207323 - ASSERTION: nsJSEnvironment initialized more than once: '!gOldJSGCCallback' causes infinite recursion on shutdown

Status: RESOLVED INACTIVE

(Core :: DOM: Core & HTML, defect)

Description

[timeless]

I'm running w/ a modified version of dougt's XPCOM_CHECK_PENDING_CIDS where the
xpcom component manager is used to blacklist components which have been listed
as accessed as both services and components.

I decided to blacklist the script security manager (and two other things)
because it's being used as a component and service.

The blacklist patch will probably be checked in for people to see, but anyway
suffice it to say:

Any attempt ot create the security manager will return an error.

Tokenize Time: Real time 0:0:0.171, CP time 0.170
WARNING: Creation of "{7ee2a4c0-4b93-17d3-ba18-0060b0f199a2}" in progress
(Reentrant GS - see bug 194568), file
i:/build/mozilla/xpcom/components/nsComponentManager.cpp, line 1899
WARNING: NS_ENSURE_TRUE(securityManager) failed, file
i:/build/mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp,
line 1227
WEBSHELL+ = 1
WARNING: Creation of "{7ee2a4c0-4b93-17d3-ba18-0060b0f199a2}" in progress
(Reentrant GS - see bug 194568), file
i:/build/mozilla/xpcom/components/nsComponentManager.cpp, line 1899
WARNING: Creation of "{7ee2a4c0-4b93-17d3-ba18-0060b0f199a2}" in progress
(Reentrant GS - see bug 194568), file
i:/build/mozilla/xpcom/components/nsComponentManager.cpp, line 1899
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
i:/build/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1826
WARNING: NS_ENSURE_TRUE(mScriptContext) failed, file
i:/build/mozilla/docshell/base/nsDocShell.cpp, line 6795
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(EnsureScriptEnvironment())) failed, file
i:/build/mozilla/docshell/base/nsWebShell.cpp, line 318
WARNING: Creation of "{7ee2a4c0-4b93-17d3-ba18-0060b0f199a2}" in progress
(Reentrant GS - see bug 194568), file
i:/build/mozilla/xpcom/components/nsComponentManager.cpp, line 1899
###!!! ASSERTION: nsJSEnvironment initialized more than once:
'!gOldJSGCCallback', file i:/build/mozilla/dom/src/base/nsJSEnvironment.cpp,
line 1749
WARNING: Creation of "{7ee2a4c0-4b93-17d3-ba18-0060b0f199a2}" in progress
(Reentrant GS - see bug 194568), file
i:/build/mozilla/xpcom/components/nsComponentManager.cpp, line 1899
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
i:/build/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1826
WARNING: NS_ENSURE_TRUE(mScriptContext) failed, file
i:/build/mozilla/docshell/base/nsDocShell.cpp, line 6795
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(EnsureScriptEnvironment())) failed, file
i:/build/mozilla/docshell/base/nsWebShell.cpp, line 309
nsPluginHostImpl::Observe "xpcom-shutdown"

Then I crash with a stack overflow
Top of stack:
_MD_CURRENT_THREAD() line 279 + 6 bytes
PR_GetCurrentThread() line 172
DOMGCCallback(JSContext * 0x02ed0650, JSGCStatus JSGC_BEGIN) line 1712 + 12 bytes
DOMGCCallback(JSContext * 0x02ed0650, JSGCStatus JSGC_BEGIN) line 1714 + 23 bytes

static JSBool JS_DLL_CALLBACK
DOMGCCallback(JSContext *cx, JSGCStatus status)
{
  if (status == JSGC_BEGIN && PR_GetCurrentThread() != gDOMThread)
    return JS_FALSE;
  return gOldJSGCCallback ? gOldJSGCCallback(cx, status) : JS_TRUE;
}

gOldJSGCCallback == DOMGCCallback.

I'd like to change the code to tolerate this failure condition.

Comment 1

[timeless]

Attachment: proposed changes

Comment 2

[Johnny Stenback (:jst)]

Wouldn't the right thing to do here be to make the code not initialize the
nsJSEnvironment more than once, and make the nsJSEnvironment code throw an error
if it's initialized more than once?

Comment 3

[Johnny Stenback (:jst)]

Comment on attachment 124340 [details] [diff] [review]
proposed changes

IIRC, timeless agreed to attempt the above, so r- on this patch.

Comment 4

[Robert Kaiser]

jst, is this still relevant and should a patch be done? If so, it should get onto the list of someone working on it, not sure if timeless is really active these days. If not, let's resolve this bug some way so it gets off the "open crashers" list.