Closed Bug 1031230 Opened 10 years ago Closed 10 years ago

Change usage of AutoJSAPI in |DispatchAttributeEvent| for bug 951991

Categories

(Firefox OS Graveyard :: Bluetooth, defect)

Product:
Firefox OS Graveyard
Component:
Bluetooth
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
2.0 S5 (4july)

People

(Reporter: ben.tian, Assigned: ben.tian)

References

Details

(Whiteboard: [webbt-api])

Attachments

(1 file)

Patch: Change usage of AutoJSAPI in |DispatchAttributeEvent| for bug 951991
1.01 KB, patch
shawnjohnjr
: review+
Details | Diff | Splinter Review 
Bug 951991 that revised AutoJSAPI usage results in crash in |BluetoothAdapter::DistributeAttributeEvent|. Fix the crash according to bug 1029866 fix.
Assignee: nobody → btian
Whiteboard: [webbt-api]
Summary: Change usage of AutoJSAPI in bluetooth2/BluetoothAdapter for bug 951991 → Change usage of AutoJSAPI in |DispatchAttributeEvent| for bug 951991
I'm not familiar with AutoJSAPI usage, but according to bug 1029866, this seems correct.
Comment on attachment 8447058 [details] [diff] [review]
Patch: Change usage of AutoJSAPI in |DispatchAttributeEvent| for bug 951991

Review of attachment 8447058 [details] [diff] [review]:
-----------------------------------------------------------------

I suggested you can leave comments on this bug with crash backtrace, so we can learn the pattern.
Attachment #8447058 - Flags: review?(shuang) → review+
The crash happens in

BluetoothAdapter::DispatchAttributeEvent(const nsTArray<nsString>& aTypes)
{
  NS_ENSURE_TRUE_VOID(aTypes.Length());

  AutoJSAPI jsapi;
  JSContext* cx = jsapi.cx();      =====> THIS LINE CAUSES CRASH.
  nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(GetOwner());

--
Crash backtrace for reference:

#0  mozilla::dom::bluetooth::BluetoothAdapter::DispatchAttributeEvent (this=0xb2db2080, aTypes=...) at ../../../gecko/dom/bluetooth2/BluetoothAdapter.cpp:861
#1  0xb5d05bca in mozilla::dom::bluetooth::BluetoothAdapter::EnableDisable (this=0xb2db2080, aEnable=<optimized out>, aRv=<optimized out>) at ../../../gecko/dom/bluetooth2/BluetoothAdapter.cpp:753
#2  0xb5d05cb6 in mozilla::dom::bluetooth::BluetoothAdapter::Enable (this=0xb2db2080, aRv=...) at ../../../gecko/dom/bluetooth2/BluetoothAdapter.cpp:771
#3  0xb5932b72 in enable (args=..., self=0xb2db2080, obj=<optimized out>, cx=0xb3f5eb00) at BluetoothAdapter2Binding.cpp:1629
#4  mozilla::dom::BluetoothAdapterBinding::enable_promiseWrapper (cx=0xb3f5eb00, obj=<optimized out>, self=0xb2db2080, args=...) at BluetoothAdapter2Binding.cpp:1648
#5  0xb5b16ec4 in mozilla::dom::GenericPromiseReturningBindingMethod (cx=0xb3f5eb00, argc=<optimized out>, vp=<optimized out>) at ../../../gecko/dom/bindings/BindingUtils.cpp:2390
#6  0xb65bd0ec in CallJSNative (args=..., native=0xb5b16ded <mozilla::dom::GenericPromiseReturningBindingMethod(JSContext*, unsigned int, JS::Value*)>, cx=0xb3f5eb00)
    at ../../../gecko/js/src/jscntxtinlines.h:230
#7  js::Invoke (cx=0xb3f5eb00, args=..., construct=js::NO_CONSTRUCT) at ../../../gecko/js/src/vm/Interpreter.cpp:455
#8  0xb65b9f06 in Interpret (cx=0xb3f5eb00, state=...) at ../../../gecko/js/src/vm/Interpreter.cpp:2551
#9  0xb65bbf12 in js::RunScript (cx=0xb3f5eb00, state=...) at ../../../gecko/js/src/vm/Interpreter.cpp:402
#10 0xb65bd072 in RunScript (state=..., cx=0xb3f5eb00) at ../../../gecko/js/src/vm/Interpreter.cpp:369
#11 js::Invoke (cx=0xb3f5eb00, args=..., construct=js::NO_CONSTRUCT) at ../../../gecko/js/src/vm/Interpreter.cpp:474
#12 0xb65bd738 in js::Invoke (cx=0xb3f5eb00, thisv=<optimized out>, fval=..., argc=<optimized out>, argv=0xbefb1d10, rval=...) at ../../../gecko/js/src/vm/Interpreter.cpp:511
#13 0xb6503f5e in JS::Call (cx=0xb3f5eb00, thisv=<optimized out>, fval=<optimized out>, args=<optimized out>, rval=...) at ../../../gecko/js/src/jsapi.cpp:5126
#14 0xb599bcf2 in mozilla::dom::EventHandlerNonNull::Call (this=0xb1ccbee0, cx=0xb3f5eb00, aThisVal=..., event=..., aRetVal=..., aRv=...) at EventHandlerBinding.cpp:36
#15 0xb5c4935c in mozilla::dom::EventHandlerNonNull::Call<nsISupports*> (this=0xb1ccbee0, thisObjPtr=@0xffffff88, event=..., aRetVal=..., aRv=..., 
    aExceptionHandling=mozilla::dom::CallbackObject::eReportExceptions) at ../../dist/include/mozilla/dom/EventHandlerBinding.h:62
#16 0xb5c496d8 in mozilla::JSEventHandler::HandleEvent (this=0xb1ccbf00, aEvent=0xb1b02d90) at ../../../gecko/dom/events/JSEventHandler.cpp:215
#17 0xb5c42ece in mozilla::EventListenerManager::HandleEventSubType (this=0xb1ccf100, aListener=<optimized out>, aDOMEvent=0xb1b02d90, aCurrentTarget=0xb2e83580)
    at ../../../gecko/dom/events/EventListenerManager.cpp:950
#18 0xb5c42fde in mozilla::EventListenerManager::HandleEventInternal (this=0xb1ccf100, aPresContext=0xb342c000, aEvent=0xb28c7e70, aDOMEvent=0xbefb2140, aCurrentTarget=0xb2e83580, aEventStatus=0xbefb2144)
    at ../../../gecko/dom/events/EventListenerManager.cpp:1011
#19 0xb5c4315a in HandleEvent (aEventStatus=0xbefb2144, aCurrentTarget=0xb2e83580, aDOMEvent=0xbefb2140, aEvent=<optimized out>, aPresContext=<optimized out>, this=<optimized out>)
    at ../../dist/include/mozilla/EventListenerManager.h:329
#20 HandleEvent (aVisitor=..., this=<optimized out>, aCd=<optimized out>) at ../../../gecko/dom/events/EventDispatcher.cpp:198
See Also: → 1023969
https://hg.mozilla.org/mozilla-central/rev/d1e9b3cdeb2c
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2.0 S5 (4july)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: