Last Comment Bug 734167 - Crash in JS_ReportError caused by unbounded recursion
: Crash in JS_ReportError caused by unbounded recursion
Status: RESOLVED FIXED
: crash, regression, reproducible
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: 13 Branch
: All All
: -- critical (vote)
: ---
Assigned To: David Mandelin [:dmandelin]
:
:
Mentors:
http://people.mozilla.org/~jmuizelaar...
: 734428 (view as bug list)
Depends on:
Blocks: 704259
  Show dependency treegraph
 
Reported: 2012-03-08 10:15 PST by Jeff Muizelaar [:jrmuizel]
Modified: 2012-03-13 02:17 PDT (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Jeff Muizelaar [:jrmuizel] 2012-03-08 10:15:05 PST
Caused by this page:
http://people.mozilla.org/~jmuizelaar/cnn.html

Started with today's nightly. Was fine yesterday.

#21839 0x0000000102292e89 in InitExnPrivate ()
#21840 0x000000010229381e in js_ErrorToException ()
#21841 0x00000001022763c4 in ReportError ()
#21842 0x00000001022768ac in js_ReportErrorVA ()
#21843 0x0000000102247960 in JS_ReportError ()
#21844 0x00000001018645d2 in nsScriptSecurityManager::CheckPropertyAccessImpl ()
#21845 0x0000000101864862 in nsScriptSecurityManager::CheckPropertyAccess ()
#21846 0x000000010185e5c6 in nsScriptSecurityManager::CheckObjectAccess ()
#21847 0x0000000102292e89 in InitExnPrivate ()
#21848 0x000000010229381e in js_ErrorToException ()
#21849 0x00000001022763c4 in ReportError ()
#21850 0x00000001022768ac in js_ReportErrorVA ()
#21851 0x0000000102247960 in JS_ReportError ()
#21852 0x00000001018645d2 in nsScriptSecurityManager::CheckPropertyAccessImpl ()
#21853 0x0000000101864862 in nsScriptSecurityManager::CheckPropertyAccess ()
#21854 0x000000010185e5c6 in nsScriptSecurityManager::CheckObjectAccess ()
#21855 0x0000000102292e89 in InitExnPrivate ()
#21856 0x000000010229381e in js_ErrorToException ()
#21857 0x00000001022763c4 in ReportError ()
#21858 0x00000001022768ac in js_ReportErrorVA ()
#21859 0x0000000102247960 in JS_ReportError ()
#21860 0x00000001018645d2 in nsScriptSecurityManager::CheckPropertyAccessImpl ()
#21861 0x0000000101864862 in nsScriptSecurityManager::CheckPropertyAccess ()
#21862 0x000000010185e5c6 in nsScriptSecurityManager::CheckObjectAccess ()
#21863 0x0000000102292e89 in InitExnPrivate ()
#21864 0x000000010229381e in js_ErrorToException ()
#21865 0x00000001022763c4 in ReportError ()
#21866 0x00000001022768ac in js_ReportErrorVA ()
#21867 0x0000000102247960 in JS_ReportError ()
#21868 0x00000001018645d2 in nsScriptSecurityManager::CheckPropertyAccessImpl ()
#21869 0x0000000101864862 in nsScriptSecurityManager::CheckPropertyAccess ()
#21870 0x000000010185e5c6 in nsScriptSecurityManager::CheckObjectAccess ()
#21871 0x0000000102292e89 in InitExnPrivate ()
#21872 0x000000010229381e in js_ErrorToException ()
#21873 0x00000001022763c4 in ReportError ()
#21874 0x00000001022768ac in js_ReportErrorVA ()
#21875 0x0000000102247960 in JS_ReportError ()
#21876 0x00000001018645d2 in nsScriptSecurityManager::CheckPropertyAccessImpl ()
#21877 0x0000000101864862 in nsScriptSecurityManager::CheckPropertyAccess ()
#21878 0x000000010185e5c6 in nsScriptSecurityManager::CheckObjectAccess ()
#21879 0x0000000102292e89 in InitExnPrivate ()
#21880 0x000000010229381e in js_ErrorToException ()
#21881 0x00000001022763c4 in ReportError ()
#21882 0x00000001022768ac in js_ReportErrorVA ()
#21883 0x0000000102247960 in JS_ReportError ()
#21884 0x00000001018645d2 in nsScriptSecurityManager::CheckPropertyAccessImpl ()
#21885 0x0000000101864862 in nsScriptSecurityManager::CheckPropertyAccess ()
#21886 0x000000010185e5c6 in nsScriptSecurityManager::CheckObjectAccess ()
#21887 0x0000000102292e89 in InitExnPrivate ()
#21888 0x000000010229381e in js_ErrorToException ()
#21889 0x00000001022763c4 in ReportError ()
#21890 0x0000000102278685 in js_ReportErrorNumberVA ()
#21891 0x0000000102247695 in JS_ReportErrorNumber ()
#21892 0x00000001022e13f6 in js::Interpret ()
#21893 0x00000001022e1775 in js::RunScript ()
#21894 0x00000001022e1dd2 in js::InvokeKernel ()
#21895 0x00000001022e23a4 in js::Invoke ()
#21896 0x00000001022567b2 in JS_CallFunctionValue ()
#21897 0x00000001016f686f in nsJSContext::CallEventHandler ()
#21898 0x0000000101762850 in nsJSEventListener::HandleEvent ()
#21899 0x0000000101566d95 in nsEventListenerManager::HandleEventInternal ()
#21900 0x0000000101586b93 in nsEventTargetChainItem::HandleEventTargetChain ()
#21901 0x00000001015878bf in nsEventDispatcher::Dispatch ()
#21902 0x000000010122d83c in DocumentViewerImpl::LoadComplete ()
#21903 0x0000000101b5f676 in nsDocShell::EndPageLoad ()
#21904 0x0000000101b633f8 in nsDocShell::OnStateChange ()
#21905 0x0000000101b7879a in nsDocLoader::DoFireOnStateChange ()
#21906 0x0000000101b79688 in nsDocLoader::doStopDocumentLoad ()
#21907 0x0000000101b7afd1 in nsDocLoader::DocLoaderIsEmpty ()
#21908 0x0000000101b7b357 in nsDocLoader::OnStopRequest ()
#21909 0x0000000101049670 in nsLoadGroup::RemoveRequest ()
#21910 0x000000010147fdd5 in nsDocument::DoUnblockOnload ()
#21911 0x000000010158590d in nsLoadBlockingAsyncDOMEvent::~nsLoadBlockingAsyncDOMEvent ()
#21912 0x0000000101f09e2e in nsRunnable::Release ()
#21913 0x0000000101f49bb6 in nsThread::ProcessNextEvent ()
#21914 0x000000010100af0d in NS_ProcessNextEvent_P ()
#21915 0x00000001014f97c7 in nsXMLHttpRequest::Send ()
#21916 0x0000000101b07cc1 in nsIXMLHttpRequest_Send ()
#21917 0x00000001022e1d9d in js::InvokeKernel ()
#21918 0x00000001022d4166 in js::Interpret ()
#21919 0x00000001022e1775 in js::RunScript ()
#21920 0x00000001022e1939 in js::ExecuteKernel ()
#21921 0x00000001022e1b48 in js::Execute ()
#21922 0x0000000102256b67 in EvaluateUCScriptForPrincipalsCommon ()
#21923 0x0000000102256c81 in JS_EvaluateUCScriptForPrincipalsVersionOrigin ()
#21924 0x00000001016f5acb in nsJSContext::EvaluateString ()
#21925 0x00000001014d741f in nsScriptLoader::EvaluateScript ()
#21926 0x00000001014d8984 in nsScriptLoader::ProcessRequest ()
#21927 0x00000001014da44e in nsScriptLoader::ProcessPendingRequests ()
#21928 0x00000001014da816 in nsScriptLoader::OnStreamComplete ()
#21929 0x00000001010649ba in nsStreamLoader::OnStopRequest ()
#21930 0x0000000101064442 in nsStreamListenerTee::OnStopRequest ()
#21931 0x00000001010e354c in nsHttpChannel::OnStopRequest ()
#21932 0x0000000101042ff0 in nsInputStreamPump::OnStateStop ()
#21933 0x0000000101043a18 in nsInputStreamPump::OnInputStreamReady ()
#21934 0x0000000101f35854 in nsInputStreamReadyEvent::Run ()
#21935 0x0000000101f49bab in nsThread::ProcessNextEvent ()
#21936 0x0000000101f0a02e in NS_ProcessPendingEvents_P ()
#21937 0x0000000101db5d2b in nsBaseAppShell::NativeEventCallback ()
#21938 0x0000000101d7c715 in nsAppShell::ProcessGeckoEvents ()
#21939 0x00007fff80ef6401 in __CFRunLoopDoSources0 ()
#21940 0x00007fff80ef45f9 in __CFRunLoopRun ()
#21941 0x00007fff80ef3dbf in CFRunLoopRunSpecific ()
#21942 0x00007fff8553a74e in RunCurrentEventLoopInMode ()
#21943 0x00007fff8553a553 in ReceiveNextEventCommon ()
#21944 0x00007fff8553a40c in BlockUntilNextEventMatchingListInMode ()
#21945 0x00007fff837f5eb2 in _DPSNextEvent ()
#21946 0x00007fff837f5801 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#21947 0x0000000101d7bb21 in -[GeckoNSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#21948 0x00007fff837bb68f in -[NSApplication run] ()
#21949 0x0000000101d7bf3d in nsAppShell::Run ()
#21950 0x0000000101bdc2a4 in nsAppStartup::Run ()
#21951 0x00000001010190f0 in XRE_main ()
#21952 0x0000000100001e13 in main ()
Comment 1 Jeff Muizelaar [:jrmuizel] 2012-03-08 10:18:10 PST
Regression window:
http://hg.mozilla.org/projects/profiling/pushloghtml?fromchange=826a3a489c1c&tochange=289d9f1e6ca6
Comment 2 Jeff Muizelaar [:jrmuizel] 2012-03-08 10:19:59 PST
Wild guessing at bug 734167
Comment 3 Scoobidiver (away) 2012-03-08 23:50:04 PST
(In reply to Jeff Muizelaar [:jrmuizel] from comment #1)
> Regression window:
> http://hg.mozilla.org/projects/profiling/
> pushloghtml?fromchange=826a3a489c1c&tochange=289d9f1e6ca6
I'd say bug 704259.
Comment 4 Scoobidiver (away) 2012-03-09 10:27:51 PST
*** Bug 734428 has been marked as a duplicate of this bug. ***
Comment 5 Scoobidiver (away) 2012-03-10 09:59:49 PST
Based on crash stats and the test case in comment 0, it seems to be fixed in 13.0a1/20120309. The working range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=2f6368ca605e&tochange=08809a43e082
It's fixed by the backout of the first patch in bug 704259.

Note You need to log in before you can comment on or make changes to this bug.