+++ Initially filed via the problem reporting functionality in Shumway +++ Please add any further information that you deem helpful here: http://blog.sfgate.com/stew/2015/02/25/fake-monks-are-using-the-bracelet-scam-in-san-francisco/ Video player on this page generates stuck script dialog. ---------------------- Technical Information: Firefox version: 39.0a1 (20150225030226) Shumway version: 0.10.182 (0195a96) extension

Hmm, yes. We're landing in an iloop in a function that looks like this: function Random$BgnextBytes_2519085536 (A, B) { var v15,v14,v17,v23,v42,v49,$L; var $F=$$F1476,$C=$$F1476.constants; v15=new Scope($C[0],this,false); v14=B|0; v17=v14; while(true){{ v23=1-(v17|0); if(v17){{ v42=v15.object.m$BgnextByte(); v49=A.m$BgwriteByte(v42); v17=v23; $L=1; continue;}}else{{ $L=0; break;}}}}return undefined; } Much of this is irrelevant, so here's a cleaned-up version: var v17 = 16; var v23; while (true) { v23 = 1 - v17; if (v17) { v17=v23; continue; } else break; } For comparison, here's the bytecode for the function: function nextBytes(flash.utils::ByteArray,int):void /* disp_id=0 method_id=4304 nameIndex = 3794 */ { // local_count=3 max_scope=1 max_stack=2 code_len=27 // method position=362463 code position=725318 0 getlocal0 1 pushscope 2 jump L1 L2: 6 label 7 getlocal1 8 findpropstrict nextByte //nameIndex = 3795 11 callproperty nextByte (0) //nameIndex = 3795 15 callpropvoid writeByte (1) //nameIndex = 11479 L1: 19 getlocal2 20 declocal_i 2 22 iftrue L2 26 returnvoid } The gist is that we do `1 - v17` where we should do `v17 - 1`. How this can happen, I don't know. Pretty bad, though. Still, probably nothing we should work on fixing, seeing as how we're about to remove the compiler that creates this mess. I don't think the baseline compiler will have the same issue.

Shumway is miscompiling a script, but we plan to remove this compiler before shipping.

Marking for later verification.

Tobias says the originally reported error is no longer a problem, but there are now other problems.

`var type = parentScope.getScopeProperty("_-W", ..)` is `undefined` in src/avm2/int.ts:147, which leads to a following `type.axCoerce(..)` throwing an exception.