Closed
Bug 656354
Opened 13 years ago
Closed 13 years ago
Firefox 6.0a1 Crash Report [@ nsDocShell::SetDocCurrentStateObj(nsISHEntry*) ] [@ nsDocShell::SetDocCurrentStateObj ] (null pointer dereference)
Categories
(Core :: DOM: Navigation, defect)
Tracking
()
VERIFIED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox6 | - | --- |
People
(Reporter: marcia, Assigned: justin.lebar+bug)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
1.24 KB,
patch
|
sicking
:
review+
|
Details | Diff | Splinter Review |
Seen while reviewing trunk crash stats. Started showing up in Socorro using the 2011051000 build. 100 crashes yesterday. Possible pushlog regression range: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=9e31df64bfd7&tochange=e0f6db50231f Possibly Bug 551225 made some changes? https://crash-stats.mozilla.com/report/index/b06f9a35-946e-41a4-a4f1-e26b52110511 Frame Module Signature [Expand] Source 0 xul.dll nsDocShell::SetDocCurrentStateObj docshell/base/nsDocShell.cpp:7750 1 xul.dll nsDocShell::InternalLoad 2 xul.dll NS_URIChainHasFlags obj-firefox/dist/include/nsNetUtil.h:1559 3 xul.dll LeaveFunction js/src/jsparse.cpp:2841 4 xul.dll xul.dll@0x468df 5 xul.dll xul.dll@0xc951f 6 xul.dll xul.dll@0x3da9df 7 xul.dll xul.dll@0xce76f 8 xul.dll NS_EscapeURL xpcom/io/nsEscape.cpp:476 9 xul.dll xul.dll@0x51a6f 10 mozcrt19.dll arena_dalloc_small obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:4045 11 xul.dll xul.dll@0x203a5f 12 xul.dll nsTHashtable<nsBaseHashtableET<nsCStringHashKey,nsFactoryEntry*> >::s_MatchEntry obj-firefox/dist/include/nsTHashtable.h:375 13 xul.dll nsComponentManagerImpl::GetServiceByContractID xpcom/components/nsComponentManager.cpp:1648 14 xul.dll nsDocShell::QueryInterface docshell/base/nsDocShell.cpp:864 15 xul.dll nsCOMPtr_base::assign_from_qi obj-firefox/xpcom/build/nsCOMPtr.cpp:98 16 xul.dll nsDocShell::LoadURI docshell/base/nsDocShell.cpp:1424
|
Assignee | |
Updated•13 years ago
|
Summary: Firefox 6.0a1 Crash Report [@ nsDocShell::SetDocCurrentStateObj(nsISHEntry*) ] → Firefox 6.0a1 Crash Report [@ nsDocShell::SetDocCurrentStateObj(nsISHEntry*) ] (null pointer dereference)
|
|
Assignee | |
Comment 1•13 years ago
|
||
> Possibly Bug 551225 made some changes?
Ouch. Yes, I think I messed this up.|
|
Assignee | |
Updated•13 years ago
|
Assignee: nobody → justin.lebar+bug
|
|
Assignee | |
Comment 2•13 years ago
|
||
For reference, here's nsDocShell::SetDocCurrentStateObj before the patch in bug 551225. Note that shEntry may be null! nsresult nsDocShell::SetDocCurrentStateObj(nsISHEntry *shEntry) { nsresult rv; nsCOMPtr<nsIDocument> document = do_GetInterface(GetAsSupports(this)); NS_ENSURE_TRUE(document, NS_ERROR_FAILURE); nsAutoString stateData; if (shEntry) { rv = shEntry->GetStateData(stateData); NS_ENSURE_SUCCESS(rv, rv); // if shEntry is null, we just set the pending state object to the // empty string. } document->SetCurrentStateObject(stateData); return NS_OK; }
|
Reporter | |
Updated•13 years ago
|
tracking-firefox6:
--- → ?
Keywords: regression
|
|
Assignee | |
Comment 3•13 years ago
|
||
Attachment #531673 -
Flags: review?(jonas)
|
|
Assignee | |
Comment 4•13 years ago
|
||
Not sure how the tracking-firefox6 flag got cleared, but setting it to "?" again.
|
||
Comment 5•13 years ago
|
||
I hit this often when using F1.
|
|
Reporter | |
Comment 6•13 years ago
|
||
Adding the Mac specific sig so it gets picked up in crash stats - [@ nsDocShell::SetDocCurrentStateObj ]
Summary: Firefox 6.0a1 Crash Report [@ nsDocShell::SetDocCurrentStateObj(nsISHEntry*) ] (null pointer dereference) → Firefox 6.0a1 Crash Report [@ nsDocShell::SetDocCurrentStateObj(nsISHEntry*) ] [@ nsDocShell::SetDocCurrentStateObj ] (null pointer dereference)
|
||
Comment 8•13 years ago
|
||
As a note, this has been the #1 crash on trunk for multiple days in a row now.
|
|
Assignee | |
Comment 9•13 years ago
|
||
Jonas, review ping.
Attachment #531673 -
Flags: review?(jonas) → review+
|
|
Assignee | |
Comment 10•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/d124391343a0
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 11•13 years ago
|
||
Checking crash stats, this looks good for Windows and Mac signatures as they seem to have fallen off since the 17th. There are a few Linux reports such as https://crash-stats.mozilla.com/report/index/b75ff76b-8c8f-45a8-b96d-e61e22110522 which have a build ID=20110520033417. That person is running with a number of extensions.
|
|
Assignee | |
Comment 12•13 years ago
|
||
Not totally sure how to read the crashstats page, but that person appears to be running a TM nightly, and the link in the backtrace [1] doesn't have the fix. [1] https://crash-stats.mozilla.com/report/index/b75ff76b-8c8f-45a8-b96d-e61e22110522
|
|
Reporter | |
Comment 13•13 years ago
|
||
Sorry, I missed the nightly-tracemonkey part in the report and was just looking at the Build ID. I think we can verify this fixed based on crash-stats. Thanks for the quick turnaround on the fix. (In reply to comment #12) > Not totally sure how to read the crashstats page, but that person appears to > be running a TM nightly, and the link in the backtrace [1] doesn't have the > fix. > > [1] > https://crash-stats.mozilla.com/report/index/b75ff76b-8c8f-45a8-b96d- > e61e22110522
Status: RESOLVED → VERIFIED
|
||
Updated•13 years ago
|
Crash Signature: [@ nsDocShell::SetDocCurrentStateObj(nsISHEntry*) ]
[@ nsDocShell::SetDocCurrentStateObj ]
You need to log in
before you can comment on or make changes to this bug.
Description
•