Closed
Bug 715907
Opened 14 years ago
Closed 14 years ago
crash in jsd_NewValue @ JSCompartment::wrap with Firebug
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla12
| Tracking | Status | |
|---|---|---|
| firefox11 | --- | fixed |
People
(Reporter: reuben, Unassigned)
References
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is
report bp-f3d791f8-6814-4e22-b2ee-0a8282120106 .
=============================================================
A friend of mine reported constant crashes with Firebug 1.8.4 or 1.9b5 on Linux.
He said introducing an error in the page can trigger the crash, but it's not 100% reliable.
Frame Module Signature Source
0 libxul.so JSCompartment::wrap jscompartment.cpp:210
1 libxul.so JS_WrapValue jsapi.cpp:1309
2 libxul.so jsd_NewValue jsd_val.c:331
3 libxul.so _newProperty jsd_val.c:412
4 libxul.so _buildProps jsd_val.c:476
5 libxul.so jsd_IterateProperties jsd_val.c:557
6 libxul.so jsd_GetValueProperty jsd_val.c:592
7 libxul.so jsdValue::GetProperty jsd_xpc.cpp:2425
8 libxul.so libxul.so@0xd546b3
9 libxul.so XPCWrappedNative::CallMethod xpcwrappednative.cpp:3147
10 libxul.so XPC_WN_CallMethod xpcwrappednativejsops.cpp:1629
11 libxul.so js::mjit::stubs::UncachedCallHelper jscntxtinlines.h:296
12 libxul.so js::mjit::stubs::UncachedCall InvokeHelpers.cpp:434
13 @0xabbe66a5
14 libxul.so libxul.so@0x146a0c7
15 libxul.so js::mjit::EnterMethodJIT MethodJIT.cpp:884
16 libxul.so js::mjit::JaegerShot MethodJIT.cpp:945
17 libxul.so js::RunScript jsinterp.cpp:611
18 libxul.so js::InvokeKernel jsinterp.cpp:678
19 libxul.so js_fun_apply jsinterp.h:167
20 libxul.so js::mjit::stubs::UncachedCallHelper jscntxtinlines.h:296
21 libxul.so js::mjit::stubs::UncachedCall InvokeHelpers.cpp:434
22 @0xac734605
23 libxul.so libxul.so@0x146a0c7
24 libxul.so js::mjit::EnterMethodJIT MethodJIT.cpp:884
25 libxul.so js::mjit::JaegerShot MethodJIT.cpp:945
26 libxul.so js::RunScript jsinterp.cpp:611
27 libxul.so js::InvokeKernel jsinterp.cpp:678
28 libxul.so js::Invoke jsinterp.h:167
29 libxul.so JS_CallFunctionValue jsapi.cpp:5039
30 libxul.so nsXPCWrappedJSClass::CallMethod xpcwrappedjsclass.cpp:1660
31 libxul.so nsXPCWrappedJS::CallMethod xpcwrappedjs.cpp:585
32 libxul.so PrepareAndDispatch xptcstubs_gcc_x86_unix.cpp:92
33 libxul.so jsds_ExecutionHookProc jsd_xpc.cpp:694
34 libxul.so jsd_CallExecutionHook jsd_hook.c:177
35 libxul.so jsd_DebugErrorHook jsd_high.c:401
36 libxul.so ReportError jscntxt.cpp:664
37 libxul.so js_ReportErrorNumberVA jscntxt.cpp:1007
38 libxul.so JS_ReportErrorFlagsAndNumber jsapi.cpp:5759
39 libxul.so js_ReportValueErrorFlags jscntxt.cpp:1137
40 libxul.so js_ReportIsNotFunction jsfun.cpp:2665
41 libxul.so js::InvokeKernel jsinterp.cpp:650
42 libxul.so js::Interpret jsinterp.cpp:4036
43 libxul.so js::InvokeKernel jsinterp.cpp:678
44 libxul.so js::Invoke jsinterp.h:167
45 libxul.so JS_CallFunctionValue jsapi.cpp:5039
46 libxul.so nsXPCWrappedJSClass::CallMethod xpcwrappedjsclass.cpp:1660
47 libxul.so nsXPCWrappedJS::CallMethod xpcwrappedjs.cpp:585
48 libxul.so PrepareAndDispatch xptcstubs_gcc_x86_unix.cpp:92
49 libxul.so nsDOMEventListenerWrapper::HandleEvent nsDOMEventTargetHelper.cpp:65
50 libxul.so nsEventListenerManager::HandleEventSubType nsEventListenerManager.cpp:722
51 libxul.so nsEventListenerManager::HandleEventInternal nsEventListenerManager.cpp:776
52 libxul.so nsEventTargetChainItem::HandleEvent nsEventDispatcher.cpp:215
53 libxul.so nsEventTargetChainItem::HandleEventTargetChain nsEventDispatcher.cpp:344
54 libxul.so nsEventDispatcher::Dispatch nsEventDispatcher.cpp:672
55 libxul.so nsEventDispatcher::DispatchDOMEvent nsEventDispatcher.cpp:735
56 libxul.so nsXMLHttpRequest::ChangeState nsXMLHttpRequest.cpp:2852
57 libxul.so nsXMLHttpRequest::OnStopRequest nsXMLHttpRequest.cpp:2055
58 libxul.so nsCORSListenerProxy::OnStopRequest nsCrossSiteListenerProxy.cpp:622
59 libxul.so mozilla::net::nsStreamListenerWrapper::OnStopRequest HttpBaseChannel.cpp:1391
60 libxul.so nsStreamListenerTee::OnStopRequest nsStreamListenerTee.cpp:71
61 libxul.so nsHttpChannel::OnStopRequest nsHttpChannel.cpp:4253
62 libxul.so nsInputStreamPump::OnStateStop nsInputStreamPump.cpp:578
63 libxul.so nsInputStreamPump::OnInputStreamReady nsInputStreamPump.cpp:403
64 libxul.so nsInputStreamReadyEvent::Run nsStreamUtils.cpp:114
65 libxul.so nsThread::ProcessNextEvent nsThread.cpp:631
66 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:245
67 libxul.so mozilla::ipc::MessagePump::Run MessagePump.cpp:110
68 libxul.so MessageLoop::RunInternal message_loop.cc:208
69 libxul.so MessageLoop::Run message_loop.cc:201
70 libxul.so nsBaseAppShell::Run nsBaseAppShell.cpp:189
71 libxul.so nsAppStartup::Run nsAppStartup.cpp:228
72 libxul.so XRE_main nsAppRunner.cpp:3557
73 firefox main nsBrowserApp.cpp:198
74 libc-2.13.so libc-2.13.so@0x16e36
75 firefox firefox@0x1550
76 firefox nsGetterAddRefs<nsILocalFile>::operator nsILocalFile** nsCOMPtr.h:874
77 @0x0
78 ld-2.13.so ld-2.13.so@0xea4f
79 ld-2.13.so ld-2.13.so@0x1d917
|
||
Updated•14 years ago
|
Summary: crash @ JSCompartment::wrap → crash in JS_WrapValue @ JSCompartment::wrap
|
|
||
Comment 2•14 years ago
|
||
It looks like I can pretty reliably get this crash in Zimbra on the Jan 11 nightly.
|
|
||
Updated•14 years ago
|
Crash Signature: [@ JSCompartment::wrap] → [@ JSCompartment::wrap]
[@ JSRope::flatten]
Summary: crash in JS_WrapValue @ JSCompartment::wrap → crash in JS_WrapValue @ JSCompartment::wrap with Firebug
|
|
||
Updated•14 years ago
|
Summary: crash in JS_WrapValue @ JSCompartment::wrap with Firebug → crash in jsd_NewValue @ JSCompartment::wrap with Firebug
|
||
Comment 4•14 years ago
|
||
This looks pretty much like my stack, https://crash-stats.mozilla.com/report/index/bp-81c3defb-f358-4ebf-b794-278f82120116
It's crashing in code introduced here, where the jsd wrapping code tries to flatten the string:
http://hg.mozilla.org/releases/mozilla-release/diff/87dc60c12d24/js/jsd/jsd_val.c
The new code looks okay to me; I wonder if that jsval has been "bad" for a long time, and just never de-referenced until now?
|
|
||
Comment 5•14 years ago
|
||
Oh, I should mention, I'm on release Firefox 9 and release Firebug. No beta stuff. I have triggered this at least twice in the last 30 hours of work. I use both the dev console and firebug extensively. Firebug mostly for examining CSS.
|
|
||
Comment 6•14 years ago
|
||
...and I just crashed again. This is going to bite any working web developer regularly, and is bad enough that we're going to need ship Firefox 9.0.1 IMO.
Wes
|
|
||
Comment 7•14 years ago
|
||
It's fixed by bug 712289 that will land in 12.0a1/20120117 and maybe Aurora and Beta.
|
|
||
Comment 8•14 years ago
|
||
Ouch. So web developers on release browsers will have to tolerate regular crashes for 18 weeks?
|
Reporter | |
Comment 9•14 years ago
|
||
(In reply to Wesley W. Garland from comment #8)
> Ouch. So web developers on release browsers will have to tolerate regular
> crashes for 18 weeks?
Approval for landing on Beta and Aurora has been requested, so possibly less than that.
|
|
||
Comment 10•14 years ago
|
||
Firefox 10 ships in two weeks (well, 15 days). I'm aiming to land the fix for bug 712289 in Firefox 10.
|
|
Reporter | |
Comment 11•14 years ago
|
||
Fixed by bug 712289.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
||
Updated•14 years ago
|
status-firefox11:
--- → fixed
Target Milestone: --- → mozilla12
You need to log in
before you can comment on or make changes to this bug.
Description
•