Closed Bug 925067 Opened 11 years ago Closed 11 years ago

Firefox freezes on Joomla! PHP Editor

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Version:
26 Branch
Platform:
All
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla27
Tracking Flags:
Tracking Status
firefox25 --- unaffected
firefox26 + verified
firefox27 + verified

People

(Reporter: sjw+bugzilla, Assigned: jandem)

References

Details

(Keywords: hang, regression)

Attachments

(1 file, 1 obsolete file)

Patch v2
2.29 KB, patch
bhackett1024
: review+
lsblakk
: approval-mozilla-aurora+
Details | Diff | Splinter Review
Firefox Aurora 26 and Nightly 27 freezes if you try to edit a PHP site inside Joomla! 3.1 and you have to kill the process. I think this bug is not because of Joomla! so it may affect other Sites / Scripts, too?
Keywords: hang
Could you post a testcase (demo website maybe), please.
Flags: needinfo?(sjw)
Hangs on Joomla! 2.5, too: http://joomla25.cloudaccess.net/administrator/index.php?option=com_templates&task=source.edit&id=NTAzOmluZGV4LnBocA== Login: demo Password: demo It's just the PHP syntax highlighting JavaScript, the CSS Editor works fine.
Thanks, it's instant hang with your link in comment #2. Regression range: good=2013-08-28 bad=2013-08-29 http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=416075f77249&tochange=aebdc69b02e5
Status: UNCONFIRMED → NEW
status-firefox25: --- → unaffected
tracking-firefox26: --- → ?
tracking-firefox27: --- → ?
Component: General → Untriaged
Ever confirmed: true
Keywords: regression, regressionwindow-wanted
stack of hang: bp-ab1dc806-927a-480e-91ea-780f42131011 bp-b1958812-9dd2-4cea-8c8a-c9e212131011 Regression window(m-i) Good: http://hg.mozilla.org/integration/mozilla-inbound/rev/9cc68dacc74c Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 ID:20130828024139 Bad: http://hg.mozilla.org/integration/mozilla-inbound/rev/e473c952d233 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 ID:20130828041620 Pushlog: http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=9cc68dacc74c&tochange=e473c952d233
Component: Untriaged → JavaScript Engine
Product: Firefox → Core
Blocks: 909389
Keywords: regressionwindow-wanted
Severity: major → critical
Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Flags: needinfo?(jdemooij)
Component: JavaScript Engine → JavaScript Engine: JIT
Flags: needinfo?(jdemooij)
Tracking since Joomla is probably still widely used enough that this might blow up once it gets to Beta.
status-firefox26: --- → affected
status-firefox27: --- → affected
tracking-firefox26: ?+
tracking-firefox27: ?+
Attached patch Patch (obsolete) — Splinter Review
The browser freezes because BlockMightReach gets into an infinite loop and the main thread is waiting for the compilation thread to finish. Bug 909389 exposed this but it's a regression from bug 824275. As the second testcase I added demonstrates, it was possible to trigger this without try-catch compilation.
Attachment #816231 - Flags: review?(bhackett1024)
Comment on attachment 816231 [details] [diff] [review] Patch [Approval Request Comment] > Bug caused by (feature/regressing bug #): Bug 824275, with bug 909389 it breaks Joomla's code editor. > User impact if declined: Browser freezes. > Testing completed (on m-c, etc.): Browser does not freeze with the patch applied. Very low risk. > Risk to taking this patch (and alternatives if risky): Very low. > String or IDL/UUID changes made by this patch: None.
Attachment #816231 - Flags: approval-mozilla-aurora?
Attachment #816231 - Flags: review?(bhackett1024)
Attachment #816231 - Flags: approval-mozilla-aurora?
Attached patch Patch v2Splinter Review
This fix is a bit more robust. I also verified that on SS/V8/Kraken BlockMightReach returns the same value as before in all cases, so this shouldn't affect performance.
Attachment #816231 - Attachment is obsolete: true
Attachment #816234 - Flags: review?(bhackett1024)
Attachment #816234 - Flags: review?(bhackett1024) → review+
Thanks a lot for the bug report btw! And Loic and Alice0775 White, thanks for bisecting :)
Comment on attachment 816234 [details] [diff] [review] Patch v2 [Approval Request Comment] > Bug caused by (feature/regressing bug #): Bug 824275, with bug 909389 it breaks Joomla's code editor. > User impact if declined: Browser freezes. > Testing completed (on m-c, etc.): On m-i. Browser does not freeze with the patch applied. > Risk to taking this patch (and alternatives if risky): Very low. > String or IDL/UUID changes made by this patch: None.
Attachment #816234 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/a71631863d77
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
status-firefox27: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
Attachment #816234 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Verified on Aurora 26.0a2 buildid 20131015004002 and Nightly 27.0a1 buildid 20131015030319 using link in comment 2.
Status: RESOLVED → VERIFIED
status-firefox26: fixedverified
status-firefox27: fixedverified
QA Contact: ananuti
Thanks for fixing this so fast, it was a really annoying bug for me.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: