Closed
Bug 715907
Opened 13 years ago
Closed 12 years ago
crash in jsd_NewValue @ JSCompartment::wrap with Firebug
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla12
| Tracking | Status | |
|---|---|---|
| firefox11 | --- | fixed |
People
(Reporter: reuben, Unassigned)
References
Details
(Keywords: crash)
Crash Data
This bug was filed from the Socorro interface and is report bp-f3d791f8-6814-4e22-b2ee-0a8282120106 . ============================================================= A friend of mine reported constant crashes with Firebug 1.8.4 or 1.9b5 on Linux. He said introducing an error in the page can trigger the crash, but it's not 100% reliable. Frame Module Signature Source 0 libxul.so JSCompartment::wrap jscompartment.cpp:210 1 libxul.so JS_WrapValue jsapi.cpp:1309 2 libxul.so jsd_NewValue jsd_val.c:331 3 libxul.so _newProperty jsd_val.c:412 4 libxul.so _buildProps jsd_val.c:476 5 libxul.so jsd_IterateProperties jsd_val.c:557 6 libxul.so jsd_GetValueProperty jsd_val.c:592 7 libxul.so jsdValue::GetProperty jsd_xpc.cpp:2425 8 libxul.so libxul.so@0xd546b3 9 libxul.so XPCWrappedNative::CallMethod xpcwrappednative.cpp:3147 10 libxul.so XPC_WN_CallMethod xpcwrappednativejsops.cpp:1629 11 libxul.so js::mjit::stubs::UncachedCallHelper jscntxtinlines.h:296 12 libxul.so js::mjit::stubs::UncachedCall InvokeHelpers.cpp:434 13 @0xabbe66a5 14 libxul.so libxul.so@0x146a0c7 15 libxul.so js::mjit::EnterMethodJIT MethodJIT.cpp:884 16 libxul.so js::mjit::JaegerShot MethodJIT.cpp:945 17 libxul.so js::RunScript jsinterp.cpp:611 18 libxul.so js::InvokeKernel jsinterp.cpp:678 19 libxul.so js_fun_apply jsinterp.h:167 20 libxul.so js::mjit::stubs::UncachedCallHelper jscntxtinlines.h:296 21 libxul.so js::mjit::stubs::UncachedCall InvokeHelpers.cpp:434 22 @0xac734605 23 libxul.so libxul.so@0x146a0c7 24 libxul.so js::mjit::EnterMethodJIT MethodJIT.cpp:884 25 libxul.so js::mjit::JaegerShot MethodJIT.cpp:945 26 libxul.so js::RunScript jsinterp.cpp:611 27 libxul.so js::InvokeKernel jsinterp.cpp:678 28 libxul.so js::Invoke jsinterp.h:167 29 libxul.so JS_CallFunctionValue jsapi.cpp:5039 30 libxul.so nsXPCWrappedJSClass::CallMethod xpcwrappedjsclass.cpp:1660 31 libxul.so nsXPCWrappedJS::CallMethod xpcwrappedjs.cpp:585 32 libxul.so PrepareAndDispatch xptcstubs_gcc_x86_unix.cpp:92 33 libxul.so jsds_ExecutionHookProc jsd_xpc.cpp:694 34 libxul.so jsd_CallExecutionHook jsd_hook.c:177 35 libxul.so jsd_DebugErrorHook jsd_high.c:401 36 libxul.so ReportError jscntxt.cpp:664 37 libxul.so js_ReportErrorNumberVA jscntxt.cpp:1007 38 libxul.so JS_ReportErrorFlagsAndNumber jsapi.cpp:5759 39 libxul.so js_ReportValueErrorFlags jscntxt.cpp:1137 40 libxul.so js_ReportIsNotFunction jsfun.cpp:2665 41 libxul.so js::InvokeKernel jsinterp.cpp:650 42 libxul.so js::Interpret jsinterp.cpp:4036 43 libxul.so js::InvokeKernel jsinterp.cpp:678 44 libxul.so js::Invoke jsinterp.h:167 45 libxul.so JS_CallFunctionValue jsapi.cpp:5039 46 libxul.so nsXPCWrappedJSClass::CallMethod xpcwrappedjsclass.cpp:1660 47 libxul.so nsXPCWrappedJS::CallMethod xpcwrappedjs.cpp:585 48 libxul.so PrepareAndDispatch xptcstubs_gcc_x86_unix.cpp:92 49 libxul.so nsDOMEventListenerWrapper::HandleEvent nsDOMEventTargetHelper.cpp:65 50 libxul.so nsEventListenerManager::HandleEventSubType nsEventListenerManager.cpp:722 51 libxul.so nsEventListenerManager::HandleEventInternal nsEventListenerManager.cpp:776 52 libxul.so nsEventTargetChainItem::HandleEvent nsEventDispatcher.cpp:215 53 libxul.so nsEventTargetChainItem::HandleEventTargetChain nsEventDispatcher.cpp:344 54 libxul.so nsEventDispatcher::Dispatch nsEventDispatcher.cpp:672 55 libxul.so nsEventDispatcher::DispatchDOMEvent nsEventDispatcher.cpp:735 56 libxul.so nsXMLHttpRequest::ChangeState nsXMLHttpRequest.cpp:2852 57 libxul.so nsXMLHttpRequest::OnStopRequest nsXMLHttpRequest.cpp:2055 58 libxul.so nsCORSListenerProxy::OnStopRequest nsCrossSiteListenerProxy.cpp:622 59 libxul.so mozilla::net::nsStreamListenerWrapper::OnStopRequest HttpBaseChannel.cpp:1391 60 libxul.so nsStreamListenerTee::OnStopRequest nsStreamListenerTee.cpp:71 61 libxul.so nsHttpChannel::OnStopRequest nsHttpChannel.cpp:4253 62 libxul.so nsInputStreamPump::OnStateStop nsInputStreamPump.cpp:578 63 libxul.so nsInputStreamPump::OnInputStreamReady nsInputStreamPump.cpp:403 64 libxul.so nsInputStreamReadyEvent::Run nsStreamUtils.cpp:114 65 libxul.so nsThread::ProcessNextEvent nsThread.cpp:631 66 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:245 67 libxul.so mozilla::ipc::MessagePump::Run MessagePump.cpp:110 68 libxul.so MessageLoop::RunInternal message_loop.cc:208 69 libxul.so MessageLoop::Run message_loop.cc:201 70 libxul.so nsBaseAppShell::Run nsBaseAppShell.cpp:189 71 libxul.so nsAppStartup::Run nsAppStartup.cpp:228 72 libxul.so XRE_main nsAppRunner.cpp:3557 73 firefox main nsBrowserApp.cpp:198 74 libc-2.13.so libc-2.13.so@0x16e36 75 firefox firefox@0x1550 76 firefox nsGetterAddRefs<nsILocalFile>::operator nsILocalFile** nsCOMPtr.h:874 77 @0x0 78 ld-2.13.so ld-2.13.so@0xea4f 79 ld-2.13.so ld-2.13.so@0x1d917
|
||
Updated•13 years ago
|
Summary: crash @ JSCompartment::wrap → crash in JS_WrapValue @ JSCompartment::wrap
|
||
Comment 2•13 years ago
|
||
It looks like I can pretty reliably get this crash in Zimbra on the Jan 11 nightly.
|
|
||
Updated•13 years ago
|
Crash Signature: [@ JSCompartment::wrap] → [@ JSCompartment::wrap]
[@ JSRope::flatten]
Summary: crash in JS_WrapValue @ JSCompartment::wrap → crash in JS_WrapValue @ JSCompartment::wrap with Firebug
|
|
||
Updated•13 years ago
|
Summary: crash in JS_WrapValue @ JSCompartment::wrap with Firebug → crash in jsd_NewValue @ JSCompartment::wrap with Firebug
|
||
Comment 4•12 years ago
|
||
This looks pretty much like my stack, https://crash-stats.mozilla.com/report/index/bp-81c3defb-f358-4ebf-b794-278f82120116 It's crashing in code introduced here, where the jsd wrapping code tries to flatten the string: http://hg.mozilla.org/releases/mozilla-release/diff/87dc60c12d24/js/jsd/jsd_val.c The new code looks okay to me; I wonder if that jsval has been "bad" for a long time, and just never de-referenced until now?
|
|
||
Comment 5•12 years ago
|
||
Oh, I should mention, I'm on release Firefox 9 and release Firebug. No beta stuff. I have triggered this at least twice in the last 30 hours of work. I use both the dev console and firebug extensively. Firebug mostly for examining CSS.
|
|
||
Comment 6•12 years ago
|
||
...and I just crashed again. This is going to bite any working web developer regularly, and is bad enough that we're going to need ship Firefox 9.0.1 IMO. Wes
|
|
||
Comment 7•12 years ago
|
||
It's fixed by bug 712289 that will land in 12.0a1/20120117 and maybe Aurora and Beta.
|
|
||
Comment 8•12 years ago
|
||
Ouch. So web developers on release browsers will have to tolerate regular crashes for 18 weeks?
|
Reporter | |
Comment 9•12 years ago
|
||
(In reply to Wesley W. Garland from comment #8) > Ouch. So web developers on release browsers will have to tolerate regular > crashes for 18 weeks? Approval for landing on Beta and Aurora has been requested, so possibly less than that.
|
||
Comment 10•12 years ago
|
||
Firefox 10 ships in two weeks (well, 15 days). I'm aiming to land the fix for bug 712289 in Firefox 10.
|
|
Reporter | |
Comment 11•12 years ago
|
||
Fixed by bug 712289.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
|
||
Updated•12 years ago
|
status-firefox11:
--- → fixed
Target Milestone: --- → mozilla12
You need to log in
before you can comment on or make changes to this bug.
Description
•