Closed Bug 746973 Opened 12 years ago Closed 12 years ago

crash in DebuggerScript_setBreakpoint

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
All
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 738479
Project Flags:
blocking-kilimanjaro +

People

(Reporter: past, Assigned: jimb)

References

Details

(Keywords: crash, Whiteboard: [k9o:p1:fx15])

Crash Data

This bug was filed from the Socorro interface and is 
report bp-a65f13a0-e5e4-4cfa-bedd-322282120419 .
============================================================= 

STR:

1) Open http://htmlpad.org/debugger/
2) Open the script debugger
3) Click the click me button
4) Press resume
5) Then at the next pause add a breakpoint on line 15
6) Firefox crashes
Version: unspecified → Trunk
Not tied to DebuggerScript_setBreakpoint, but possibly related.
Same thing happens if I just try to debug a WebGL page. For example, go to http://mrdoob.github.com/three.js/examples/misc_lookat.html and just start the debugger => Segmentation fault.
(In reply to Victor Porof from comment #1)
Not related, there's bug 725733 for that.
Crash Signature: [@ DebuggerScript_setBreakpoint] → [@ DebuggerScript_setBreakpoint]
Assignee: general → jorendorff
Blocks: minotaur
blocking-kilimanjaro: --- → ?
blocking-kilimanjaro: ? → ---
In a debug build, we crash in 

(gdb) p script->getGlobalObjectOrNull()
$3 = ('js::GlobalObject' *) 0x0
(gdb) p script->compileAndGo
$4 = true
In a debug build we crash in ScriptGlobal, called from setBreakpoint:

#0  0x0000000104556bb4 in ScriptGlobal (cx=0x10032ba00, script=0x10d0719c0, scriptGlobal=0x0) at Debugger.cpp:279
#1  0x00000001045603bf in DebuggerScript_setBreakpoint (cx=0x10032ba00, argc=2, vp=0x10c900688) at Debugger.cpp:2843

The stack is like bug 738479, but this is a different bug; it happens for an eval script that is not on the stack. Trying to make a shell testcase.
var g = newGlobal('new-compartment');
var dbg = Debugger(g);
g.eval("function f() { return eval('2+2'); }");
var s;
dbg.onNewScript = function (script) { s = script; };
g.f();
var hits = 0;
for (var offset of s.getLineOffsets(s.startLine))
    s.setBreakpoint(offset, {hit: function () { hits++; }});
assertEq(g.f(), 4);
assertEq(hits, 1);
Jim just brought this to my attention for K9O. IIUC, it's a crash in a fairly basic script debugger use case, so +ing.
blocking-kilimanjaro: --- → +
Whiteboard: [k9o:p1:fx15]
Assignee: jorendorff → jimb
The patch in bug 738479 fixes this after all. I added the test case from comment 5 to that patch.

I don't think we need to worry about tracking this; we have the fix and it'll land this week, assuming the tree opens.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.