Closed
Bug 687929
Opened 13 years ago
Closed 13 years ago
null cx Crash [@ JS_BeginRequest ] with dom workers
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla11
People
(Reporter: bc, Assigned: bent.mozilla)
References
()
Details
(Keywords: crash, regression, reproducible, Whiteboard: [qa+][qa!:10])
Crash Data
Attachments
(1 file)
1.17 KB,
patch
|
sicking
:
review+
akeybl
:
approval-mozilla-aurora+
akeybl
:
approval-mozilla-beta-
|
Details | Diff | Splinter Review |
1. https://crypto.cat/?c=test 2. Shutdown 3. Crash Aurora/8, Nightly/9 - Windows, Mac, Linux - Debug at least. Beta does not crash. Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x000000fc 0x06d01633 in JS_BeginRequest (cx=0x0) at /work/mozilla/builds/nightly/mozilla/js/src/jsapi.cpp:899 899 cx->outstandingRequests++; (gdb) bt #0 0x06d01633 in JS_BeginRequest (cx=0x0) at /work/mozilla/builds/nightly/mozilla/js/src/jsapi.cpp:899 #1 0x066e3050 in JSAutoRequest::JSAutoRequest (this=0xbfffcffc, cx=0x0, _notifier=@0xbfffd008) at jsapi.h:794 #2 0x05bb6dbe in mozilla::dom::workers::RuntimeService::ResumeWorkersForWindow (this=0x27f1e5a0, aCx=0x0, aWindow=0x24d047f0) at /work/mozilla/builds/nightly/mozilla/dom/workers/RuntimeService.cpp:1064 #3 0x05bb6ea0 in mozilla::dom::workers::ResumeWorkersForWindow (aCx=0x0, aWindow=0x24d047f0) at /work/mozilla/builds/nightly/mozilla/dom/workers/RuntimeService.cpp:460
Almost certainly a regression from the workers rewrite.
Blocks: new-web-workers
Keywords: regressionwindow-wanted
Blocks: 687221
Assignee | ||
Comment 2•13 years ago
|
||
Full stack: mozjs.dll!JS_BeginRequest(JSContext * cx) xul.dll!JSAutoRequest::JSAutoRequest(JSContext * cx) xul.dll!mozilla::dom::workers::RuntimeService::ResumeWorkersForWindow(JSContext * aCx, nsPIDOMWindow * aWindow) xul.dll!mozilla::dom::workers::ResumeWorkersForWindow(JSContext * aCx, nsPIDOMWindow * aWindow) xul.dll!nsGlobalWindow::ResumeTimeouts(int aThawChildren) xul.dll!nsResumeTimeoutsEvent::Run() xul.dll!nsThread::ProcessNextEvent(int mayWait, int * result) ... xul.dll!XRE_main(int argc, char * * argv, const nsXREAppData * aAppData) This one is simple, just need to make sure ResumeWorkersForWindow can handle a null context. It's not really needed, but if we have one we need a request.
Comment 3•13 years ago
|
||
I hafve someone here who encountered this after upgrading to 8.0. Crash report: https://crash-stats.mozilla.com/report/index/bp-0eef12a6-2e84-49c5-949f-8a1102111119
Comment 4•13 years ago
|
||
In regards to comment #3, the user is reliably able to reproduce this on http://www.cuetools.net/wiki/Main_Page. When he opens a link in a new window, he gets this crash. Latest report: https://crash-stats.mozilla.com/report/index/bp-f23cf359-d6cf-4dc3-af1a-5d2ab2111122
Comment 5•13 years ago
|
||
The same person reports this crash still being present in Aurora for him. Latest report: https://crash-stats.mozilla.com/report/index/bp-ab204c45-08b7-4cb4-a2e0-864822111205. Requesting tracking to get this one on the radar.
Updated•13 years ago
|
Whiteboard: [qa+]
Assignee | ||
Comment 7•13 years ago
|
||
Simple.
Attachment #579934 -
Flags: review?(jonas) → review+
Assignee | ||
Comment 8•13 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/21aac86d6658
Comment 9•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/21aac86d6658
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla11
Comment 10•13 years ago
|
||
Ben, would it make sense to request that this be allowed to land on Aurora and possibly even Beta since it fixes a crash?
Assignee | ||
Comment 11•13 years ago
|
||
Comment on attachment 579934 [details] [diff] [review] Patch. v1 This patch is very simple (low risk) and fixes a reproducible crash currently being tracked for FF 9 and FF 10 (high reward).
Attachment #579934 -
Flags: approval-mozilla-beta?
Attachment #579934 -
Flags: approval-mozilla-aurora?
Comment 12•13 years ago
|
||
Comment on attachment 579934 [details] [diff] [review] Patch. v1 [Triage Comment] Minusing for beta because of how late we are in the cycle, but let's land this on aurora.
Attachment #579934 -
Flags: approval-mozilla-beta?
Attachment #579934 -
Flags: approval-mozilla-beta-
Attachment #579934 -
Flags: approval-mozilla-aurora?
Attachment #579934 -
Flags: approval-mozilla-aurora+
Assignee | ||
Comment 13•13 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/20ba8e63ed68
Comment 14•13 years ago
|
||
I see no crashes on Firefox 10b1: Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0 Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20100101 Firefox/10.0 Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/10.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0) Gecko/20100101 Firefox/10.0 ftp://ftp.mozilla.org/pub/firefox/nightly/2011/12/2011-12-28-mozilla-beta-debug/firefox-10.0.en-US.debug-mac.dmg ftp://ftp.mozilla.org/pub/firefox/nightly/2011/12/2011-12-28-mozilla-beta-debug/firefox-10.0.en-US.debug-linux-i686.tar.bz2 This is verified fixed on 10b1.
Whiteboard: [qa+] → [qa+][qa!:10]
Comment 15•13 years ago
|
||
(In reply to Paul Silaghi [QA] from comment #14) > This is verified fixed on 10b1. Don't forget to also set the status-firefox10 flag to verified.
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•