Hide Forgot
Description of problem: In testing Firefox 10 beta 3, I was trying to hack up some website for testing something with Javascript. I discovered that all javascript commands need to be run from the Web console. Upon trying to input to the console, I've realized that inputting about 4 characters or so will cause it to crash every time on my system. This occurs both on an existing Firefox profile and a new one (even in safe mode with all plugins disabled) Version-Release number of selected component (if applicable): firefox-10.0-0.1.b3.el6.x86_64 xulrunner-10.0-0.1.b3.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Launch Firefox 2. Tools -> Web Developer -> Web Consle 3. Type any characters into the toolbar Actual results: The application hangs for a few seconds then crashes Expected results: Text should be input into the web console Additional info: I tried disabling iBus and running in safe mode with a new profile. None of this seems to fix the issue. The only workaround is to copy and paste the entire command into the Web Console, rather than typing.
I found upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=645886 This issue looks identical. Comment 5 recommends running "call DumpJSStack()" while the program is crashed. I have, and here is the output: (gdb) call DumpJSStack() 0 hidePopup() ["chrome://global/content/bindings/popup.xml":108] menuBox = [object BoxObject] popupBox = [object BoxObject] this = [object XULElement] 1 AP_hidePopup() ["resource:///modules/AutocompletePopup.jsm":136] this = [object Object] 2 JSTF_clearCompletion() ["resource:///modules/HUDService.jsm":5476] this = [object Object] 3 JSTF_complete(type = 2) ["resource:///modules/HUDService.jsm":5410] accepted = undefined popup = [object Object] inputValue = "as" inputNode = [object XULElement] this = [object Object] 4 JSTF_inputEventHandler(aEvent = [object UIEvent]) ["resource:///modules/HUDService.jsm":5164] this = [object Object]
It's more related to optimized build of Firefox with gcc 4.4.x: https://bugzilla.mozilla.org/show_bug.cgi?id=723900
Upstream bug - https://bugzilla.mozilla.org/show_bug.cgi?id=694594
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Some description: https://bugzilla.mozilla.org/show_bug.cgi?id=694594#c19
Created attachment 566323 [details] testcase
Looks like a GCC 4.4 bug, I've filed http://gcc.gnu.org/PR52430 to track it. As a quick workaround, you can compile that single TU (preferably for gcc 4.4 only) with -fno-ipa-cp, or you could tweak the callers of the growStorageBy method in the TU like: Vector<T,N,AP>::append(U t) { ReentrancyGuard g(*this); ((void) 0); ((void) 0); ((void) 0); ((void) 0); - if (mLength == mCapacity && !growStorageBy(1)) + int incr = 1; +#if defined (__GNUC__) && __GNUC__ == 4 && __GNUC_MINOR__ == 4 + asm ("" : "+r" (incr)); +#endif + if (mLength == mCapacity && !growStorageBy(incr)) return false; (or add a dummy #if defined (__GNUC__) && __GNUC__ == 4 && __GNUC_MINOR__ == 4 __attribute__((used)) static void foo (Vector<whatever,whatever,whatever> *p, int incr) { p->growStorageBy(incr); } #endif ) to make sure all the calls to growStorageBy aren't with argument constant 1 in the TU.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0387.html