Closed Bug 925067 Opened 6 years ago Closed 6 years ago

Firefox freezes on Joomla! PHP Editor

Categories

(Core :: JavaScript Engine: JIT, defect, critical)

26 Branch
All
Windows 7
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla27
Tracking Status
firefox25 --- unaffected
firefox26 + verified
firefox27 + verified

People

(Reporter: sjw, Assigned: jandem)

References

Details

(Keywords: hang, regression)

Attachments

(1 file, 1 obsolete file)

Firefox Aurora 26 and Nightly 27 freezes if you try to edit a PHP site inside Joomla! 3.1 and you have to kill the process.

I think this bug is not because of Joomla! so it may affect other Sites / Scripts, too?
Keywords: hang
Could you post a testcase (demo website maybe), please.
Flags: needinfo?(sjw)
Hangs on Joomla! 2.5, too: 
http://joomla25.cloudaccess.net/administrator/index.php?option=com_templates&task=source.edit&id=NTAzOmluZGV4LnBocA==

Login: demo
Password: demo

It's just the PHP syntax highlighting JavaScript, the CSS Editor works fine.
Thanks, it's instant hang with your link in comment #2.

Regression range:
good=2013-08-28
bad=2013-08-29
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=416075f77249&tochange=aebdc69b02e5
Status: UNCONFIRMED → NEW
Component: General → Untriaged
Ever confirmed: true
stack of hang:
bp-ab1dc806-927a-480e-91ea-780f42131011
bp-b1958812-9dd2-4cea-8c8a-c9e212131011

Regression window(m-i)
Good:
http://hg.mozilla.org/integration/mozilla-inbound/rev/9cc68dacc74c
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 ID:20130828024139
Bad:
http://hg.mozilla.org/integration/mozilla-inbound/rev/e473c952d233
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 ID:20130828041620
Pushlog:
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=9cc68dacc74c&tochange=e473c952d233
Component: Untriaged → JavaScript Engine
Product: Firefox → Core
Blocks: 909389
Severity: major → critical
Assignee: nobody → jdemooij
Status: NEW → ASSIGNED
Flags: needinfo?(jdemooij)
Component: JavaScript Engine → JavaScript Engine: JIT
Flags: needinfo?(jdemooij)
Tracking since Joomla is probably still widely used enough that this might blow up once it gets to Beta.
Attached patch Patch (obsolete) — Splinter Review
The browser freezes because BlockMightReach gets into an infinite loop and the main thread is waiting for the compilation thread to finish.

Bug 909389 exposed this but it's a regression from bug 824275. As the second testcase I added demonstrates, it was possible to trigger this without try-catch compilation.
Attachment #816231 - Flags: review?(bhackett1024)
Comment on attachment 816231 [details] [diff] [review]
Patch

[Approval Request Comment]
> Bug caused by (feature/regressing bug #):
Bug 824275, with bug 909389 it breaks Joomla's code editor.

> User impact if declined:
Browser freezes.

> Testing completed (on m-c, etc.): 
Browser does not freeze with the patch applied. Very low risk.

> Risk to taking this patch (and alternatives if risky): 
Very low.

> String or IDL/UUID changes made by this patch:
None.
Attachment #816231 - Flags: approval-mozilla-aurora?
Attachment #816231 - Flags: review?(bhackett1024)
Attachment #816231 - Flags: approval-mozilla-aurora?
Attached patch Patch v2Splinter Review
This fix is a bit more robust. I also verified that on SS/V8/Kraken BlockMightReach returns the same value as before in all cases, so this shouldn't affect performance.
Attachment #816231 - Attachment is obsolete: true
Attachment #816234 - Flags: review?(bhackett1024)
Attachment #816234 - Flags: review?(bhackett1024) → review+
Thanks a lot for the bug report btw! And Loic and Alice0775 White, thanks for bisecting :)
Comment on attachment 816234 [details] [diff] [review]
Patch v2

[Approval Request Comment]
> Bug caused by (feature/regressing bug #):
Bug 824275, with bug 909389 it breaks Joomla's code editor.

> User impact if declined:
Browser freezes.

> Testing completed (on m-c, etc.): 
On m-i. Browser does not freeze with the patch applied.

> Risk to taking this patch (and alternatives if risky): 
Very low.

> String or IDL/UUID changes made by this patch:
None.
Attachment #816234 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/a71631863d77
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
Attachment #816234 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Verified on Aurora 26.0a2 buildid 20131015004002 and Nightly 27.0a1 buildid 20131015030319 using link in comment 2.
Status: RESOLVED → VERIFIED
QA Contact: ananuti
Thanks for fixing this so fast, it was a really annoying bug for me.
You need to log in before you can comment on or make changes to this bug.