Closed Bug 1651317 Opened 4 years ago Closed 3 years ago

Crash in [@ mozilla::dom::PrototypeDocumentContentSink::OnScriptCompileComplete]

Categories

(Core :: XUL, defect)

Unspecified
Windows 8
defect

Tracking

()

RESOLVED FIXED
90 Branch
Tracking Status
firefox-esr78 --- wontfix
firefox88 --- wontfix
firefox89 --- wontfix
firefox90 --- fixed

People

(Reporter: achronop, Assigned: bdahl)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

This bug is for crash report bp-a43ca2c2-4d36-4a9b-b906-12b4b0200706.

Top 10 frames of crashing thread:

0 xul.dll mozilla::dom::PrototypeDocumentContentSink::OnScriptCompileComplete dom/prototype/PrototypeDocumentContentSink.cpp:839
1 xul.dll NotifyOffThreadScriptCompletedRunnable::Run dom/xul/nsXULElement.cpp:1789
2 xul.dll mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:459
3 xul.dll mozilla::detail::RunnableFunction<`lambda at /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:82:7'>::Run xpcom/threads/nsThreadUtils.h:577
4 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1234
5 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:87
6 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:327
7 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:309
8 xul.dll nsBaseAppShell::Run widget/nsBaseAppShell.cpp:137
9 xul.dll nsAppShell::Run widget/windows/nsAppShell.cpp:430

This is crashing for many releases. My understanding is that mCurrentScriptProto can be null but it is dereferenced without checking.

Could you take a look at this?

Flags: needinfo?(bdahl)
Component: DOM: Core & HTML → XUL

I have still yet to reproduce this. However, it looks like it could happen if
two documents load the same script and they both finish at the same time
and one clears the mCurrentScriptProto of the other.

Assignee: nobody → bdahl
Status: NEW → ASSIGNED
Flags: needinfo?(bdahl)
Pushed by bdahl@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f24818ff7ed2
Handle race in script compiling in PrototypeDocumentContentSink. r=smaug
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 90 Branch

The patch landed in nightly and beta is affected.
:bdahl, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(bdahl)

Seeing as this patch is speculative, I don't plan to uplift.

Flags: needinfo?(bdahl)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: