Closed
Bug 715907
Opened 13 years ago
Closed 12 years ago
crash in jsd_NewValue @ JSCompartment::wrap with Firebug
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla12
Tracking | Status | |
---|---|---|
firefox11 | --- | fixed |
People
(Reporter: reuben, Unassigned)
References
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is report bp-f3d791f8-6814-4e22-b2ee-0a8282120106 . ============================================================= A friend of mine reported constant crashes with Firebug 1.8.4 or 1.9b5 on Linux. He said introducing an error in the page can trigger the crash, but it's not 100% reliable. Frame Module Signature Source 0 libxul.so JSCompartment::wrap jscompartment.cpp:210 1 libxul.so JS_WrapValue jsapi.cpp:1309 2 libxul.so jsd_NewValue jsd_val.c:331 3 libxul.so _newProperty jsd_val.c:412 4 libxul.so _buildProps jsd_val.c:476 5 libxul.so jsd_IterateProperties jsd_val.c:557 6 libxul.so jsd_GetValueProperty jsd_val.c:592 7 libxul.so jsdValue::GetProperty jsd_xpc.cpp:2425 8 libxul.so libxul.so@0xd546b3 9 libxul.so XPCWrappedNative::CallMethod xpcwrappednative.cpp:3147 10 libxul.so XPC_WN_CallMethod xpcwrappednativejsops.cpp:1629 11 libxul.so js::mjit::stubs::UncachedCallHelper jscntxtinlines.h:296 12 libxul.so js::mjit::stubs::UncachedCall InvokeHelpers.cpp:434 13 @0xabbe66a5 14 libxul.so libxul.so@0x146a0c7 15 libxul.so js::mjit::EnterMethodJIT MethodJIT.cpp:884 16 libxul.so js::mjit::JaegerShot MethodJIT.cpp:945 17 libxul.so js::RunScript jsinterp.cpp:611 18 libxul.so js::InvokeKernel jsinterp.cpp:678 19 libxul.so js_fun_apply jsinterp.h:167 20 libxul.so js::mjit::stubs::UncachedCallHelper jscntxtinlines.h:296 21 libxul.so js::mjit::stubs::UncachedCall InvokeHelpers.cpp:434 22 @0xac734605 23 libxul.so libxul.so@0x146a0c7 24 libxul.so js::mjit::EnterMethodJIT MethodJIT.cpp:884 25 libxul.so js::mjit::JaegerShot MethodJIT.cpp:945 26 libxul.so js::RunScript jsinterp.cpp:611 27 libxul.so js::InvokeKernel jsinterp.cpp:678 28 libxul.so js::Invoke jsinterp.h:167 29 libxul.so JS_CallFunctionValue jsapi.cpp:5039 30 libxul.so nsXPCWrappedJSClass::CallMethod xpcwrappedjsclass.cpp:1660 31 libxul.so nsXPCWrappedJS::CallMethod xpcwrappedjs.cpp:585 32 libxul.so PrepareAndDispatch xptcstubs_gcc_x86_unix.cpp:92 33 libxul.so jsds_ExecutionHookProc jsd_xpc.cpp:694 34 libxul.so jsd_CallExecutionHook jsd_hook.c:177 35 libxul.so jsd_DebugErrorHook jsd_high.c:401 36 libxul.so ReportError jscntxt.cpp:664 37 libxul.so js_ReportErrorNumberVA jscntxt.cpp:1007 38 libxul.so JS_ReportErrorFlagsAndNumber jsapi.cpp:5759 39 libxul.so js_ReportValueErrorFlags jscntxt.cpp:1137 40 libxul.so js_ReportIsNotFunction jsfun.cpp:2665 41 libxul.so js::InvokeKernel jsinterp.cpp:650 42 libxul.so js::Interpret jsinterp.cpp:4036 43 libxul.so js::InvokeKernel jsinterp.cpp:678 44 libxul.so js::Invoke jsinterp.h:167 45 libxul.so JS_CallFunctionValue jsapi.cpp:5039 46 libxul.so nsXPCWrappedJSClass::CallMethod xpcwrappedjsclass.cpp:1660 47 libxul.so nsXPCWrappedJS::CallMethod xpcwrappedjs.cpp:585 48 libxul.so PrepareAndDispatch xptcstubs_gcc_x86_unix.cpp:92 49 libxul.so nsDOMEventListenerWrapper::HandleEvent nsDOMEventTargetHelper.cpp:65 50 libxul.so nsEventListenerManager::HandleEventSubType nsEventListenerManager.cpp:722 51 libxul.so nsEventListenerManager::HandleEventInternal nsEventListenerManager.cpp:776 52 libxul.so nsEventTargetChainItem::HandleEvent nsEventDispatcher.cpp:215 53 libxul.so nsEventTargetChainItem::HandleEventTargetChain nsEventDispatcher.cpp:344 54 libxul.so nsEventDispatcher::Dispatch nsEventDispatcher.cpp:672 55 libxul.so nsEventDispatcher::DispatchDOMEvent nsEventDispatcher.cpp:735 56 libxul.so nsXMLHttpRequest::ChangeState nsXMLHttpRequest.cpp:2852 57 libxul.so nsXMLHttpRequest::OnStopRequest nsXMLHttpRequest.cpp:2055 58 libxul.so nsCORSListenerProxy::OnStopRequest nsCrossSiteListenerProxy.cpp:622 59 libxul.so mozilla::net::nsStreamListenerWrapper::OnStopRequest HttpBaseChannel.cpp:1391 60 libxul.so nsStreamListenerTee::OnStopRequest nsStreamListenerTee.cpp:71 61 libxul.so nsHttpChannel::OnStopRequest nsHttpChannel.cpp:4253 62 libxul.so nsInputStreamPump::OnStateStop nsInputStreamPump.cpp:578 63 libxul.so nsInputStreamPump::OnInputStreamReady nsInputStreamPump.cpp:403 64 libxul.so nsInputStreamReadyEvent::Run nsStreamUtils.cpp:114 65 libxul.so nsThread::ProcessNextEvent nsThread.cpp:631 66 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:245 67 libxul.so mozilla::ipc::MessagePump::Run MessagePump.cpp:110 68 libxul.so MessageLoop::RunInternal message_loop.cc:208 69 libxul.so MessageLoop::Run message_loop.cc:201 70 libxul.so nsBaseAppShell::Run nsBaseAppShell.cpp:189 71 libxul.so nsAppStartup::Run nsAppStartup.cpp:228 72 libxul.so XRE_main nsAppRunner.cpp:3557 73 firefox main nsBrowserApp.cpp:198 74 libc-2.13.so libc-2.13.so@0x16e36 75 firefox firefox@0x1550 76 firefox nsGetterAddRefs<nsILocalFile>::operator nsILocalFile** nsCOMPtr.h:874 77 @0x0 78 ld-2.13.so ld-2.13.so@0xea4f 79 ld-2.13.so ld-2.13.so@0x1d917
Updated•13 years ago
|
Summary: crash @ JSCompartment::wrap → crash in JS_WrapValue @ JSCompartment::wrap
Comment 2•13 years ago
|
||
It looks like I can pretty reliably get this crash in Zimbra on the Jan 11 nightly.
Updated•13 years ago
|
Crash Signature: [@ JSCompartment::wrap] → [@ JSCompartment::wrap]
[@ JSRope::flatten]
Summary: crash in JS_WrapValue @ JSCompartment::wrap → crash in JS_WrapValue @ JSCompartment::wrap with Firebug
Updated•13 years ago
|
Summary: crash in JS_WrapValue @ JSCompartment::wrap with Firebug → crash in jsd_NewValue @ JSCompartment::wrap with Firebug
Comment 4•12 years ago
|
||
This looks pretty much like my stack, https://crash-stats.mozilla.com/report/index/bp-81c3defb-f358-4ebf-b794-278f82120116 It's crashing in code introduced here, where the jsd wrapping code tries to flatten the string: http://hg.mozilla.org/releases/mozilla-release/diff/87dc60c12d24/js/jsd/jsd_val.c The new code looks okay to me; I wonder if that jsval has been "bad" for a long time, and just never de-referenced until now?
Comment 5•12 years ago
|
||
Oh, I should mention, I'm on release Firefox 9 and release Firebug. No beta stuff. I have triggered this at least twice in the last 30 hours of work. I use both the dev console and firebug extensively. Firebug mostly for examining CSS.
Comment 6•12 years ago
|
||
...and I just crashed again. This is going to bite any working web developer regularly, and is bad enough that we're going to need ship Firefox 9.0.1 IMO. Wes
Comment 7•12 years ago
|
||
It's fixed by bug 712289 that will land in 12.0a1/20120117 and maybe Aurora and Beta.
Comment 8•12 years ago
|
||
Ouch. So web developers on release browsers will have to tolerate regular crashes for 18 weeks?
Reporter | ||
Comment 9•12 years ago
|
||
(In reply to Wesley W. Garland from comment #8) > Ouch. So web developers on release browsers will have to tolerate regular > crashes for 18 weeks? Approval for landing on Beta and Aurora has been requested, so possibly less than that.
Comment 10•12 years ago
|
||
Firefox 10 ships in two weeks (well, 15 days). I'm aiming to land the fix for bug 712289 in Firefox 10.
Reporter | ||
Comment 11•12 years ago
|
||
Fixed by bug 712289.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
status-firefox11:
--- → fixed
Target Milestone: --- → mozilla12
You need to log in
before you can comment on or make changes to this bug.
Description
•