Closed Bug 279289 Opened 20 years ago Closed 20 years ago

xbl startup crash - unrooted evaluatestring last ditch gc'd ? [@ 00000015 - js_GetSlotThreadSafe]

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: brendan)

Details

(Keywords: crash, js1.5)

Crash Data

Attachments

(1 file, 1 obsolete file)

fix
2.74 KB, patch
shaver
: review+
Details | Diff | Splinter Review
Unhandled exception at 0x00000015 in mozilla.exe: 0xC0000005: Access violation reading location 0x00000015. EAX = 00000015 EBX = 016012F8 ECX = 64030A10 EDX = 02EE9A10 ESI = 030A6BA8 EDI = 030A6BA0 EIP = 00000015 ESP = 0012D3C8 EBP = 0012D3E8 EFL = 00000202 00000015() js3250.dll!js_GetSlotThreadSafe(JSContext * cx=0x02ee9a10, JSObject * obj=0x030a6ba0, unsigned long slot=0x00000002) Line 554 + 0x10 C js3250.dll!JS_TypeOfValue(JSContext * cx=0x02ee9a10, long v=0x00000001) Line 615 + 0x37 C gklayout.dll!nsEventReceiverSH::SetProperty(nsIXPConnectWrappedNative * wrapper=0x030b40a0, JSContext * cx=0x02ee9a10, JSObject * obj=0x030a69a0, long id=0x026b84f4, long * vp=0x0012d4cc, int * _retval=0x0012d484) Line 5193 + 0xe C++ gklayout.dll!nsNodeSH::AddProperty(nsIXPConnectWrappedNative * wrapper=0x030b40a0, JSContext * cx=0x02ee9a10, JSObject * obj=0x030a69a0, long id=0x026b84f4, long * vp=0x0012d4cc, int * _retval=0x0012d484) Line 5053 + 0x1a C++ > xpc3250.dll!XPC_WN_Helper_AddProperty(JSContext * cx=0x02ee9a10, JSObject * obj=0x030a69a0, long idval=0x026b84f4, long * vp=0x0012d4cc) Line 796 C++ js3250.dll!js_DefineNativeProperty(JSContext * cx=0x02ee9a10, JSObject * obj=0x030a69a0, long id=0x02a622e8, long value=0x030a6ba0, int (JSContext *, JSObject *, long, long *)* getter=0x00b01ab0, int (JSContext *, JSObject *, long, long *)* setter=0x00ae5c71, unsigned int attrs=0x00000001, unsigned int flags=0x00000000, int shortid=0x00000000, JSProperty * * propp=0x00000000) Line 2255 + 0x33 C js3250.dll!js_DefineProperty(JSContext * cx=0x02ee9a10, JSObject * obj=0x030a69a0, long id=0x02a622e8, long value=0x030a6ba0, int (JSContext *, JSObject *, long, long *)* getter=0x00000000, int (JSContext *, JSObject *, long, long *)* setter=0x00000000, unsigned int attrs=0x00000001, JSProperty * * propp=0x00000000) Line 2166 + 0x21 C js3250.dll!DefineUCProperty(JSContext * cx=0x02ee9a10, JSObject * obj=0x030a6ba0, const unsigned short * name=0x024d5d20, unsigned int namelen=0x64030a10, long value=0x030a6ba0, int (JSContext *, JSObject *, long, long *)* getter=0x00000000, int (JSContext *, JSObject *, long, long *)* setter=0x00000000, unsigned int attrs=0x00000001, unsigned int flags=0x00000000, int tinyid=0x00000000) Line 2292 + 0x1b C js3250.dll!JS_DefineUCProperty(JSContext * cx=0x02ee9a10, JSObject * obj=0x030a69a0, const unsigned short * name=0x024d5d20, unsigned int namelen=0x0000000d, long value=0x030a6ba0, int (JSContext *, JSObject *, long, long *)* getter=0x00000000, int (JSContext *, JSObject *, long, long *)* setter=0x00000000, unsigned int attrs=0x00000001) Line 2637 + 0x22 C gklayout.dll!nsXBLProtoImplField::InstallMember(nsIScriptContext * aContext=0x00000000, nsIContent * aBoundElement=0x030ac278, void * aScriptObject=0x030a69a0, void * aTargetClassObject=0x030a69b0, const nsCString & aClassStr={...}) Line 134 + 0x1a C++ gklayout.dll!nsXBLProtoImpl::InstallImplementation(nsXBLPrototypeBinding * aBinding=0x0286df80, nsIContent * aBoundElement=0x02ed7968) Line 84 + 0x12 C++ gklayout.dll!nsXBLPrototypeBinding::InstallImplementation(nsIContent * aBoundElement=0x030ac278) Line 426 + 0xa C++ gklayout.dll!nsXBLBinding::InstallImplementation() Line 812 C++ gklayout.dll!nsXBLService::LoadBindings(nsIContent * aContent=0x030ac278, nsIURI * aURL=0x01cc1dd0, int aAugmentFlag=0x00000000, nsIXBLBinding * * aBinding=0x0012d6d0, int * aResolveStyle=0x0012d6a8) Line 634 C++ gklayout.dll!nsElementSH::PostCreate(nsIXPConnectWrappedNative * wrapper=0x01c877e0, JSContext * cx=0x00000000, JSObject * obj=0x030ac278) Line 5300 C++ xpc3250.dll!XPCWrappedNative::GetNewOrUsed(XPCCallContext & ccx={...}, nsISupports * Object=0x030a6630, XPCWrappedNativeScope * Scope=0x02ee9bc8, XPCNativeInterface * Interface=0x01d13e90, XPCWrappedNative * * resultWrapper=0x0012d794) Line 438 C++ xpc3250.dll!XPCConvert::NativeInterface2JSObject(XPCCallContext & ccx={...}, nsIXPConnectJSObjectHolder * * dest=0x0012d7dc, nsISupports * src=0x030ac280, const nsID * iid=0x0012d914, JSObject * scope=0x02f362f0, unsigned int * pErr=0x0012d960) Line 1062 + 0x11 C++ xpc3250.dll!XPCConvert::NativeData2JS(XPCCallContext & ccx={...}, long * d=0x0012d974, const void * s=0x0012d828, const nsXPTType & type={...}, const nsID * iid=0x0012d914, JSObject * scope=0x02f362f0, unsigned int * pErr=0x0012d960) Line 463 + 0x1e C++ xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2123 + 0x1b C++ xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x02ee9a10, JSObject * obj=0x02f362f0, unsigned int argc=0x00000003, long * argv=0x01cd5fd4, long * vp=0x0012da5c) Line 1287 + 0xa C++ js3250.dll!js_Invoke(JSContext * cx=0x00ae5b87, unsigned int argc=0x01d187c8, unsigned int flags=0x030b40a0) Line 1293 + 0x11 C js3250.dll!js_Interpret(JSContext * cx=0x01d187c8, long * result=0x030b40a0) Line 3627 C js3250.dll!js_Execute(JSContext * cx=0x00a53e38, JSObject * chain=0x030a65c0, JSScript * script=0x030acd60, JSStackFrame * down=0x00000000, unsigned int flags=0x00000000, long * result=0x0012dcdc) Line 1526 C js3250.dll!JS_EvaluateUCScriptForPrincipals(JSContext * cx=0x02ee9a10, JSObject * obj=0x030a65c0, JSPrincipals * principals=0x009ef724, const unsigned short * chars=0x024e1b88, unsigned int length=0x00000054, const char * filename=0x0012dd3c, unsigned int lineno=0x0000054c, long * rval=0x0012dcdc) Line 3702 + 0xf C gklayout.dll!nsJSContext::EvaluateStringWithValue(const nsAString & aScript={...}, void * aScopeObject=0x030a65c0, nsIPrincipal * aPrincipal=0xffffffff, const char * aURL=0x0012dd3c, unsigned int aLineNo=0x0000054c, const char * aVersion=0x00000000, void * aRetValue=0x0012dd98, int * aIsUndefined=0x0012dd90) Line 815 + 0x36 C++ gklayout.dll!nsXBLProtoImplField::InstallMember(nsIScriptContext * aContext=0x02ed7968, nsIContent * aBoundElement=0x030a5ce0, void * aScriptObject=0x030a65c0, void * aTargetClassObject=0x030a65d0, const nsCString & aClassStr={...}) Line 126 + 0x30 C++ gklayout.dll!nsXBLProtoImpl::InstallImplementation(nsXBLPrototypeBinding * aBinding=0x0292d908, nsIContent * aBoundElement=0x02ed7968) Line 84 + 0x12 C++ gklayout.dll!nsXBLPrototypeBinding::InstallImplementation(nsIContent * aBoundElement=0x030a5ce0) Line 426 + 0xa C++ gklayout.dll!nsXBLBinding::InstallImplementation() Line 812 C++ gklayout.dll!nsXBLBinding::InstallImplementation() Line 809 C++ gklayout.dll!nsXBLService::LoadBindings(nsIContent * aContent=0x030a5ce0, nsIURI * aURL=0x028fb7f8, int aAugmentFlag=0x00000000, nsIXBLBinding * * aBinding=0x0012de90, int * aResolveStyle=0x0012de68) Line 634 C++ gklayout.dll!nsElementSH::PostCreate(nsIXPConnectWrappedNative * wrapper=0x01c877e0, JSContext * cx=0x00000000, JSObject * obj=0x030a5ce0) Line 5300 C++ xpc3250.dll!XPCWrappedNative::GetNewOrUsed(XPCCallContext & ccx={...}, nsISupports * Object=0x030a65b8, XPCWrappedNativeScope * Scope=0x02ee9bc8, XPCNativeInterface * Interface=0x01d13e90, XPCWrappedNative * * resultWrapper=0x0012df54) Line 438 C++ xpc3250.dll!XPCConvert::NativeInterface2JSObject(XPCCallContext & ccx={...}, nsIXPConnectJSObjectHolder * * dest=0x0012df9c, nsISupports * src=0x030a5ce8, const nsID * iid=0x0012e0d4, JSObject * scope=0x02f362f0, unsigned int * pErr=0x0012e120) Line 1062 + 0x11 C++ xpc3250.dll!XPCConvert::NativeData2JS(XPCCallContext & ccx={...}, long * d=0x0012e134, const void * s=0x0012dfe8, const nsXPTType & type={...}, const nsID * iid=0x0012e0d4, JSObject * scope=0x02f362f0, unsigned int * pErr=0x0012e120) Line 463 + 0x1e C++ xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2123 + 0x1b C++ xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x02ee9a10, JSObject * obj=0x02f362f0, unsigned int argc=0x00000003, long * argv=0x01cd5fd4, long * vp=0x0012e21c) Line 1287 + 0xa C++ js3250.dll!js_Invoke(JSContext * cx=0x00ae5b87, unsigned int argc=0x01d187c8, unsigned int flags=0x030b40a0) Line 1293 + 0x11 C js3250.dll!js_Interpret(JSContext * cx=0x01d187c8, long * result=0x030b40a0) Line 3627 C js3250.dll!js_Execute(JSContext * cx=0x00a53e38, JSObject * chain=0x02ff1638, JSScript * script=0x0295ff78, JSStackFrame * down=0x00000000, unsigned int flags=0x00000000, long * result=0x0012e49c) Line 1526 C js3250.dll!JS_EvaluateUCScriptForPrincipals(JSContext * cx=0x02ee9a10, JSObject * obj=0x02ff1638, JSPrincipals * principals=0x009ef724, const unsigned short * chars=0x02a2a7d8, unsigned int length=0x00000091, const char * filename=0x0012e4fc, unsigned int lineno=0x000000e9, long * rval=0x0012e49c) Line 3702 + 0xf C gklayout.dll!nsJSContext::EvaluateStringWithValue(const nsAString & aScript={...}, void * aScopeObject=0x02ff1638, nsIPrincipal * aPrincipal=0xffffffff, const char * aURL=0x0012e4fc, unsigned int aLineNo=0x000000e9, const char * aVersion=0x00000000, void * aRetValue=0x0012e558, int * aIsUndefined=0x0012e550) Line 815 + 0x36 C++ gklayout.dll!nsXBLProtoImplField::InstallMember(nsIScriptContext * aContext=0x02ed7968, nsIContent * aBoundElement=0x03002ce8, void * aScriptObject=0x02ff1638, void * aTargetClassObject=0x02ff1760, const nsCString & aClassStr={...}) Line 126 + 0x30 C++ gklayout.dll!nsXBLProtoImpl::InstallImplementation(nsXBLPrototypeBinding * aBinding=0x0299a4b0, nsIContent * aBoundElement=0x02ed7968) Line 84 + 0x12 C++ gklayout.dll!nsXBLPrototypeBinding::InstallImplementation(nsIContent * aBoundElement=0x03002ce8) Line 426 + 0xa C++ gklayout.dll!nsXBLBinding::InstallImplementation() Line 812 C++ gklayout.dll!nsXBLBinding::InstallImplementation() Line 809 C++ gklayout.dll!nsXBLService::LoadBindings(nsIContent * aContent=0x03002ce8, nsIURI * aURL=0x027d1318, int aAugmentFlag=0x00000000, nsIXBLBinding * * aBinding=0x0012e618, int * aResolveStyle=0x0012e624) Line 634 C++ gklayout.dll!nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03002ce8, nsIFrame * aParentFrame=0x030a0964, nsIAtom * aTag=0x00a68628, int aNameSpaceID=0x00000009, nsStyleContext * aStyleContext=0x030a0b84, nsFrameItems & aFrameItems={...}, int aXBLBaseTag=0x00000000) Line 7494 C++ gklayout.dll!nsCSSFrameConstructor::ConstructFrame(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00000000, nsIFrame * aParentFrame=0x030a0b84, nsFrameItems & aFrameItems={...}) Line 7451 C++ gklayout.dll!nsCSSFrameConstructor::ProcessChildren(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03002b38, nsIFrame * aFrame=0x03002ce8, int aCanHaveGeneratedContent=0x00000000, nsFrameItems & aFrameItems={...}, int aParentIsBlock=0x00000000, nsTableCreator * aTableCreator=0x03002ce8) Line 11703 + 0x25 C++ gklayout.dll!nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03002b38, nsIFrame * aParentFrame=0x03098b88, nsIAtom * aTag=0x00a68468, int aNameSpaceID=0x00000001, nsStyleContext * aStyleContext=0x03098ea0, nsFrameItems & aFrameItems={...}, int aXBLBaseTag=0x00000000, int & aHaltProcessing=0x0012f840) Line 5983 + 0x1a C++ gklayout.dll!nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03002b38, nsIFrame * aParentFrame=0x03098b88, nsIAtom * aTag=0x00a68468, int aNameSpaceID=0x00000009, nsStyleContext * aStyleContext=0x03098c80, nsFrameItems & aFrameItems={...}, int aXBLBaseTag=0x00000000) Line 7558 + 0x24 C++ gklayout.dll!nsCSSFrameConstructor::ConstructFrame(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00000000, nsIFrame * aParentFrame=0x03098ea0, nsFrameItems & aFrameItems={...}) Line 7451 C++ gklayout.dll!nsCSSFrameConstructor::ProcessChildren(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03093c20, nsIFrame * aFrame=0x03002b38, int aCanHaveGeneratedContent=0x00000000, nsFrameItems & aFrameItems={...}, int aParentIsBlock=0x00000000, nsTableCreator * aTableCreator=0x03002b38) Line 11703 + 0x25 C++ gklayout.dll!nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03093c20, nsIFrame * aParentFrame=0x03098860, nsIAtom * aTag=0x00a68468, int aNameSpaceID=0x00000001, nsStyleContext * aStyleContext=0x03098b3c, nsFrameItems & aFrameItems={...}, int aXBLBaseTag=0x00000000, int & aHaltProcessing=0x0012f840) Line 5983 + 0x1a C++ gklayout.dll!nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03093c20, nsIFrame * aParentFrame=0x03098860, nsIAtom * aTag=0x00a68468, int aNameSpaceID=0x00000009, nsStyleContext * aStyleContext=0x03098ad4, nsFrameItems & aFrameItems={...}, int aXBLBaseTag=0x00000000) Line 7558 + 0x24 C++ gklayout.dll!nsCSSFrameConstructor::ConstructFrame(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00000000, nsIFrame * aParentFrame=0x03098b3c, nsFrameItems & aFrameItems={...}) Line 7451 C++ gklayout.dll!nsCSSFrameConstructor::ProcessChildren(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x0300add0, nsIFrame * aFrame=0x03093c20, int aCanHaveGeneratedContent=0x00000000, nsFrameItems & aFrameItems={...}, int aParentIsBlock=0x00000000, nsTableCreator * aTableCreator=0x03093c20) Line 11703 + 0x25 C++ gklayout.dll!nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x0300add0, nsIFrame * aParentFrame=0x03081694, nsIAtom * aTag=0x00a68290, int aNameSpaceID=0x00000001, nsStyleContext * aStyleContext=0x0308a324, nsFrameItems & aFrameItems={...}, int aXBLBaseTag=0x00000000, int & aHaltProcessing=0x0012f840) Line 5983 + 0x1a C++ gklayout.dll!nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00a68290, nsIFrame * aParentFrame=0x03081694, nsIAtom * aTag=0x00a68290, int aNameSpaceID=0x00000009, nsStyleContext * aStyleContext=0x030818ac, nsFrameItems & aFrameItems={...}, int aXBLBaseTag=0x00000000) Line 7558 + 0x24 C++ gklayout.dll!nsCSSFrameConstructor::ConstructFrame(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00000000, nsIFrame * aParentFrame=0x030817b0, nsFrameItems & aFrameItems={...}) Line 7451 C++ gklayout.dll!nsCSSFrameConstructor::ProcessChildren(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x02ed5a78, nsIFrame * aFrame=0x0300add0, int aCanHaveGeneratedContent=0x00000000, nsFrameItems & aFrameItems={...}, int aParentIsBlock=0x00000000, nsTableCreator * aTableCreator=0x0300add0) Line 11703 + 0x25 C++ gklayout.dll!nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x02ed5a78, nsIFrame * aParentFrame=0x030815c0, nsIAtom * aTag=0x00a68470, int aNameSpaceID=0x00000001, nsStyleContext * aStyleContext=0x03081648, nsFrameItems & aFrameItems={...}, int aXBLBaseTag=0x00000000, int & aHaltProcessing=0x0012f840) Line 5983 + 0x1a C++ gklayout.dll!nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x02ed5a78, nsIFrame * aParentFrame=0x030815c0, nsIAtom * aTag=0x00a68470, int aNameSpaceID=0x00000009, nsStyleContext * aStyleContext=0x00000000, nsFrameItems & aFrameItems={...}, int aXBLBaseTag=0x00000000) Line 7558 + 0x24 C++ gklayout.dll!nsCSSFrameConstructor::ConstructFrame(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00000000, nsIFrame * aParentFrame=0x03081648, nsFrameItems & aFrameItems={...}) Line 7451 C++ gklayout.dll!nsCSSFrameConstructor::ProcessChildren(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x0300acc8, nsIFrame * aFrame=0x02ed5a78, int aCanHaveGeneratedContent=0x00000000, nsFrameItems & aFrameItems={...}, int aParentIsBlock=0x00000000, nsTableCreator * aTableCreator=0x02ed5a78) Line 11703 + 0x25 C++ gklayout.dll!nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x0300acc8, nsIFrame * aParentFrame=0x02fb4ce0, nsIAtom * aTag=0x00a682a8, int aNameSpaceID=0x00000001, nsStyleContext * aStyleContext=0x03081344, nsFrameItems & aFrameItems={...}, int aXBLBaseTag=0x00000000, int & aHaltProcessing=0x0012f840) Line 5983 + 0x1a C++ gklayout.dll!nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00a682a8, nsIFrame * aParentFrame=0x02fb4ce0, nsIAtom * aTag=0x00a682a8, int aNameSpaceID=0x00000009, nsStyleContext * aStyleContext=0x03081488, nsFrameItems & aFrameItems={...}, int aXBLBaseTag=0x00000000) Line 7558 + 0x24 C++ gklayout.dll!nsCSSFrameConstructor::ConstructFrame(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00000000, nsIFrame * aParentFrame=0x02fb56bc, nsFrameItems & aFrameItems={...}) Line 7451 C++ gklayout.dll!nsCSSFrameConstructor::ProcessChildren(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aContent=0x02fb7818, nsIFrame * aFrame=0x0300acc8, int aCanHaveGeneratedContent=0x00000001, nsFrameItems & aFrameItems={...}, int aParentIsBlock=0x00000000, nsTableCreator * aTableCreator=0x0300acc8) Line 11703 + 0x25 C++ gklayout.dll!nsCSSFrameConstructor::ConstructDocElementFrame(nsIPresShell * aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760, nsFrameConstructorState & aState={...}, nsIContent * aDocElement=0x02fb7818, nsIFrame * aParentFrame=0x02fb4b0c, nsIFrame * & aNewFrame=0x02fb4ce0) Line 4037 C++ gklayout.dll!nsCSSFrameConstructor::ContentInserted(nsPresContext * aPresContext=0x030ac280, nsIContent * aContainer=0x030ac280, nsIFrame * aContainerFrame=0x02639238, nsIContent * aChild=0x0012d488, int aIndexInContainer=0x00ae5b87, nsILayoutHistoryState * aFrameState=0x01d187c8, int aInReinsertContent=0x030b40a0) Line 8994 C++ gklayout.dll!PresShell::InitialReflow(int aWidth=0x00001a5e, int aHeight=0x00001a5e) Line 2721 C++ gklayout.dll!nsXULDocument::StartLayout() Line 2157 C++ gklayout.dll!nsXULDocument::ResumeWalk() Line 2978 C++ gklayout.dll!nsXULDocument::CachedChromeStreamListener::OnStopRequest(nsIRequest * request=0x03038bc0, nsISupports * aContext=0x00000000, unsigned int aStatus=0x00000000) Line 4119 + 0x8 C++ docshell.dll!nsDocumentOpenInfo::OnStopRequest(nsIRequest * request=0x03038bc0, nsISupports * aCtxt=0x00000000, unsigned int aStatus=0x00000000) Line 360 C++ chrome.dll!nsCachedChromeChannel::HandleStopLoadEvent(PLEvent * aEvent=0x02fb7630) Line 477 C++ xpcom_core.dll!PL_HandleEvent(PLEvent * self=0x02fb7630) Line 693 C xpcom_core.dll!PL_ProcessPendingEvents(PLEventQueue * self=0x00a40ef0) Line 627 + 0x6 C xpcom_core.dll!_md_EventReceiverProc(HWND__ * hwnd=0x0045013a, unsigned int uMsg=0x0000c19b, unsigned int wParam=0x00000000, long lParam=0x00a40ef0) Line 1434 C user32.dll!77d48709() user32.dll!77d487eb() user32.dll!77d70494() user32.dll!77d489a5() user32.dll!77d493df() user32.dll!77d70494() user32.dll!77d489e8() gkwidget.dll!nsAppShell::Run() Line 159 C++ appcomps.dll!nsAppStartup::Run() Line 216 C++ mozilla.exe!main1(int argc=0x00000002, char * * argv=0x002a4c10, nsISupports * nativeApp=0x64030a10) Line 1321 + 0x9 C++ mozilla.exe!main(int argc=0x00000002, char * * argv=0x002a4c10) Line 1813 + 0x13 C++ mozilla.exe!WinMain(HINSTANCE__ * __formal=0x00400000, HINSTANCE__ * __formal=0x00400000, char * args=0x0015231c, HINSTANCE__ * __formal=0x00400000) Line 1841 + 0x17 C++ mozilla.exe!WinMainCRTStartup() Line 390 + 0x1b C kernel32.dll!7c816d4f() kernel32.dll!7c8399f3() - obj 0x030a6ba0 {map=0x030a6ba8 {nrefs=0x00000000 ops=0x030a610d {newObjectMap=0x64030a10 destroyObjectMap=0x00030a60 lookupProperty=0xa0000000 ...} nslots=0x00000000 ...} slots=0x030a610c } JSObject * ||- map 0x030a6ba8 {nrefs=0x00000000 ops=0x030a610d {newObjectMap=0x64030a10 destroyObjectMap=0x00030a60 lookupProperty=0xa0000000 ...} nslots=0x00000000 ...} JSObjectMap * || nrefs 0x00000000 long ||- ops 0x030a610d {newObjectMap=0x64030a10 destroyObjectMap=0x00030a60 lookupProperty=0xa0000000 ...} JSObjectOps * ||| newObjectMap 0x64030a10 JSObjectMap * (JSContext *, long, JSObjectOps *, JSClass *, JSObject *)* ||| destroyObjectMap 0x00030a60 void (JSContext *, JSObjectMap *)* ||| lookupProperty 0xa0000000 int (JSContext *, JSObject *, long, JSObject * *, JSProperty * *)* ||| defineProperty 0x6501d856 int (JSContext *, JSObject *, long, long, int (JSContext *, JSObject *, long, long *)*, int (JSContext *, JSObject *, long, long *)*, unsigned int, JSProperty * *)* ||| getProperty 0x68020bbb int (JSContext *, JSObject *, long, long *)* ||| setProperty 0x60030a61 int (JSContext *, JSObject *, long, long *)* ||| getAttributes 0x00030a61 int (JSContext *, JSObject *, long, JSProperty *, unsigned int *)* ||| setAttributes 0x00000000 int (JSContext *, JSObject *, long, JSProperty *, unsigned int *)* ||| deleteProperty 0x00000000 int (JSContext *, JSObject *, long, long *)* ||| defaultValue 0x00000000 int (JSContext *, JSObject *, JSType, long *)* ||| enumerate 0x00000000 int (JSContext *, JSObject *, JSIterateOp, long *, long *)* ||| checkAccess 0xe4000000 int (JSContext *, JSObject *, long, JSAccessMode, long *, unsigned int *)* ||| thisObject 0x38030a60 JSObject * (JSContext *, JSObject *)* ||| dropProperty 0x0000a53e void (JSContext *, JSObject *, JSProperty *)* ||| call 0x01000000 int (JSContext *, JSObject *, unsigned int, long *, long *)* ||| construct 0x63800000 int (JSContext *, JSObject *, unsigned int, long *, long *)* ||| xdrObject 0x60020bbb int (JSXDRState *, JSObject * *)* ||| hasInstance 0x00020bbb int (JSContext *, JSObject *, long, int *)* ||| setProto 0x00000000 int (JSContext *, JSObject *, unsigned long, JSObject *)* ||| setParent 0x00000000 int (JSContext *, JSObject *, unsigned long, JSObject *)* ||| mark 0x0e000000 unsigned long (JSContext *, JSObject *, void *)* ||| clear 0x41000000 void (JSContext *, JSObject *)* ||| getRequiredSlot 0x00000015 long (JSContext *, JSObject *, unsigned long)* ||\ setRequiredSlot 0x00000000 int (JSContext *, JSObject *, unsigned long, long)* || nslots 0x00000000 unsigned long |\ freeslot 0x00000000 unsigned long \- slots 0x030a610c long * \ 0x030a1010 long
if one of you could r+sr, that'd be wonderful.
Attachment #178858 - Flags: superreview?(jst)
Attachment #178858 - Flags: review?(bzbarsky)
timeless: where did the last-ditch nest? We haven't got to nsEventReceiverSH::RegisterCompileHandler yet. It's worrisome that DOM JSClass.addProperty hooks may GC. The JS_DefineUCProperty substrate (js_DefineNativeProperty) does not protect value across the call-out to JSClass.addProperty. Perhaps that's the bug to patch here, but not with an ad-hoc global GC root. Recommend minus'ing patch for now. /be
Attached patch fixSplinter Review
This ought to do it. /be
Attachment #178858 - Attachment is obsolete: true
Attachment #178862 - Flags: review?(shaver)
Assignee: timeless → brendan
Status: UNCONFIRMED → NEW
Ever confirmed: true
Status: NEW → ASSIGNED
Component: XBL → JavaScript Engine
Keywords: js1.5
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.8beta2
OS: All → Windows XP
Priority: P1 → --
QA Contact: ian → general
Hardware: All → PC
Target Milestone: mozilla1.8beta2 → ---
Attachment #178858 - Flags: superreview?(jst)
Attachment #178858 - Flags: review?(bzbarsky)
OS: Windows XP → All
Hardware: PC → All
Comment on attachment 178862 [details] [diff] [review] fix r=shaver
Attachment #178862 - Flags: review?(shaver) → review+
Fixed, thanks. /be
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Flags: testcase-
Crash Signature: [@ 00000015 - js_GetSlotThreadSafe]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: