Closed Bug 238058 Opened 21 years ago Closed 21 years ago

Crash [@js_GetStringBytes] from venkman

Categories

(Other Applications Graveyard :: Venkman JS Debugger, defect)

Product:
Other Applications Graveyard
Component:
Venkman JS Debugger
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

check for null string (diff -u -r1.63)
606 bytes, patch
rginda
: review+
brendan
: approval1.7+
Details | Diff | Splinter Review
i'd like to blame xpconnect :) basically i'm running mozilla (pre1.7a) w/ venkman and mozilla navigator. i have a running slow script and i asked venkman to continue and at some point it fell over: js3250.dll!js_GetStringBytes(JSString * str=0x00000000) Line 2882 C js3250.dll!JS_GetStringBytes(JSString * str=0x00000000) Line 3768 C > jsd3250.dll!jsdValue::GetStringValue(char * * _rval=0x0012e010) Line 2140 + 0x7 C++ xpcom.dll!XPTC_InvokeByIndex(nsISupports * that=0x0012e190, unsigned int methodIndex=0x00eb30ee, unsigned int paramCount=0x01f8e1d0, nsXPTCVariant * params=0x00000014) Line 102 C++ xpc3250.dll!AutoJSSuspendRequest::SuspendRequest() Line 2999 + 0x9 C++ xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_GETTER) Line 2022 + 0x16 C++ xpc3250.dll!XPC_WN_GetterSetter(JSContext * cx=0x0260fd98, JSObject * obj=0x0396d830, unsigned int argc=0x00000000, long * argv=0x029d6d50, long * vp=0x0012e26c) Line 1304 + 0xb C++ js3250.dll!js_Invoke(JSContext * cx=0xffffe100, unsigned int argc=0x002a015c, unsigned int flags=0x00000000) Line 941 + 0x11 C js3250.dll!js_InternalInvoke(JSContext * cx=0x03b70e7c, JSObject * obj=0x0396d830, long fval=0x0396dca0, unsigned int flags=0x00000000, unsigned int argc=0x00000000, long * argv=0x00000000, long * rval=0x0012e51c) Line 1035 + 0xe C js3250.dll!js_InternalGetOrSet(JSContext * cx=0x0260fd98, JSObject * obj=0x0396d830, long id=0x026c5a58, long fval=0x0396dca0, JSAccessMode mode=JSACC_READ, unsigned int argc=0x00000000, long * argv=0x00000000, long * rval=0x0012e51c) Line 1078 + 0x15 C js3250.dll!js_GetProperty(JSContext * cx=0x0260fd98, JSObject * obj=0x0396d830, long id=0x026c5a58, long * vp=0x0012e51c) Line 2672 + 0x1b C js3250.dll!js_Interpret(JSContext * cx=0x002a015c, long * result=0x00000000) Line 2792 + 0x213 C js3250.dll!js_Invoke(JSContext * cx=0xffffe100, unsigned int argc=0x002a015c, unsigned int flags=0x00000000) Line 958 + 0xa C xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper=0x002a01b8, unsigned short methodIndex=0xe100, const nsXPTMethodInfo * info=0x002a015c, nsXPTCMiniVariant * nativeParams=0x00000000) Line 1336 + 0x10 C++ xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=0x0003, const nsXPTMethodInfo * info=0x02a27468, nsXPTCMiniVariant * params=0x0012e76c) Line 450 C++ xpcom.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x00000000, unsigned int methodIndex=0x00000003, unsigned int * args=0x0012e824, unsigned int * stackBytesToPop=0x0012e814) Line 117 + 0x12 C++ xpcom.dll!SharedStub() Line 147 C++ jsd3250.dll!jsds_ExecutionHookProc(JSDContext * jsdc=0x00e58260, JSDThreadState * jsdthreadstate=0x04067288, unsigned int type=0x00000004, void * callerdata=0x00000000, long * rval=0x0012ea0c) Line 678 C++ jsd3250.dll!jsd_CallExecutionHook(JSDContext * jsdc=0x00e58260, JSContext * cx=0x0260fd98, unsigned int type=0x00000005, unsigned int (JSDContext *, JSDThreadState *, unsigned int, void *, long *)* hook=0x013b7d5d, void * hookData=0x00000000, long * rval=0x0012ea0c) Line 178 C jsd3250.dll!jsd_ThrowHandler(JSContext * cx=0x0260fd98, JSScript * script=0x021c2f50, unsigned char * pc=0x021c2fa0, long * rval=0x0012ea0c, void * closure=0x021a8b18) Line 149 + 0x12 C js3250.dll!js_Interpret(JSContext * cx=0x002a015c, long * result=0x00000000) Line 4224 + 0x19 C js3250.dll!js_Invoke(JSContext * cx=0xffffe100, unsigned int argc=0x002a015c, unsigned int flags=0x00000000) Line 958 + 0xa C js3250.dll!js_Interpret(JSContext * cx=0x002a015c, long * result=0x00000000) Line 2963 C js3250.dll!js_Invoke(JSContext * cx=0xffffe100, unsigned int argc=0x002a015c, unsigned int flags=0x00000000) Line 958 + 0xa C js3250.dll!js_InternalInvoke(JSContext * cx=0x0260fdc4, JSObject * obj=0x027c9e28, long fval=0x03c73c70, unsigned int flags=0x00000000, unsigned int argc=0x00000001, long * argv=0x0012ee6c, long * rval=0x0012ee9c) Line 1035 + 0xe C js3250.dll!JS_CallFunctionValue(JSContext * cx=0x0260fd98, JSObject * obj=0x027c9e28, long fval=0x03c73c70, unsigned int argc=0x00000001, long * argv=0x0012ee6c, long * rval=0x0012ee9c) Line 3592 + 0x1a C jsdom.dll!nsJSContext::CallEventHandler(JSObject * aTarget=0x027c9e28, JSObject * aHandler=0x03c73c70, unsigned int argc=0x00000001, long * argv=0x0012ee6c, long * rval=0x0012ee9c) Line 1231 + 0x18 C++ jsdom.dll!nsJSEventListener::HandleEvent(nsIDOMEvent * aEvent=0x00000000) Line 174 + 0x1c C++ gklayout.dll!nsEventListenerManager::HandleEventSubType (nsListenerStruct * aListenerStruct=0x002a01b8, nsIDOMEvent * aDOMEvent=0x002a01b8, nsIDOMEventTarget * aCurrentTarget=0xffffe100, unsigned int aSubType=0x002a015c, unsigned int aPhaseFlags=0x00000000) Line 1434 + 0xb C++ gklayout.dll!nsEventListenerManager::HandleEvent(nsIPresContext * aPresContext=0x00000000, nsEvent * aEvent=0x0012f608, nsIDOMEvent * * aDOMEvent=0x0012f4f0, nsIDOMEventTarget * aCurrentTarget=0x03ab1d18, unsigned int aFlags=0x00000002, nsEventStatus * aEventStatus=0x0012f658) Line 1527 + 0x21 C++ gklayout.dll!nsXULElement::HandleDOMEvent(nsIPresContext * aPresContext=0x002a01b8, nsEvent * aEvent=0x002a01b8, nsIDOMEvent * * aDOMEvent=0xffffe100, unsigned int aFlags=0x002a015c, nsEventStatus * aEventStatus=0x00000000) Line 2877 C++ gklayout.dll!nsXULElement::HandleDOMEvent(nsIPresContext * aPresContext=0x002a01b8, nsEvent * aEvent=0x002a01b8, nsIDOMEvent * * aDOMEvent=0xffffe100, unsigned int aFlags=0x002a015c, nsEventStatus * aEventStatus=0x00000000) Line 2896 C++ gklayout.dll!PresShell::HandleDOMEventWithTarget(nsIContent * aTargetContent=0x02635d20, nsEvent * aEvent=0x0012f608, nsEventStatus * aStatus=0x0012f658) Line 6181 C++ gklayout.dll!nsButtonBoxFrame::MouseClicked(nsIPresContext * aPresContext=0x02731008, nsGUIEvent * aEvent=0x0012f748) Line 179 C++ gklayout.dll!nsButtonBoxFrame::HandleEvent(nsIPresContext * aPresContext=0x02731008, nsGUIEvent * aEvent=0x0012f748, nsEventStatus * aEventStatus=0x0012f938) Line 148 C++ gklayout.dll!PresShell::HandleEventInternal(nsEvent * aEvent=0x0012f748, nsIView * aView=0x00000000, unsigned int aFlags=0x00000001, nsEventStatus * aStatus=0x0012f938) Line 6145 + 0x10 C++ gklayout.dll!PresShell::HandleEventWithTarget(nsEvent * aEvent=0x0012f748, nsIFrame * aFrame=0x01f5d9a4, nsIContent * aContent=0x01f5edd0, unsigned int aFlags=0x00000001, nsEventStatus * aStatus=0x0012f938) Line 6046 C++ gklayout.dll!nsEventStateManager::CheckForAndDispatchClick (nsIPresContext * aPresContext=0xffffe100, nsMouseEvent * aEvent=0x002a015c, nsEventStatus * aStatus=0x00000000) Line 2856 C++ gklayout.dll!nsEventStateManager::PostHandleEvent(nsIPresContext * aPresContext=0x02731008, nsEvent * aEvent=0x0012f9f0, nsIFrame * aTargetFrame=0x01f5d9a4, nsEventStatus * aStatus=0x0012f938, nsIView * aView=0x02731490) Line 1866 + 0xf C++ gklayout.dll!PresShell::HandleEventInternal(nsEvent * aEvent=0x0012f9f0, nsIView * aView=0x02731490, unsigned int aFlags=0x00000001, nsEventStatus * aStatus=0x0012f938) Line 6153 + 0x16 C++ gklayout.dll!PresShell::HandleEvent(nsIView * aView=0x02731490, nsGUIEvent * aEvent=0x0012f9f0, nsEventStatus * aEventStatus=0x0012f938, int aForceHandle=0x01f5d9a4, int & aHandled=0x01649ec0) Line 5983 + 0x11 C++ gklayout.dll!nsViewManager::HandleEvent(nsView * aView=0xffffe100, nsGUIEvent * aEvent=0x002a015c, int aCaptured=0x00000000) Line 2271 C++ gklayout.dll!nsViewManager::DispatchEvent(nsGUIEvent * aEvent=0x3d888889, nsEventStatus * aStatus=0x0012f9ac) Line 2010 + 0x14 C++ gklayout.dll!HandleEvent(nsGUIEvent * aEvent=0x0012f9f0) Line 79 C++ gkwidget.dll!nsWindow::DispatchEvent(nsGUIEvent * event=0x0012f9f0, nsEventStatus & aStatus=nsEventStatus_eIgnore) Line 1064 + 0x3 C++ gkwidget.dll!nsWindow::DispatchWindowEvent(nsGUIEvent * event=0x00000000) Line 1085 C++ gkwidget.dll!nsWindow::DispatchMouseEvent(unsigned int aEventType=0xffffe100, unsigned int wParam=0x002a015c, nsPoint * aPoint=0x00000000) Line 5209 C++ gkwidget.dll!ChildWindow::DispatchMouseEvent(unsigned int aEventType=0x0000012d, unsigned int wParam=0x00000000, nsPoint * aPoint=0x00000000) Line 5461 + 0x13 C++ gkwidget.dll!nsWindow::ProcessMessage(unsigned int msg=0x002a01b8, unsigned int wParam=0xffffe100, long lParam=0x002a015c, long * aRetValue=0x00000000) Line 4046 + 0x11 C++ gkwidget.dll!nsWindow::WindowProc(HWND__ * hWnd=0x00060756, unsigned int msg=0x00000000, unsigned int wParam=0x00000000, long lParam=0x027314fc) Line 1346 + 0x10 C++ user32.dll!77d43a50() user32.dll!77d43b1f() user32.dll!GetMessageW() + 0x125 user32.dll!DispatchMessageW() + 0xb appshell.dll!nsAppShellService::Run() Line 484 C++ mozilla.exe!main1(int argc=0x002a015c, char * * argv=0x00000000, nsISupports * nativeApp=0x00000000) Line 1291 + 0x9 C++ mozilla.exe!main(int argc=0x00000001, char * * argv=0x002a27c8) Line 1678 + 0x16 C++ mozilla.exe!WinMain(HINSTANCE__ * __formal=0x00400000, HINSTANCE__ * __formal=0x00400000, char * args=0x00152303, HINSTANCE__ * __formal=0x00400000) Line 1702 + 0x17 C++ mozilla.exe!WinMainCRTStartup() Line 392 + 0xf C kernel32.dll!GetCurrentDirectoryW() + 0x44 This appears to be the object leading directly to my null woes: - (JSObject*)(mValue->val) 0x026a0380 {map=0x028d23e8 {nrefs=0x00000001 ops=0x00f1c868 _js_ObjectOps nslots=0x00000008 ...} slots=0x03ad5aa4 } JSObject * - map 0x028d23e8 {nrefs=0x00000001 ops=0x00f1c868 _js_ObjectOps nslots=0x00000008 ...} JSObjectMap * nrefs 0x00000001 long - ops 0x00f1c868 _js_ObjectOps JSObjectOps * newObjectMap 0x00ef63e4 js_NewObjectMap(JSContext *, long, JSObjectOps *, JSClass *, JSObject *) JSObjectMap * (JSContext *, long, JSObjectOps *, JSClass *, JSObject *)* destroyObjectMap 0x00ef63ed js_DestroyObjectMap(JSContext *, JSObjectMap *) void (JSContext *, JSObjectMap *)* lookupProperty 0x00ef68c5 js_LookupProperty(JSContext *, JSObject *, long, JSObject * *, JSProperty * *) int (JSContext *, JSObject *, long, JSObject * *, JSProperty * *)* defineProperty 0x00ef9ea1 js_DefineProperty(JSContext *, JSObject *, long, long, (JSContext *, JSObject *, long, long *)*, (JSContext *, JSObject *, long, long *)*, unsigned int, JSProperty * *) int (JSContext *, JSObject *, long, long, int (JSContext *, JSObject *, long, long *)*, int (JSContext *, JSObject *, long, long *)*, unsigned int, JSProperty * *)* getProperty 0x00ef6f1c js_GetProperty(JSContext *, JSObject *, long, long *) int (JSContext *, JSObject *, long, long *)* setProperty 0x00ef7290 js_SetProperty(JSContext *, JSObject *, long, long *) int (JSContext *, JSObject *, long, long *)* getAttributes 0x00ef7798 js_GetAttributes(JSContext *, JSObject *, long, JSProperty *, unsigned int *) int (JSContext *, JSObject *, long, JSProperty *, unsigned int *)* setAttributes 0x00ef7855 js_SetAttributes(JSContext *, JSObject *, long, JSProperty *, unsigned int *) int (JSContext *, JSObject *, long, JSProperty *, unsigned int *)* deleteProperty 0x00ef792f js_DeleteProperty(JSContext *, JSObject *, long, long *) int (JSContext *, JSObject *, long, long *)* defaultValue 0x00ef950b js_DefaultValue(JSContext *, JSObject *, JSType, long *) int (JSContext *, JSObject *, JSType, long *)* enumerate 0x00ef7c52 js_Enumerate(JSContext *, JSObject *, JSIterateOp, long *, long *) int (JSContext *, JSObject *, JSIterateOp, long *, long *)* checkAccess 0x00ef7e8a js_CheckAccess(JSContext *, JSObject *, long, JSAccessMode, long *, unsigned int *) int (JSContext *, JSObject *, long, JSAccessMode, long *, unsigned int *)* thisObject 0x00000000 JSObject * (JSContext *, JSObject *)* dropProperty 0x00ef801e js_DropProperty(JSContext *, JSObject *, JSProperty *) void (JSContext *, JSObject *, JSProperty *)* call 0x00ef807d js_Call(JSContext *, JSObject *, unsigned int, long *, long *) int (JSContext *, JSObject *, unsigned int, long *, long *)* construct 0x00ef80f1 js_Construct(JSContext *, JSObject *, unsigned int, long *, long *) int (JSContext *, JSObject *, unsigned int, long *, long *)* xdrObject 0x00000000 int (JSXDRState *, JSObject * *)* hasInstance 0x00ef8166 js_HasInstance(JSContext *, JSObject *, long, int *) int (JSContext *, JSObject *, long, int *)* setProto 0x00ef8874 js_SetProtoOrParent(JSContext *, JSObject *, unsigned long, JSObject *) int (JSContext *, JSObject *, unsigned long, JSObject *)* setParent 0x00ef8874 js_SetProtoOrParent(JSContext *, JSObject *, unsigned long, JSObject *) int (JSContext *, JSObject *, unsigned long, JSObject *)* mark 0x00ef84b7 js_Mark(JSContext *, JSObject *, void *) unsigned long (JSContext *, JSObject *, void *)* clear 0x00ef8646 js_Clear(JSContext *, JSObject *) void (JSContext *, JSObject *)* getRequiredSlot 0x00ef876d js_GetRequiredSlot(JSContext *, JSObject *, unsigned long) long (JSContext *, JSObject *, unsigned long)* setRequiredSlot 0x00ef87b4 js_SetRequiredSlot(JSContext *, JSObject *, unsigned long, long) void (JSContext *, JSObject *, unsigned long, long)* nslots 0x00000008 unsigned long freeslot 0x00000008 unsigned long + slots 0x03ad5aa4 long * The lines in question: jsdValue::GetStringValue(char **_rval) { ASSERT_VALID_EPHEMERAL; JSString *jstr_val = JSD_GetValueString(mCx, mValue); ^^^^^^ ^^^^^^^^^^^^^^^^^^ = zero char *bytes = JS_GetStringBytes(jstr_val); // crashes unhappily
Did something cause jsd to JS_RemoveRoot the address of jsdval->val? That address is registered as the address of a root int JSDValue's ctor. /be
console.views.locals.refresh = function lv_refresh() seems to call rootRecord.childData[i].refresh(); which if i'm right, might be jsdValue::Refresh() which calls JSD_RefreshValue (mCx, mValue); which calls jsd_RefreshValue(jsdc, jsdval); which might call JS_RemoveRoot(cx, &jsdval->string); after that sequence, nothing seems very interested in resetting fields. given that this->mValue->string is 0, i think that chain of events makes sense.
Attachment #144510 - Flags: review?(rginda)
Attachment #144510 - Attachment description: check for null string → check for null string (diff -u -r1.63)
Comment on attachment 144510 [details] [diff] [review] check for null string (diff -u -r1.63) r=rginda
Attachment #144510 - Flags: review?(rginda) → review+
Comment on attachment 144510 [details] [diff] [review] check for null string (diff -u -r1.63) >Index: jsd_xpc.cpp >=================================================================== >RCS file: /cvsroot/mozilla/js/jsd/jsd_xpc.cpp,v >retrieving revision 1.1 >diff -u -r1.1 jsd_xpc.cpp >--- jsd_xpc.cpp >+++ jsd_xpc.cpp >@@ -2136,8 +2136,10 @@ > jsdValue::GetStringValue(char **_rval) > { > ASSERT_VALID_EPHEMERAL; >+ char *bytes = nsnull; > JSString *jstr_val = JSD_GetValueString(mCx, mValue); >- char *bytes = JS_GetStringBytes(jstr_val); >+ if (jstr_val) >+ bytes = JS_GetStringBytes(jstr_val); > if (bytes) { > *_rval = PL_strdup(bytes); > if (!*_rval) Use ?: and avoid extra lines and tests: JSString *jstr_val = JSD_GetValueString(mCx, mValue); if (jstr_val) { char *bytes = JS_GetStringBytes(jstr_val); Note that JS_GetStringBytes cannot return null, by design. With that change, sr=me and get this in for 1.7 final. Thanks, /be
Attachment #144510 - Flags: approval1.7+
mozilla/js/jsd/jsd_xpc.cpp 1.64
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Product: Core → Other Applications
Crash Signature: [@js_GetStringBytes]
Product: Other Applications → Other Applications Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: