Closed Bug 493283 Opened 15 years ago Closed 15 years ago

upvar emitted incorrectly in an escaping function inside eval

Categories

(Core :: JavaScript Engine, defect, P1)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 493177
Milestone:
mozilla1.9.1

People

(Reporter: cbook, Assigned: brendan)

References

(
URL
)

Details

(Keywords: crash)

Steps to reproduce: -> Go to http://www.foxytunes.com/artist/acdc --> Crash Crashs 1.9.1 opt/debug builds Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090515 Shiretoko/3.5b5pre and trunk Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090515 Minefield/3.6a1pre (6f0.be0): Access violation - code c0000005 (!!! second chance !!!) eax=0437b3d0 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00ceaa88 edi=03200000 eip=00506283 esp=0012ef54 ebp=0012ef60 iopl=0 nv up ei ng nz na po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000283 ChildEBP RetAddr 0012ef60 00518c89 js3250!js_GetUpvar+0x43 0012f620 00503cff js3250!js_Interpret+0x128e9 0012f700 005045d2 js3250!js_Invoke+0x99f 0012f724 004b2afd js3250!js_InternalInvoke+0x82 0012f74c 01dd1e40 js3250!JS_CallFunctionValue+0x5d 0012f7fc 01e14721 gklayout!nsJSContext::CallEventHandler+0x2a0 0012f938 01e15188 gklayout!nsGlobalWindow::RunTimeout+0x651 0012f948 00302f0e gklayout!nsGlobalWindow::TimerCallback+0x28 0012f99c 003030f1 xpcom_core!nsTimerImpl::Fire+0x28e 0012f9b4 00304d1a xpcom_core!nsTimerEvent::Run+0xa1 0012f9f0 00296783 xpcom_core!nsThread::ProcessNextEvent+0x1fa 0012fa0c 0286f72d xpcom_core!NS_ProcessNextEvent_P+0x53 0012fa20 033f42db gkwidget!nsBaseAppShell::Run+0x5d 0012fa34 1000cfd7 tkitcmps!nsAppStartup::Run+0x6b 0012fed0 00401ac2 xul!XRE_main+0x2fb7 0012ff34 00401289 firefox!NS_internal_main+0x2b2 0012ff68 00402746 firefox!wmain+0x119 0012ffb8 0040259d firefox!__tmainCRTStartup+0x1a6 0012ffc0 7c817077 firefox!wmainCRTStartup+0xd WARNING: Stack unwind information not available. Following frames may be wrong. 0012fff0 00000000 kernel32!RegisterWaitForInputIdle+0x49 quit:
Flags: blocking1.9.2?
Flags: blocking1.9.1?
Hoping for a reduced testcase. Also some dup-coalescing of these upvar bugs! /be
Assignee: general → brendan
Status: NEW → ASSIGNED
Flags: blocking1.9.2?
OS: Windows XP → All
Priority: -- → P1
Hardware: x86 → All
Target Milestone: --- → mozilla1.9.1
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2a1pre) Gecko/20090513 Minefield/3.6a1pre I crash at that site @ js_Interpret... http://crash-stats.mozilla.com/report/index/f22448a1-9e22-4082-bd1b-bb92d2090515?p=1
Summary: Data from Faulting Address controls Branch Selection starting at js3250!js_GetUpvar+0x43 → upvar emitted incorrectly in an escaping function inside eval
Please block. Probably a dup of a bug brendan is working on.
Yessir.
Flags: blocking1.9.1? → blocking1.9.1+
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.