |
Comment 7•11 years ago
|
||
There have been no crashes for the last four weeks after 10.0.2.
Status: NEW → RESOLVED
Crash Signature: [@ js_ValueToString ] → [@ js_ValueToString ]
[@ js_ValueToString(JSContext*, JS::Value const&) ]
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•