Closed
Bug 935385
Opened 11 years ago
Closed 11 years ago
Crash in js::ObjectImpl::getSlot
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 935348
People
(Reporter: octoploid, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.39 Safari/537.36 Steps to reproduce: Open http://www.flightradar24.com/ . Actual results: Firefox crashes: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff4ba9c88 in js::ObjectImpl::getSlot (this=0x7fffbf308100, slot=<optimized out>) at /home/markus/mozilla-central/js/src/vm/ObjectImpl.h:1300 1300 MOZ_ASSERT(slotInRange(slot)); (gdb) bt #0 0x00007ffff4ba9c88 in js::ObjectImpl::getSlot (this=0x7fffbf308100, slot=<optimized out>) at /home/markus/mozilla-central/js/src/vm/ObjectImpl.h:1300 #1 0x00007ffff4d309f2 in aliasedVar (this=<optimized out>, sc=...) at /home/markus/mozilla-central/js/src/vm/ScopeObject.h:772 #2 Interpret (cx=cx@entry=0x7fffc8838380, state=...) at /home/markus/mozilla-central/js/src/vm/Interpreter.cpp:2778 #3 0x00007ffff4d358ce in js::RunScript (cx=cx@entry=0x7fffc8838380, state=...) at /home/markus/mozilla-central/js/src/vm/Interpreter.cpp:420 #4 0x00007ffff4d3639d in js::ExecuteKernel (cx=cx@entry=0x7fffc8838380, script=..., script@entry=0x7fffbf449100, scopeChainArg=(JSObject &) @0x7fffd4438060 [object Window] delegate, thisv=..., type=type@entry=js::EXECUTE_GLOBAL, evalInFrame=evalInFrame@entry=..., result=result@entry=0x0) at /home/markus/mozilla-central/js/src/vm/Interpreter.cpp:611 #5 0x00007ffff4d36b6f in js::Execute (cx=cx@entry=0x7fffc8838380, script=..., script@entry=0x7fffbf449100, scopeChainArg=..., rval=rval@entry=0x0) at /home/markus/mozilla-central/js/src/vm/Interpreter.cpp:648 #6 0x00007ffff4ba0a28 in JS_ExecuteScript (cx=cx@entry=0x7fffc8838380, objArg=<optimized out>, scriptArg=0x7fffbf449100, rval=rval@entry=0x0) at /home/markus/mozilla-central/js/src/jsapi.cpp:4663 #7 0x00007ffff2fe1bcf in nsJSUtils::EvaluateString (aCx=<optimized out>, aScript=..., aScopeObject=..., aScopeObject@entry=(JSObject * const) 0x7fffd4438060 [object Window] delegate, aCompileOptions=..., aEvaluateOptions=..., aRetValue=aRetValue@entry=0x0, aOffThreadToken=aOffThreadToken@entry=0x7fffc0321390) at /home/markus/mozilla-central/dom/base/nsJSUtils.cpp:271 #8 0x00007ffff2fd2fac in nsJSContext::EvaluateString (this=0x7fffcf4eb500, aScript=..., aScopeObject=(JSObject * const) 0x7fffd4438060 [object Window] delegate, aCompileOptions=..., aCoerceToString=<optimized out>, aRetValue=0x0, aOffThreadToken=0x7fffc0321390) at /home/markus/mozilla-central/dom/base/nsJSEnvironment.cpp:962 #9 0x00007ffff2afb610 in nsScriptLoader::EvaluateScript (this=this@entry=0x7fffca249e00, aRequest=aRequest@entry=0x7fffc3cacc80, aScript=..., aOffThreadToken=aOffThreadToken@entry=0x7fffc0321390) at /home/markus/mozilla-central/content/base/src/nsScriptLoader.cpp:1009 #10 0x00007ffff2afc3a7 in EvaluateScript (aOffThreadToken=0x7fffc0321390, aScript=..., aRequest=0x7fffc3cacc80, this=0x7fffca249e00) at /home/markus/mozilla-central/content/base/src/nsScriptLoader.cpp:971 #11 nsScriptLoader::ProcessRequest (this=this@entry=0x7fffca249e00, aRequest=0x7fffc3cacc80, aOffThreadToken=aOffThreadToken@entry=0x7fffc0321390) at /home/markus/mozilla-central/content/base/src/nsScriptLoader.cpp:874 #12 0x00007ffff2afcbce in nsScriptLoader::ProcessOffThreadRequest (this=0x7fffca249e00, aOffThreadToken=aOffThreadToken@entry=0x7fffc0321390) at /home/markus/mozilla-central/content/base/src/nsScriptLoader.cpp:727 #13 0x00007ffff2afcc84 in (anonymous namespace)::NotifyOffThreadScriptLoadCompletedRunnable::Run (this=0x7fffc0321370) at /home/markus/mozilla-central/content/base/src/nsScriptLoader.cpp:737 #14 0x00007ffff43834c0 in nsThread::ProcessNextEvent (this=0x7ffff7192940, mayWait=<optimized out>, result=0x7fffffffccff) at /home/markus/mozilla-central/xpcom/threads/nsThread.cpp:622 #15 0x00007ffff430617d in NS_ProcessNextEvent (thread=<optimized out>, mayWait=mayWait@entry=false) at /home/markus/mozilla-central/xpcom/glue/nsThreadUtils.cpp:251 #16 0x00007ffff3ba6ecb in mozilla::ipc::MessagePump::Run (this=0x7ffff71f5380, aDelegate=0x7ffff71f60b0) at /home/markus/mozilla-central/ipc/glue/MessagePump.cpp:85 #17 0x00007ffff43d3d70 in MessageLoop::RunInternal (this=0x7ffff71f60b0) at /home/markus/mozilla-central/ipc/chromium/src/base/message_loop.cc:220 #18 0x00007ffff43d3dd7 in RunHandler (this=<optimized out>) at /home/markus/mozilla-central/ipc/chromium/src/base/message_loop.cc:213 #19 MessageLoop::Run (this=<optimized out>) at /home/markus/mozilla-central/ipc/chromium/src/base/message_loop.cc:187 #20 0x00007ffff3a6d0e9 in nsBaseAppShell::Run (this=0x7fffed1b42b0) at /home/markus/mozilla-central/widget/xpwidgets/nsBaseAppShell.cpp:161 #21 0x00007ffff37681d3 in nsAppStartup::Run (this=0x7fffed190a60) at /home/markus/mozilla-central/toolkit/components/startup/nsAppStartup.cpp:267 #22 0x00007ffff219decf in XREMain::XRE_mainRun (this=this@entry=0x7fffffffd090) at /home/markus/mozilla-central/toolkit/xre/nsAppRunner.cpp:3976 #23 0x00007ffff219f6ff in XREMain::XRE_main (this=this@entry=0x7fffffffd090, argc=argc@entry=1, argv=argv@entry=0x7fffffffe548, aAppData=aAppData@entry=0x7fffffffd2c0) at /home/markus/mozilla-central/toolkit/xre/nsAppRunner.cpp:4044 #24 0x00007ffff219fa74 in XRE_main (argc=1, argv=0x7fffffffe548, aAppData=0x7fffffffd2c0, aFlags=<optimized out>) at /home/markus/mozilla-central/toolkit/xre/nsAppRunner.cpp:4246 #25 0x000000000040440e in do_main (argc=argc@entry=1, argv=argv@entry=0x7fffffffe548, xreDirectory=0x7ffff71306c0) at /home/markus/mozilla-central/browser/app/nsBrowserApp.cpp:275 #26 0x0000000000403bf0 in main (argc=1, argv=0x7fffffffe548) at /home/markus/mozilla-central/browser/app/nsBrowserApp.cpp:635 (gdb)
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•