Closed
Bug 682793
Opened 13 years ago
Closed 7 years ago
Infinite recursion loop crashes Firefox when Firebug is installed
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: sebo, Unassigned)
References
Details
(Keywords: crash, Whiteboard: js-triage-needed)
Crash Data
Attachments
(1 file)
2.01 KB,
application/x-xpinstall
|
Details |
See https://crash-stats.mozilla.com/report/index/bp-911001c0-b0b5-4703-a737-0299a2110829 I used Firebug's Command Editor to execute the following lines of code: function test() { return test(); } test();
Comment 1•13 years ago
|
||
Stack overflow, this could be a dupe
Assignee: nobody → general
Severity: normal → critical
Component: General → JavaScript Engine
Keywords: crash
Product: Firefox → Core
QA Contact: general → general
Reporter | ||
Comment 2•13 years ago
|
||
> this could be a dupe
Probably yes. I don't think I am the only one that experienced that problem, because it's that easy to reproduce.
Btw. since Bugzilla changed its issue report system the "Report this Crash" link doesn't prefill the issue title anymore. I think that was possible before, though I just posted one or two bugs to crash reports yet.
Comment 3•13 years ago
|
||
This works in general, no (in that recursion protection kicks in). What's special about the Firebug command editor?
Reporter | ||
Comment 4•13 years ago
|
||
Well, I just tested this on another PC and just used the new Scratchpad of Firefox. Result: Firefox doesn't crash, but it gets completely unresponsive. The message for unresponsive scripts appears after a while (~3 minutes). Clicking "Stop script" doesn't stop it. Instead I get the message again after waiting a bit longer. The Firebug Command Editor works by eval()ing the entered code. Honza can surely explain this in more detail.
Comment 5•13 years ago
|
||
(In reply to Boris Zbarsky (:bz) from comment #3) > This works in general, no (in that recursion protection kicks in). What's > special about the Firebug command editor? Not an answer, but: bug 643360 showed that there are ways to trigger infinite recursion "underneath" the JS engine, within JSD. In fact, that patch never landed, but the details of this bug and the stack make it sound dissimilar.
Reporter | ||
Comment 6•13 years ago
|
||
I can't reproduce the test case of bug 643360 with FF 6.0 + FB 1.8.1 and FF 9.0a1 + FB 1.9.0a1 under Windows 7.
Updated•13 years ago
|
Whiteboard: js-triage-needed
Comment 7•13 years ago
|
||
(In reply to Sebastian Zartner from comment #4) > The Firebug Command Editor works by eval()ing the entered code. Honza can > surely explain this in more detail. 0) The user executes an expression on Firebug's command line. 1) Firebug uses win.document.setUserData to pass the expression into the page. 2) Firebug sends an event to the page (using win.document.dispatchEvent) 3) The page catches the event gets the expression and calls: window.eval(expr) Honza
Updated•13 years ago
|
Crash Signature: [@ XPCJSStackFrame::Release() ]
Comment 8•13 years ago
|
||
(In reply to Boris Zbarsky (:bz) from comment #3) > This works in general, no (in that recursion protection kicks in). What's > special about the Firebug command editor? I think that the special thing is that JSD is activated STR: 1) Install the attached extension (activates JSD and hooks jsd.debugHook, jsd.errorHook) 2) load following page (the timeout is probably not necessary, just helpful for me when debugging): <html><body> <script type="application/javascript;version=1.8"> setTimeout(function() { function hello() { hello(); } hello(); }, 5000); </script> </body></html><h2></h2> 3) Wait for Firefox crash Honza
Reporter | ||
Comment 9•13 years ago
|
||
More related crashes: https://crash-stats.mozilla.com/report/index/bp-643d8d32-4c8d-45b2-b9ef-a16612111128 https://crash-stats.mozilla.com/report/index/bp-782ed241-ce7d-4820-83e1-9203b2111128 I just tried to execute the test case of http://code.google.com/p/fbug/issues/detail?id=3663.
Comment 10•13 years ago
|
||
Mozilla/5.0 (Windows NT 6.1; rv:11.0a1) Gecko/20111127 Firefox/11.0a1 I have run the tests from comment #8 and comment #9 and no crash occured. Firebug is not compatible with Firefox 11 (Nightly). Sebastian, Jan - are you able to reproduce the crash on latest Nightly, with a clean profile? Thank you!
Reporter | ||
Comment 11•13 years ago
|
||
I didn't run the test of comment 8, but of comment 0 and comment 9 using FF 11.0a1 + FB 1.9.0b2 (SVN) and Firefox doesn't crash anymore. That's the good news. The bad one is, that it still freezes (without showing the Unresponsive Script message). Sebastian
Comment 12•12 years ago
|
||
So is this basically a duplicate of bug 643360? I guess this one has better str (e.g. a test extension).
Blocks: 643360
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Infinite recursion loop crashes Firefox → Infinite recursion loop crashes Firefox when Firebug is installed
Reporter | ||
Comment 15•12 years ago
|
||
I'm unsure, if both issues are caused by the same problem. I can still reproduce the crash of bug 643360 (see https://crash-stats.mozilla.com/report/index/bp-c4a6f554-43e3-44e3-ad1a-c529c2120228 and https://crash-stats.mozilla.com/report/index/a6826e2a-c7e1-40de-920a-227532120228). Though trying the test case here causes Firefox to freeze (no unresponsive script message, no crash reporter). This issue seems more like a duplicate of bug 647636. Sebastian
Comment 16•12 years ago
|
||
Another test: http://users.skumleren.net/cers/test/mrjones.html I think it is JSD since using the Firefox native debugger doesn't have the same effect, and I'm guessing it uses JSD2.
Assignee | ||
Updated•10 years ago
|
Assignee: general → nobody
Updated•9 years ago
|
Crash Signature: [@ XPCJSStackFrame::Release() ] → [@ XPCJSStackFrame::Release() ]
[@ XPCJSStackFrame::Release ]
Reporter | ||
Comment 17•7 years ago
|
||
Firebug is going away, so closing this. Sebastian
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•