Closed Bug 99377 Opened 24 years ago Closed 24 years ago

Crash in jsregexp.c...

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 98306

People

(Reporter: rpotts, Assigned: rogerl)

References

(
URL
)

Details

To reproduce this crash: Go to the following URL: http://msdn.microsoft.com/library/default.asp?yrl=/nhp/Defualt.adp?contentid=28000524 1. Click on 'Component Development' 2. Click on 'ActiveX Controls' 3. Click on 'Introduction to ActiveX Controls' 4. Crash in jsregexp.c line 910 Crash location: jsregexp.c line: 910. 'cp' is pointing to an invalid memory location. =============== case '[': ++cp; ren = NewRENode(state, REOP_CCLASS, (void *)cp); if (!ren) return NULL; ===> while ((c = *++cp) != ']') { if (cp == state->cpend) { js_ReportCompileErrorNumber(state->context, state->tokenStream, NULL, JSREPORT_ERROR, JSMSG_UNTERM_CLASS, ocp); return NULL; } Console Output: =============== Disabling Quirk StyleSheet Enabling Quirk StyleSheet JavaScript strict warning: http://msdn.microsoft.com/workshop/code/common.js line 20: useless expression JavaScript strict warning: http://msdn.microsoft.com/workshop/code/common.js line 400: test for equality (= =) mistyped as assignment (=)? JavaScript strict warning: http://msdn.microsoft.com/workshop/code/common.js line 405: test for equality (= =) mistyped as assignment (=)? JavaScript error: line 0: unterminated character class [ Stack Trace: ============ ParseAtom(CompilerState * 0x0012ec7c) line 910 + 12 bytes ParseQuantAtom(CompilerState * 0x0012ec7c) line 657 + 9 bytes ParseItem(CompilerState * 0x0012ec7c) line 634 + 9 bytes ParseAltern(CompilerState * 0x0012ec7c) line 550 + 9 bytes ParseRegExp(CompilerState * 0x0012ec7c) line 496 + 9 bytes js_NewRegExp(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSString * 0x039247b0, unsigned int 0x00000000, int 0x00000000) line 1211 + 9 bytes js_NewRegExpObject(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, unsigned short * 0x047f4c78, unsigned int 0x00000008, unsigned int 0x00000000) line 2846 + 23 bytes js_GetToken(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348) line 1152 + 51 bytes js_MatchToken(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, int 0x00000008) line 1279 + 13 bytes ArgumentList(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c, JSParseNode * 0x046d9488) line 2533 + 15 bytes MemberExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c, int 0x00000001) line 2638 + 21 bytes UnaryExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2503 + 19 bytes MulExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2365 + 17 bytes AddExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2347 + 17 bytes ShiftExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2332 + 17 bytes RelExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2300 + 17 bytes EqExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2275 + 17 bytes BitAndExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2263 + 17 bytes BitXorExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2250 + 17 bytes BitOrExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2237 + 17 bytes AndExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2226 + 17 bytes OrExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2215 + 17 bytes CondExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2175 + 17 bytes AssignExpr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2121 + 17 bytes Expr(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 2095 + 17 bytes Condition(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 939 + 17 bytes Statement(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 1183 + 17 bytes Statement(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 1192 + 17 bytes Statements(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f22c) line 887 + 17 bytes FunctionBody(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSFunction * 0x0498b598, JSTreeContext * 0x0012f22c) line 554 + 17 bytes FunctionDef(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f3c0, int 0x00000000) line 721 + 21 bytes FunctionStmt(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f3c0) line 857 + 19 bytes Statement(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f3c0) line 1169 + 17 bytes Statements(JSContext * 0x0462f5b8, JSTokenStream * 0x0466e348, JSTreeContext * 0x0012f3c0) line 887 + 17 bytes js_CompileTokenStream(JSContext * 0x0462f5b8, JSObject * 0x03924e10, JSTokenStream * 0x0466e348, JSCodeGenerator * 0x0012f3c0) line 391 + 17 bytes CompileTokenStream(JSContext * 0x0462f5b8, JSObject * 0x03924e10, JSTokenStream * 0x0466e348, void * 0x0462f638, int * 0x00000000) line 2805 + 24 bytes JS_CompileUCScriptForPrincipals(JSContext * 0x0462f5b8, JSObject * 0x03924e10, JSPrincipals * 0x04628818, const unsigned short * 0x047e8d30, unsigned int 0x000008be, const char * 0x039385f0, unsigned int 0x00000001) line 2884 + 23 bytes JS_EvaluateUCScriptForPrincipals(JSContext * 0x0462f5b8, JSObject * 0x03924e10, JSPrincipals * 0x04628818, const unsigned short * 0x047e8d30, unsigned int 0x000008be, const char * 0x039385f0, unsigned int 0x00000001, long * 0x0012f564) line 3310 + 33 bytes nsJSContext::EvaluateString(nsJSContext * const 0x045cd658, const nsAString & {...}, void * 0x03924e10, nsIPrincipal * 0x04628814, const char * 0x039385f0, unsigned int 0x00000001, const char * 0x0107869c, nsAString & {...}, int * 0x0012f5d0) line 622 + 85 bytes nsScriptLoader::EvaluateScript(nsScriptLoadRequest * 0x0357de38, const nsAFlatString & {...}) line 571 nsScriptLoader::ProcessRequest(nsScriptLoadRequest * 0x0357de38) line 483 + 22 bytes nsScriptLoader::OnStreamComplete(nsScriptLoader * const 0x046bf194, nsIStreamLoader * 0x047adde8, nsISupports * 0x0357de38, unsigned int 0x00000000, unsigned int 0x000008be, const char * 0x047b4950) line 762 nsStreamLoader::OnStopRequest(nsStreamLoader * const 0x047addec, nsIRequest * 0x044ffb00, nsISupports * 0x00000000, unsigned int 0x00000000) line 121 + 81 bytes nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x044ffb04, nsIRequest * 0x047a9d84, nsISupports * 0x00000000, unsigned int 0x00000000) line 2227 nsOnStopRequestEvent::HandleEvent() line 162 nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x047c1f9c) line 65 PL_HandleEvent(PLEvent * 0x047c1f9c) line 590 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00d85480) line 520 + 9 bytes _md_EventReceiverProc(HWND__ * 0x00090464, unsigned int 0x0000c16a, unsigned int 0x00000000, long 0x00d85480) line 1071 + 9 bytes USER32! 77e148dc() USER32! 77e14aa7() USER32! 77e266fd() nsAppShellService::Run(nsAppShellService * const 0x00e2c7e0) line 446 main1(int 0x00000001, char * * 0x003587d8, nsISupports * 0x00000000) line 1328 + 32 bytes main(int 0x00000001, char * * 0x003587d8) line 1650 + 37 bytes mainCRTStartup() line 338 + 17 bytes
*** This bug has been marked as a duplicate of 98306 ***
URL: http://msdn.microsoft.com/library/def...
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Marking Verified Duplicate - rpotts: thank you for this report. You are cc'ed now on the other bug.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.