Closed
Bug 451884
Opened 16 years ago
Closed 16 years ago
Crash [@ QuoteString] on the nytimes.com site
Categories
(Core :: JavaScript Engine, defect, P1)
Core
JavaScript Engine
Tracking
()
VERIFIED
FIXED
mozilla1.9.1
People
(Reporter: martijn.martijn, Assigned: brendan)
References
()
Details
(4 keywords)
Crash Data
Attachments
(2 files)
(deleted),
text/html
|
Details | |
(deleted),
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
When I have the jit prefs enabled in the latest trunk build of Firefox (javascript.options.jit.chrome and javascript.options.jit.content), then I crash on the site I pasted in the url.
http://crash-stats.mozilla.com/report/index/7c9f8e1c-7157-11dd-9678-001a4bd43ed6
0 js3250.dll QuoteString js/src/jsopcode.cpp:587
1 js3250.dll Decompile js/src/jsopcode.cpp:3796
2 js3250.dll DecompileCode js/src/jsopcode.cpp:4698
3 js3250.dll DecompileExpression js/src/jsopcode.cpp:5090
4 js3250.dll js_DecompileValueGenerator js/src/jsopcode.cpp:4967
5 js3250.dll js_ReportValueErrorFlags js/src/jscntxt.cpp:1329
6 js3250.dll js3250.dll@0x58732
7 js3250.dll js_Interpret js/src/jsinterp.cpp:4253
8 js3250.dll js_Execute js/src/jsinterp.cpp:1549
9 js3250.dll js_obj_eval js/src/jsobj.cpp:1341
10 js3250.dll js_Invoke js/src/jsinterp.cpp:1308
11 js3250.dll js_Interpret js/src/jsinterp.cpp:4963
12 js3250.dll js_Execute js/src/jsinterp.cpp:1549
13 js3250.dll JS_EvaluateUCScriptForPrincipals js/src/jsapi.cpp:5054
14 xul.dll nsJSContext::EvaluateString dom/src/base/nsJSEnvironment.cpp:1540
15 xul.dll nsScriptLoader::EvaluateScript content/base/src/nsScriptLoader.cpp:594
16 xul.dll nsScriptLoader::ProcessRequest content/base/src/nsScriptLoader.cpp:504
17 xul.dll nsScriptLoader::ProcessScriptElement content/base/src/nsScriptLoader.cpp:458
18 xul.dll nsContentUtils::HasNonEmptyTextContent content/base/src/nsContentUtils.cpp:3641
19 xul.dll nsScriptElement::MaybeProcessScript content/base/src/nsScriptElement.cpp:188
Comment 1•16 years ago
|
||
I'm seeing this crash with one of my sessions with both JIT prefs at their default value (false). I can't tell which page in the session triggers the crash, though.
Comment 2•16 years ago
|
||
I crash with this stack every time I load Zimbra. :(
Flags: blocking1.9.1?
OS: Windows XP → All
Comment 3•16 years ago
|
||
Brendan's offered to take this. Here's a reduced testcase:
(function(k){eval("k.y")})({})
Assignee: general → brendan
Assignee | ||
Comment 6•16 years ago
|
||
Failing reduced testcase:
(function(k){eval("k.y")})()
/be
Status: NEW → ASSIGNED
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.9.1
Assignee | ||
Comment 7•16 years ago
|
||
Attachment #335680 -
Flags: review?(mrbkap)
Assignee | ||
Comment 8•16 years ago
|
||
Fixed on tracemonkey:
http://hg.mozilla.org/tracemonkey/index.cgi/rev/e182535ffade
/be
Updated•16 years ago
|
Attachment #335680 -
Flags: review?(mrbkap) → review+
Assignee | ||
Comment 9•16 years ago
|
||
Fixed on mozilla-central:
http://hg.mozilla.org/mozilla-central/index.cgi/rev/61ee5bbbe005
/be
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Updated•16 years ago
|
Keywords: regression
Comment 10•16 years ago
|
||
/cvsroot/mozilla/js/tests/js1_5/Regress/regress-451884.js,v <-- regress-451884.js
initial revision: 1.1
http://hg.mozilla.org/mozilla-central/rev/3ae03411eae7
Flags: in-testsuite+
Flags: in-litmus-
Updated•16 years ago
|
Flags: blocking1.9.1? → blocking1.9.1+
Comment 11•16 years ago
|
||
Keywords: fixed1.9.1
Comment 12•16 years ago
|
||
Verified fix on Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US;
rv:1.9.1b3pre) Gecko/20090122 Shiretoko/3.1b3pre
and Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2a1pre)
Gecko/20090122 Minefield/3.2a1pre
Status: RESOLVED → VERIFIED
Keywords: fixed1.9.1 → verified1.9.1
Updated•13 years ago
|
Crash Signature: [@ QuoteString]
You need to log in
before you can comment on or make changes to this bug.
Description
•