Closed
Bug 279289
Opened 20 years ago
Closed 19 years ago
xbl startup crash - unrooted evaluatestring last ditch gc'd ? [@ 00000015 - js_GetSlotThreadSafe]
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: brendan)
Details
(Keywords: crash, js1.5)
Crash Data
Attachments
(1 file, 1 obsolete file)
|
2.74 KB,
patch
|
shaver
:
review+
|
Details | Diff | Splinter Review |
Unhandled exception at 0x00000015 in mozilla.exe: 0xC0000005: Access violation
reading location 0x00000015.
EAX = 00000015 EBX = 016012F8 ECX = 64030A10 EDX = 02EE9A10 ESI = 030A6BA8 EDI =
030A6BA0 EIP = 00000015 ESP = 0012D3C8 EBP = 0012D3E8 EFL = 00000202
00000015()
js3250.dll!js_GetSlotThreadSafe(JSContext * cx=0x02ee9a10, JSObject *
obj=0x030a6ba0, unsigned long slot=0x00000002) Line 554 + 0x10 C
js3250.dll!JS_TypeOfValue(JSContext * cx=0x02ee9a10, long v=0x00000001) Line
615 + 0x37 C
gklayout.dll!nsEventReceiverSH::SetProperty(nsIXPConnectWrappedNative *
wrapper=0x030b40a0, JSContext * cx=0x02ee9a10, JSObject * obj=0x030a69a0, long
id=0x026b84f4, long * vp=0x0012d4cc, int * _retval=0x0012d484) Line 5193 + 0xe C++
gklayout.dll!nsNodeSH::AddProperty(nsIXPConnectWrappedNative *
wrapper=0x030b40a0, JSContext * cx=0x02ee9a10, JSObject * obj=0x030a69a0, long
id=0x026b84f4, long * vp=0x0012d4cc, int * _retval=0x0012d484) Line 5053 + 0x1a C++
> xpc3250.dll!XPC_WN_Helper_AddProperty(JSContext * cx=0x02ee9a10, JSObject *
obj=0x030a69a0, long idval=0x026b84f4, long * vp=0x0012d4cc) Line 796 C++
js3250.dll!js_DefineNativeProperty(JSContext * cx=0x02ee9a10, JSObject *
obj=0x030a69a0, long id=0x02a622e8, long value=0x030a6ba0, int (JSContext *,
JSObject *, long, long *)* getter=0x00b01ab0, int (JSContext *, JSObject *,
long, long *)* setter=0x00ae5c71, unsigned int attrs=0x00000001, unsigned int
flags=0x00000000, int shortid=0x00000000, JSProperty * * propp=0x00000000) Line
2255 + 0x33 C
js3250.dll!js_DefineProperty(JSContext * cx=0x02ee9a10, JSObject *
obj=0x030a69a0, long id=0x02a622e8, long value=0x030a6ba0, int (JSContext *,
JSObject *, long, long *)* getter=0x00000000, int (JSContext *, JSObject *,
long, long *)* setter=0x00000000, unsigned int attrs=0x00000001, JSProperty * *
propp=0x00000000) Line 2166 + 0x21 C
js3250.dll!DefineUCProperty(JSContext * cx=0x02ee9a10, JSObject *
obj=0x030a6ba0, const unsigned short * name=0x024d5d20, unsigned int
namelen=0x64030a10, long value=0x030a6ba0, int (JSContext *, JSObject *, long,
long *)* getter=0x00000000, int (JSContext *, JSObject *, long, long *)*
setter=0x00000000, unsigned int attrs=0x00000001, unsigned int flags=0x00000000,
int tinyid=0x00000000) Line 2292 + 0x1b C
js3250.dll!JS_DefineUCProperty(JSContext * cx=0x02ee9a10, JSObject *
obj=0x030a69a0, const unsigned short * name=0x024d5d20, unsigned int
namelen=0x0000000d, long value=0x030a6ba0, int (JSContext *, JSObject *, long,
long *)* getter=0x00000000, int (JSContext *, JSObject *, long, long *)*
setter=0x00000000, unsigned int attrs=0x00000001) Line 2637 + 0x22 C
gklayout.dll!nsXBLProtoImplField::InstallMember(nsIScriptContext *
aContext=0x00000000, nsIContent * aBoundElement=0x030ac278, void *
aScriptObject=0x030a69a0, void * aTargetClassObject=0x030a69b0, const nsCString
& aClassStr={...}) Line 134 + 0x1a C++
gklayout.dll!nsXBLProtoImpl::InstallImplementation(nsXBLPrototypeBinding *
aBinding=0x0286df80, nsIContent * aBoundElement=0x02ed7968) Line 84 + 0x12 C++
gklayout.dll!nsXBLPrototypeBinding::InstallImplementation(nsIContent *
aBoundElement=0x030ac278) Line 426 + 0xa C++
gklayout.dll!nsXBLBinding::InstallImplementation() Line 812 C++
gklayout.dll!nsXBLService::LoadBindings(nsIContent * aContent=0x030ac278,
nsIURI * aURL=0x01cc1dd0, int aAugmentFlag=0x00000000, nsIXBLBinding * *
aBinding=0x0012d6d0, int * aResolveStyle=0x0012d6a8) Line 634 C++
gklayout.dll!nsElementSH::PostCreate(nsIXPConnectWrappedNative *
wrapper=0x01c877e0, JSContext * cx=0x00000000, JSObject * obj=0x030ac278)
Line 5300 C++
xpc3250.dll!XPCWrappedNative::GetNewOrUsed(XPCCallContext & ccx={...},
nsISupports * Object=0x030a6630, XPCWrappedNativeScope * Scope=0x02ee9bc8,
XPCNativeInterface * Interface=0x01d13e90, XPCWrappedNative * *
resultWrapper=0x0012d794) Line 438 C++
xpc3250.dll!XPCConvert::NativeInterface2JSObject(XPCCallContext & ccx={...},
nsIXPConnectJSObjectHolder * * dest=0x0012d7dc, nsISupports * src=0x030ac280,
const nsID * iid=0x0012d914, JSObject * scope=0x02f362f0, unsigned int *
pErr=0x0012d960) Line 1062 + 0x11 C++
xpc3250.dll!XPCConvert::NativeData2JS(XPCCallContext & ccx={...}, long *
d=0x0012d974, const void * s=0x0012d828, const nsXPTType & type={...}, const
nsID * iid=0x0012d914, JSObject * scope=0x02f362f0, unsigned int *
pErr=0x0012d960) Line 463 + 0x1e C++
xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...},
XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2123 + 0x1b C++
xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x02ee9a10, JSObject *
obj=0x02f362f0, unsigned int argc=0x00000003, long * argv=0x01cd5fd4, long *
vp=0x0012da5c) Line 1287 + 0xa C++
js3250.dll!js_Invoke(JSContext * cx=0x00ae5b87, unsigned int argc=0x01d187c8,
unsigned int flags=0x030b40a0) Line 1293 + 0x11 C
js3250.dll!js_Interpret(JSContext * cx=0x01d187c8, long * result=0x030b40a0)
Line 3627 C
js3250.dll!js_Execute(JSContext * cx=0x00a53e38, JSObject * chain=0x030a65c0,
JSScript * script=0x030acd60, JSStackFrame * down=0x00000000, unsigned int
flags=0x00000000, long * result=0x0012dcdc) Line 1526 C
js3250.dll!JS_EvaluateUCScriptForPrincipals(JSContext * cx=0x02ee9a10,
JSObject * obj=0x030a65c0, JSPrincipals * principals=0x009ef724, const unsigned
short * chars=0x024e1b88, unsigned int length=0x00000054, const char *
filename=0x0012dd3c, unsigned int lineno=0x0000054c, long * rval=0x0012dcdc)
Line 3702 + 0xf C
gklayout.dll!nsJSContext::EvaluateStringWithValue(const nsAString &
aScript={...}, void * aScopeObject=0x030a65c0, nsIPrincipal *
aPrincipal=0xffffffff, const char * aURL=0x0012dd3c, unsigned int
aLineNo=0x0000054c, const char * aVersion=0x00000000, void *
aRetValue=0x0012dd98, int * aIsUndefined=0x0012dd90) Line 815 + 0x36 C++
gklayout.dll!nsXBLProtoImplField::InstallMember(nsIScriptContext *
aContext=0x02ed7968, nsIContent * aBoundElement=0x030a5ce0, void *
aScriptObject=0x030a65c0, void * aTargetClassObject=0x030a65d0, const nsCString
& aClassStr={...}) Line 126 + 0x30 C++
gklayout.dll!nsXBLProtoImpl::InstallImplementation(nsXBLPrototypeBinding *
aBinding=0x0292d908, nsIContent * aBoundElement=0x02ed7968) Line 84 + 0x12 C++
gklayout.dll!nsXBLPrototypeBinding::InstallImplementation(nsIContent *
aBoundElement=0x030a5ce0) Line 426 + 0xa C++
gklayout.dll!nsXBLBinding::InstallImplementation() Line 812 C++
gklayout.dll!nsXBLBinding::InstallImplementation() Line 809 C++
gklayout.dll!nsXBLService::LoadBindings(nsIContent * aContent=0x030a5ce0,
nsIURI * aURL=0x028fb7f8, int aAugmentFlag=0x00000000, nsIXBLBinding * *
aBinding=0x0012de90, int * aResolveStyle=0x0012de68) Line 634 C++
gklayout.dll!nsElementSH::PostCreate(nsIXPConnectWrappedNative *
wrapper=0x01c877e0, JSContext * cx=0x00000000, JSObject * obj=0x030a5ce0)
Line 5300 C++
xpc3250.dll!XPCWrappedNative::GetNewOrUsed(XPCCallContext & ccx={...},
nsISupports * Object=0x030a65b8, XPCWrappedNativeScope * Scope=0x02ee9bc8,
XPCNativeInterface * Interface=0x01d13e90, XPCWrappedNative * *
resultWrapper=0x0012df54) Line 438 C++
xpc3250.dll!XPCConvert::NativeInterface2JSObject(XPCCallContext & ccx={...},
nsIXPConnectJSObjectHolder * * dest=0x0012df9c, nsISupports * src=0x030a5ce8,
const nsID * iid=0x0012e0d4, JSObject * scope=0x02f362f0, unsigned int *
pErr=0x0012e120) Line 1062 + 0x11 C++
xpc3250.dll!XPCConvert::NativeData2JS(XPCCallContext & ccx={...}, long *
d=0x0012e134, const void * s=0x0012dfe8, const nsXPTType & type={...}, const
nsID * iid=0x0012e0d4, JSObject * scope=0x02f362f0, unsigned int *
pErr=0x0012e120) Line 463 + 0x1e C++
xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...},
XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2123 + 0x1b C++
xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x02ee9a10, JSObject *
obj=0x02f362f0, unsigned int argc=0x00000003, long * argv=0x01cd5fd4, long *
vp=0x0012e21c) Line 1287 + 0xa C++
js3250.dll!js_Invoke(JSContext * cx=0x00ae5b87, unsigned int argc=0x01d187c8,
unsigned int flags=0x030b40a0) Line 1293 + 0x11 C
js3250.dll!js_Interpret(JSContext * cx=0x01d187c8, long * result=0x030b40a0)
Line 3627 C
js3250.dll!js_Execute(JSContext * cx=0x00a53e38, JSObject * chain=0x02ff1638,
JSScript * script=0x0295ff78, JSStackFrame * down=0x00000000, unsigned int
flags=0x00000000, long * result=0x0012e49c) Line 1526 C
js3250.dll!JS_EvaluateUCScriptForPrincipals(JSContext * cx=0x02ee9a10,
JSObject * obj=0x02ff1638, JSPrincipals * principals=0x009ef724, const unsigned
short * chars=0x02a2a7d8, unsigned int length=0x00000091, const char *
filename=0x0012e4fc, unsigned int lineno=0x000000e9, long * rval=0x0012e49c)
Line 3702 + 0xf C
gklayout.dll!nsJSContext::EvaluateStringWithValue(const nsAString &
aScript={...}, void * aScopeObject=0x02ff1638, nsIPrincipal *
aPrincipal=0xffffffff, const char * aURL=0x0012e4fc, unsigned int
aLineNo=0x000000e9, const char * aVersion=0x00000000, void *
aRetValue=0x0012e558, int * aIsUndefined=0x0012e550) Line 815 + 0x36 C++
gklayout.dll!nsXBLProtoImplField::InstallMember(nsIScriptContext *
aContext=0x02ed7968, nsIContent * aBoundElement=0x03002ce8, void *
aScriptObject=0x02ff1638, void * aTargetClassObject=0x02ff1760, const nsCString
& aClassStr={...}) Line 126 + 0x30 C++
gklayout.dll!nsXBLProtoImpl::InstallImplementation(nsXBLPrototypeBinding *
aBinding=0x0299a4b0, nsIContent * aBoundElement=0x02ed7968) Line 84 + 0x12 C++
gklayout.dll!nsXBLPrototypeBinding::InstallImplementation(nsIContent *
aBoundElement=0x03002ce8) Line 426 + 0xa C++
gklayout.dll!nsXBLBinding::InstallImplementation() Line 812 C++
gklayout.dll!nsXBLBinding::InstallImplementation() Line 809 C++
gklayout.dll!nsXBLService::LoadBindings(nsIContent * aContent=0x03002ce8,
nsIURI * aURL=0x027d1318, int aAugmentFlag=0x00000000, nsIXBLBinding * *
aBinding=0x0012e618, int * aResolveStyle=0x0012e624) Line 634 C++
gklayout.dll!nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03002ce8,
nsIFrame * aParentFrame=0x030a0964, nsIAtom * aTag=0x00a68628, int
aNameSpaceID=0x00000009, nsStyleContext * aStyleContext=0x030a0b84, nsFrameItems
& aFrameItems={...}, int aXBLBaseTag=0x00000000) Line 7494 C++
gklayout.dll!nsCSSFrameConstructor::ConstructFrame(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00000000,
nsIFrame * aParentFrame=0x030a0b84, nsFrameItems & aFrameItems={...}) Line 7451 C++
gklayout.dll!nsCSSFrameConstructor::ProcessChildren(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03002b38,
nsIFrame * aFrame=0x03002ce8, int aCanHaveGeneratedContent=0x00000000,
nsFrameItems & aFrameItems={...}, int aParentIsBlock=0x00000000, nsTableCreator
* aTableCreator=0x03002ce8) Line 11703 + 0x25 C++
gklayout.dll!nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03002b38,
nsIFrame * aParentFrame=0x03098b88, nsIAtom * aTag=0x00a68468, int
aNameSpaceID=0x00000001, nsStyleContext * aStyleContext=0x03098ea0, nsFrameItems
& aFrameItems={...}, int aXBLBaseTag=0x00000000, int &
aHaltProcessing=0x0012f840) Line 5983 + 0x1a C++
gklayout.dll!nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03002b38,
nsIFrame * aParentFrame=0x03098b88, nsIAtom * aTag=0x00a68468, int
aNameSpaceID=0x00000009, nsStyleContext * aStyleContext=0x03098c80, nsFrameItems
& aFrameItems={...}, int aXBLBaseTag=0x00000000) Line 7558 + 0x24 C++
gklayout.dll!nsCSSFrameConstructor::ConstructFrame(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00000000,
nsIFrame * aParentFrame=0x03098ea0, nsFrameItems & aFrameItems={...}) Line 7451 C++
gklayout.dll!nsCSSFrameConstructor::ProcessChildren(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03093c20,
nsIFrame * aFrame=0x03002b38, int aCanHaveGeneratedContent=0x00000000,
nsFrameItems & aFrameItems={...}, int aParentIsBlock=0x00000000, nsTableCreator
* aTableCreator=0x03002b38) Line 11703 + 0x25 C++
gklayout.dll!nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03093c20,
nsIFrame * aParentFrame=0x03098860, nsIAtom * aTag=0x00a68468, int
aNameSpaceID=0x00000001, nsStyleContext * aStyleContext=0x03098b3c, nsFrameItems
& aFrameItems={...}, int aXBLBaseTag=0x00000000, int &
aHaltProcessing=0x0012f840) Line 5983 + 0x1a C++
gklayout.dll!nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x03093c20,
nsIFrame * aParentFrame=0x03098860, nsIAtom * aTag=0x00a68468, int
aNameSpaceID=0x00000009, nsStyleContext * aStyleContext=0x03098ad4, nsFrameItems
& aFrameItems={...}, int aXBLBaseTag=0x00000000) Line 7558 + 0x24 C++
gklayout.dll!nsCSSFrameConstructor::ConstructFrame(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00000000,
nsIFrame * aParentFrame=0x03098b3c, nsFrameItems & aFrameItems={...}) Line 7451 C++
gklayout.dll!nsCSSFrameConstructor::ProcessChildren(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x0300add0,
nsIFrame * aFrame=0x03093c20, int aCanHaveGeneratedContent=0x00000000,
nsFrameItems & aFrameItems={...}, int aParentIsBlock=0x00000000, nsTableCreator
* aTableCreator=0x03093c20) Line 11703 + 0x25 C++
gklayout.dll!nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x0300add0,
nsIFrame * aParentFrame=0x03081694, nsIAtom * aTag=0x00a68290, int
aNameSpaceID=0x00000001, nsStyleContext * aStyleContext=0x0308a324, nsFrameItems
& aFrameItems={...}, int aXBLBaseTag=0x00000000, int &
aHaltProcessing=0x0012f840) Line 5983 + 0x1a C++
gklayout.dll!nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00a68290,
nsIFrame * aParentFrame=0x03081694, nsIAtom * aTag=0x00a68290, int
aNameSpaceID=0x00000009, nsStyleContext * aStyleContext=0x030818ac, nsFrameItems
& aFrameItems={...}, int aXBLBaseTag=0x00000000) Line 7558 + 0x24 C++
gklayout.dll!nsCSSFrameConstructor::ConstructFrame(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00000000,
nsIFrame * aParentFrame=0x030817b0, nsFrameItems & aFrameItems={...}) Line 7451 C++
gklayout.dll!nsCSSFrameConstructor::ProcessChildren(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x02ed5a78,
nsIFrame * aFrame=0x0300add0, int aCanHaveGeneratedContent=0x00000000,
nsFrameItems & aFrameItems={...}, int aParentIsBlock=0x00000000, nsTableCreator
* aTableCreator=0x0300add0) Line 11703 + 0x25 C++
gklayout.dll!nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x02ed5a78,
nsIFrame * aParentFrame=0x030815c0, nsIAtom * aTag=0x00a68470, int
aNameSpaceID=0x00000001, nsStyleContext * aStyleContext=0x03081648, nsFrameItems
& aFrameItems={...}, int aXBLBaseTag=0x00000000, int &
aHaltProcessing=0x0012f840) Line 5983 + 0x1a C++
gklayout.dll!nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x02ed5a78,
nsIFrame * aParentFrame=0x030815c0, nsIAtom * aTag=0x00a68470, int
aNameSpaceID=0x00000009, nsStyleContext * aStyleContext=0x00000000, nsFrameItems
& aFrameItems={...}, int aXBLBaseTag=0x00000000) Line 7558 + 0x24 C++
gklayout.dll!nsCSSFrameConstructor::ConstructFrame(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00000000,
nsIFrame * aParentFrame=0x03081648, nsFrameItems & aFrameItems={...}) Line 7451 C++
gklayout.dll!nsCSSFrameConstructor::ProcessChildren(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x0300acc8,
nsIFrame * aFrame=0x02ed5a78, int aCanHaveGeneratedContent=0x00000000,
nsFrameItems & aFrameItems={...}, int aParentIsBlock=0x00000000, nsTableCreator
* aTableCreator=0x02ed5a78) Line 11703 + 0x25 C++
gklayout.dll!nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x0300acc8,
nsIFrame * aParentFrame=0x02fb4ce0, nsIAtom * aTag=0x00a682a8, int
aNameSpaceID=0x00000001, nsStyleContext * aStyleContext=0x03081344, nsFrameItems
& aFrameItems={...}, int aXBLBaseTag=0x00000000, int &
aHaltProcessing=0x0012f840) Line 5983 + 0x1a C++
gklayout.dll!nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00a682a8,
nsIFrame * aParentFrame=0x02fb4ce0, nsIAtom * aTag=0x00a682a8, int
aNameSpaceID=0x00000009, nsStyleContext * aStyleContext=0x03081488, nsFrameItems
& aFrameItems={...}, int aXBLBaseTag=0x00000000) Line 7558 + 0x24 C++
gklayout.dll!nsCSSFrameConstructor::ConstructFrame(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x00000000,
nsIFrame * aParentFrame=0x02fb56bc, nsFrameItems & aFrameItems={...}) Line 7451 C++
gklayout.dll!nsCSSFrameConstructor::ProcessChildren(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aContent=0x02fb7818,
nsIFrame * aFrame=0x0300acc8, int aCanHaveGeneratedContent=0x00000001,
nsFrameItems & aFrameItems={...}, int aParentIsBlock=0x00000000, nsTableCreator
* aTableCreator=0x0300acc8) Line 11703 + 0x25 C++
gklayout.dll!nsCSSFrameConstructor::ConstructDocElementFrame(nsIPresShell *
aPresShell=0x02623898, nsPresContext * aPresContext=0x02ef8760,
nsFrameConstructorState & aState={...}, nsIContent * aDocElement=0x02fb7818,
nsIFrame * aParentFrame=0x02fb4b0c, nsIFrame * & aNewFrame=0x02fb4ce0) Line
4037 C++
gklayout.dll!nsCSSFrameConstructor::ContentInserted(nsPresContext *
aPresContext=0x030ac280, nsIContent * aContainer=0x030ac280, nsIFrame *
aContainerFrame=0x02639238, nsIContent * aChild=0x0012d488, int
aIndexInContainer=0x00ae5b87, nsILayoutHistoryState * aFrameState=0x01d187c8,
int aInReinsertContent=0x030b40a0) Line 8994 C++
gklayout.dll!PresShell::InitialReflow(int aWidth=0x00001a5e, int
aHeight=0x00001a5e) Line 2721 C++
gklayout.dll!nsXULDocument::StartLayout() Line 2157 C++
gklayout.dll!nsXULDocument::ResumeWalk() Line 2978 C++
gklayout.dll!nsXULDocument::CachedChromeStreamListener::OnStopRequest(nsIRequest
* request=0x03038bc0, nsISupports * aContext=0x00000000, unsigned int
aStatus=0x00000000) Line 4119 + 0x8 C++
docshell.dll!nsDocumentOpenInfo::OnStopRequest(nsIRequest *
request=0x03038bc0, nsISupports * aCtxt=0x00000000, unsigned int
aStatus=0x00000000) Line 360 C++
chrome.dll!nsCachedChromeChannel::HandleStopLoadEvent(PLEvent *
aEvent=0x02fb7630) Line 477 C++
xpcom_core.dll!PL_HandleEvent(PLEvent * self=0x02fb7630) Line 693 C
xpcom_core.dll!PL_ProcessPendingEvents(PLEventQueue * self=0x00a40ef0) Line
627 + 0x6 C
xpcom_core.dll!_md_EventReceiverProc(HWND__ * hwnd=0x0045013a, unsigned int
uMsg=0x0000c19b, unsigned int wParam=0x00000000, long lParam=0x00a40ef0) Line
1434 C
user32.dll!77d48709()
user32.dll!77d487eb()
user32.dll!77d70494()
user32.dll!77d489a5()
user32.dll!77d493df()
user32.dll!77d70494()
user32.dll!77d489e8()
gkwidget.dll!nsAppShell::Run() Line 159 C++
appcomps.dll!nsAppStartup::Run() Line 216 C++
mozilla.exe!main1(int argc=0x00000002, char * * argv=0x002a4c10, nsISupports *
nativeApp=0x64030a10) Line 1321 + 0x9 C++
mozilla.exe!main(int argc=0x00000002, char * * argv=0x002a4c10) Line 1813 +
0x13 C++
mozilla.exe!WinMain(HINSTANCE__ * __formal=0x00400000, HINSTANCE__ *
__formal=0x00400000, char * args=0x0015231c, HINSTANCE__ * __formal=0x00400000)
Line 1841 + 0x17 C++
mozilla.exe!WinMainCRTStartup() Line 390 + 0x1b C
kernel32.dll!7c816d4f()
kernel32.dll!7c8399f3()
- obj 0x030a6ba0 {map=0x030a6ba8 {nrefs=0x00000000 ops=0x030a610d
{newObjectMap=0x64030a10 destroyObjectMap=0x00030a60 lookupProperty=0xa0000000
...} nslots=0x00000000 ...} slots=0x030a610c } JSObject *
||- map 0x030a6ba8 {nrefs=0x00000000 ops=0x030a610d {newObjectMap=0x64030a10
destroyObjectMap=0x00030a60 lookupProperty=0xa0000000 ...} nslots=0x00000000
...} JSObjectMap *
|| nrefs 0x00000000 long
||- ops 0x030a610d {newObjectMap=0x64030a10 destroyObjectMap=0x00030a60
lookupProperty=0xa0000000 ...} JSObjectOps *
||| newObjectMap 0x64030a10 JSObjectMap * (JSContext *, long, JSObjectOps *,
JSClass *, JSObject *)*
||| destroyObjectMap 0x00030a60 void (JSContext *, JSObjectMap *)*
||| lookupProperty 0xa0000000 int (JSContext *, JSObject *, long, JSObject * *,
JSProperty * *)*
||| defineProperty 0x6501d856 int (JSContext *, JSObject *, long, long, int
(JSContext *, JSObject *, long, long *)*, int (JSContext *, JSObject *, long,
long *)*, unsigned int, JSProperty * *)*
||| getProperty 0x68020bbb int (JSContext *, JSObject *, long, long *)*
||| setProperty 0x60030a61 int (JSContext *, JSObject *, long, long *)*
||| getAttributes 0x00030a61 int (JSContext *, JSObject *, long, JSProperty *,
unsigned int *)*
||| setAttributes 0x00000000 int (JSContext *, JSObject *, long, JSProperty *,
unsigned int *)*
||| deleteProperty 0x00000000 int (JSContext *, JSObject *, long, long *)*
||| defaultValue 0x00000000 int (JSContext *, JSObject *, JSType, long *)*
||| enumerate 0x00000000 int (JSContext *, JSObject *, JSIterateOp, long *, long *)*
||| checkAccess 0xe4000000 int (JSContext *, JSObject *, long, JSAccessMode,
long *, unsigned int *)*
||| thisObject 0x38030a60 JSObject * (JSContext *, JSObject *)*
||| dropProperty 0x0000a53e void (JSContext *, JSObject *, JSProperty *)*
||| call 0x01000000 int (JSContext *, JSObject *, unsigned int, long *, long *)*
||| construct 0x63800000 int (JSContext *, JSObject *, unsigned int, long *,
long *)*
||| xdrObject 0x60020bbb int (JSXDRState *, JSObject * *)*
||| hasInstance 0x00020bbb int (JSContext *, JSObject *, long, int *)*
||| setProto 0x00000000 int (JSContext *, JSObject *, unsigned long, JSObject *)*
||| setParent 0x00000000 int (JSContext *, JSObject *, unsigned long, JSObject *)*
||| mark 0x0e000000 unsigned long (JSContext *, JSObject *, void *)*
||| clear 0x41000000 void (JSContext *, JSObject *)*
||| getRequiredSlot 0x00000015 long (JSContext *, JSObject *, unsigned long)*
||\ setRequiredSlot 0x00000000 int (JSContext *, JSObject *, unsigned long, long)*
|| nslots 0x00000000 unsigned long
|\ freeslot 0x00000000 unsigned long
\- slots 0x030a610c long *
\ 0x030a1010 long
if one of you could r+sr, that'd be wonderful.
Attachment #178858 -
Flags: superreview?(jst)
Attachment #178858 -
Flags: review?(bzbarsky)
|
Assignee | |
Comment 2•19 years ago
|
||
timeless: where did the last-ditch nest? We haven't got to nsEventReceiverSH::RegisterCompileHandler yet. It's worrisome that DOM JSClass.addProperty hooks may GC. The JS_DefineUCProperty substrate (js_DefineNativeProperty) does not protect value across the call-out to JSClass.addProperty. Perhaps that's the bug to patch here, but not with an ad-hoc global GC root. Recommend minus'ing patch for now. /be
|
|
Assignee | |
Comment 3•19 years ago
|
||
This ought to do it. /be
Attachment #178858 -
Attachment is obsolete: true
Attachment #178862 -
Flags: review?(shaver)
|
|
Assignee | |
Updated•19 years ago
|
Assignee: timeless → brendan
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
Assignee | |
Updated•19 years ago
|
Status: NEW → ASSIGNED
Component: XBL → JavaScript Engine
Keywords: js1.5
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.8beta2
OS: All → Windows XP
Priority: P1 → --
QA Contact: ian → general
Hardware: All → PC
Target Milestone: mozilla1.8beta2 → ---
Attachment #178858 -
Flags: superreview?(jst)
Attachment #178858 -
Flags: review?(bzbarsky)
Comment on attachment 178862 [details] [diff] [review] fix r=shaver
Attachment #178862 -
Flags: review?(shaver) → review+
|
|
Assignee | |
Comment 5•19 years ago
|
||
Fixed, thanks. /be
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
||
Updated•19 years ago
|
Flags: testcase-
|
||
Updated•13 years ago
|
Crash Signature: [@ 00000015 - js_GetSlotThreadSafe]
You need to log in
before you can comment on or make changes to this bug.
Description
•