crash in nsScriptError::Init

VERIFIED FIXED in Firefox 25

Status

()

--
blocker
VERIFIED FIXED
5 years ago
5 years ago

People

(Reporter: scoobidiver, Assigned: Ms2ger)

Tracking

(4 keywords)

25 Branch
mozilla25
crash, regression, reproducible, topcrash
Points:
---

Firefox Tracking Flags

(firefox24 unaffected, firefox25+ verified)

Details

(Whiteboard: [startupcrash], crash signature)

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
It first showed up in 25.0a1/20130802 and is currently #1 top crasher in this build. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=05d3797276d3&tochange=76a944fa6b25
It's likely a regression from bug 897945.

Signature 	zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*) More Reports Search
UUID 	8778c765-1f50-4a37-8fc6-830bb2130802
Date Processed	2013-08-02 14:55:14.659597
Uptime	56
Last Crash	58 seconds before submission
Install Age 	1568 since version was first installed.
Install Time 	2013-08-02 14:20:01
Product 	Firefox
Version 	25.0a1
Build ID 	20130802030204
Release Channel 	nightly
OS 	Windows NT
OS Version 	6.1.7601 Service Pack 1
Build Architecture 	x86
Build Architecture Info 	GenuineIntel family 6 model 58 stepping 9 | 4
Crash Reason 	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address 	0x0
App Notes 	
AdapterVendorID: 0x1002, AdapterDeviceID: 0x683d, AdapterSubsysID: 042b1043, AdapterDriverVersion: 9.12.0.0
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ 

Frame 	Module 	Signature 	Source
0 	msvcr100.dll 	zzz_AsmCodeRange_Begin 	f:\\dd\\vctools\\crt_bld\\SELF_X86\\crt\\src\\INTEL\\strlen.asm
1 	xul.dll 	nsDependentCString::nsDependentCString(char const *) 	obj-firefox/dist/include/nsTDependentString.h
2 	xul.dll 	nsScriptError::Init(nsAString_internal const &,nsAString_internal const &,nsAString_internal const &,unsigned int,unsigned int,unsigned int,char const *) 	js/xpconnect/src/nsScriptError.cpp
3 	xul.dll 	NS_InvokeByIndex 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp
4 	xul.dll 	XPC_WN_CallMethod(JSContext *,unsigned int,JS::Value *) 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp
5 	mozjs.dll 	js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
6 	mozjs.dll 	Interpret 	js/src/vm/Interpreter.cpp
7 	mozjs.dll 	js::detail::HashTable<js::HashMapEntry<js::ion::VMFunction const *,js::ion::IonCode *>,js::HashMap<js::ion::VMFunction const *,js::ion::IonCode *,js::DefaultHasher<js::ion::VMFunction const *>,js::RuntimeAllocPolicy>::MapHashPolicy,js::RuntimeAllocPolicy>::init(unsigned int) 	obj-firefox/dist/include/js/HashTable.h
8 	mozjs.dll 	js::ion::IonCompartment::initialize(JSContext *) 	js/src/ion/Ion.cpp
9 	mozjs.dll 	js::RunScript(JSContext *,js::RunState &) 	js/src/vm/Interpreter.cpp
10 	mozjs.dll 	js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) 	js/src/vm/Interpreter.cpp
11 	mozjs.dll 	js_fun_apply(JSContext *,unsigned int,JS::Value *) 	js/src/jsfun.cpp
12 	xul.dll 	xpc::WrapperFactory::Rewrap(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<JSObject *>,unsigned int) 	js/xpconnect/wrappers/WrapperFactory.cpp
13 	mozjs.dll 	JSCompartment::wrap(JSContext *,JS::MutableHandle<JS::Value>,JS::Handle<JSObject *>) 	js/src/jscompartment.cpp
14 	mozjs.dll 	js::CrossCompartmentWrapper::get(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<int>,JS::MutableHandle<JS::Value>) 	js/src/jswrapper.cpp
15 	mozjs.dll 	js::Proxy::get(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<int>,JS::MutableHandle<JS::Value>) 	js/src/jsproxy.cpp
16 	mozjs.dll 	js::ObjectImpl::nativeLookup(js::ExclusiveContext *,int) 	js/src/vm/ObjectImpl.cpp
17 	mozjs.dll 	NameOperation 	js/src/vm/Interpreter.cpp
18 		@0x1a01b5e0

More reports at:
https://crash-stats.mozilla.com/report/list?product=Firefox&signature=zzz_AsmCodeRange_Begin+|+nsDependentCString%3A%3AnsDependentCString%28char+const*%29
https://crash-stats.mozilla.com/report/list?product=Firefox&signature=strlen+|+nsScriptError%3A%3AInit%28nsAString_internal+const%26%2C+nsAString_internal+const%26%2C+nsAString_internal+const%26%2C+unsigned+int%2C+unsigned+int%2C+unsigned+int%2C+char+const*%29
(Reporter)

Updated

5 years ago
Crash Signature: [@ zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*)] → [@ zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*)] [@ strlen | nsScriptError::Init(nsAString_internal const&, nsAString_internal const&, nsAString_internal const&, unsigned int, unsigned int, unsigned int, char const*)]
(Assignee)

Updated

5 years ago
Assignee: nobody → Ms2ger

Comment 1

5 years ago
Steps To Reproduce:
1. Install https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/  and Restart brower
2. Install the following GM script

// ==UserScript==
// @name        CrashTest
// @namespace   http://www.yahoo.com
// @description Crash test
// @include     http://www.yahoo.com/*
// @grant       none
// @version     1
// ==/UserScript==
  GM_log("crash", 1);

3. Open http://www.yahoo.com/

Actual Results:
Crash
(Reporter)

Updated

5 years ago
Keywords: reproducible
(Reporter)

Updated

5 years ago
Crash Signature: [@ zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*)] [@ strlen | nsScriptError::Init(nsAString_internal const&, nsAString_internal const&, nsAString_internal const&, unsigned int, unsigned int, unsigned int, char const*)] → [@ zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*)] [@ strlen | nsScriptError::Init(nsAString_internal const&, nsAString_internal const&, nsAString_internal const&, unsigned int, unsigned int, unsigned int, char const*)] [@ …
OS: Windows 7 → All
tracking-firefox25: ? → +
(Reporter)

Updated

5 years ago
Duplicate of this bug: 901113
(Reporter)

Comment 3

5 years ago
There are currently 1378 crashes so either fix it before the merge or backout bug 897945's patch.
Severity: critical → blocker
(Assignee)

Comment 4

5 years ago
Created attachment 785359 [details] [diff] [review]
Patch v1
Attachment #785359 - Flags: review?(bobbyholley+bmo)
Duplicate of this bug: 901171

Comment 6

5 years ago
I managed to trigger the bug when running this Userscript on Youtube:

http://pastebin.com/Y6KEhapM
(Reporter)

Updated

5 years ago
Crash Signature: [@ zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*)] [@ strlen | nsScriptError::Init(nsAString_internal const&, nsAString_internal const&, nsAString_internal const&, unsigned int, unsigned int, unsigned int, char const*)] [@ … → [@ zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*)] [@ strlen | nsScriptError::Init(nsAString_internal const&, nsAString_internal const&, nsAString_internal const&, unsigned int, unsigned int, unsigned int, char const*)] [@ …

Comment 7

5 years ago
Signature [@ zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*) ]

recent reports:
https://crash-stats.mozilla.com/report/index/3226a945-6b2a-4643-8fe6-8dcaa2130804
https://crash-stats.mozilla.com/report/index/c766057e-d709-4599-9e8f-85ac02130804


bug between Firefox 25.0a1 and script "userscripts updater" Greasemonkey (XP et Vista)
Manual removal of the script "userscripts updater" or disable Greasemonkey through safe mode .... prevent new crashes !
Attachment #785359 - Flags: review?(bobbyholley+bmo) → review+

Updated

5 years ago
Keywords: regression
https://hg.mozilla.org/mozilla-central/rev/559400867e92
Status: NEW → RESOLVED
Last Resolved: 5 years ago
status-firefox25: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla25
Keywords: verifyme
WFM following STR from Comment 1. In addition there are no more crashes in FF25 or later versions vis Soccoro.

BuildID: 20130908004001
Status: RESOLVED → VERIFIED
status-firefox25: fixed → verified
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.