[Bug 1471949] Re: Firefox 39 crashes on startup or within a few seconds on Precise/x86

Chris Coulson chris.coulson at canonical.com
Fri Jul 17 20:10:51 UTC 2015 

Here's the disassembly from a good build with vanilla gcc 4.8.4. It's
basically identical, but it contains 3 extra instructions that are
missing from the broken build.

   0xf57fe991 <+1729>:  mov    0xa0(%ebp),%edx
   0xf57fe997 <+1735>:  mov    0x84(%esp),%esi // %esi now points to |pn|
   0xf57fe99e <+1742>:  add    $0x18,%edx
   0xf57fe9a1 <+1745>:  cmpl   $0xfe,0x28(%esp) // Compare |hops| with 254 (FREE_LEVEL - 1)
   0xf57fe9a9 <+1753>:  mov    %al,0x2(%esi) // Calls pn->SetOp(op)
   0xf57fe9ac <+1756>:  mov    0x34(%esp),%eax // %eax now contains |slot|
   0xf57fe9b0 <+1760>:  ja     0xf57fea10 <js::frontend::BytecodeEmitter::tryConvertFreeName(js::frontend::ParseNode*)+1856> // Jump if |hops| > 254
   0xf57fe9b2 <+1762>:  cmp    $0xffffff,%eax // Compare |slot| with 0xffffff
   0xf57fe9b7 <+1767>:  ja     0xf57fe9f9 <js::frontend::BytecodeEmitter::tryConvertFreeName(js::frontend::ParseNode*)+1833> // Jump if |slot| > 0xffffff
   0xf57fe9b9 <+1769>:  mov    0x84(%esp),%esi // %esi now points to |pn|
   0xf57fe9c0 <+1776>:  shl    $0x8,%eax // Left shift new |slot| value by 8-bits

// These next 3 instructions are missing in the broken build
   0xf57fe9c3 <+1779>:  mov    $0x1,%edi
   0xf57fe9c8 <+1784>:  movzbl 0x28(%esp),%edx // %edx now contains |hops|
   0xf57fe9cd <+1789>:  mov    %dl,0x20(%esi) // Save |hops| in to |level_| in pn->pn_u.name.cookie

   0xf57fe9d0 <+1792>:  mov    %eax,%edx // %edx now contains |slot|
   0xf57fe9d2 <+1794>:  movzbl 0x20(%esi),%eax // Load |level_| from pn->pn_u.name.cookie in to %eax
   0xf57fe9d6 <+1798>:  or     %edx,%eax // %eax now contains the bitwise-OR of |level_| and new |slot| value
   0xf57fe9d8 <+1800>:  mov    %eax,0x20(%esi) // Save the new values to |level_| and |slot_| in pn->pn_u.name.cookie

-- 
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1471949

Title:
  Firefox 39 crashes on startup or within a few seconds on Precise/x86

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1471949/+subscriptions

More information about the Ubuntu-mozillateam-bugs mailing list