Infinite recursion, GlobalWindowImpl::Focus [@ JS_GetFrameFunctionObject][@ JS_GetParent]

RESOLVED WORKSFORME

Status

()

Core
DOM: Core & HTML
--
critical
RESOLVED WORKSFORME
15 years ago
4 years ago

People

(Reporter: timeless, Unassigned)

Tracking

({crash})

Trunk
x86
Windows 2000
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: gone?, crash signature)

(Reporter)

Description

15 years ago
BBID range: 24346655 - 24593991
Min/Max Seconds since last crash: 806 - 132227
Min/Max Runtime: 5983 - 132227
Crash data range: 2003-10-12 to 2003-10-20
Build ID range: 2003101104 to 2003102004

Stack Trace:
JS_GetFrameFunctionObject
[c:/builds/seamonkey/mozilla/js/src/jsdbgapi.c line 731]
needsSecurityCheck
[c:/builds/seamonkey/mozilla/dom/src/base/nsDOMClassInfo.cpp line 2941]
nsWindowSH::GetProperty
[c:/builds/seamonkey/mozilla/dom/src/base/nsDOMClassInfo.cpp line 3098]
XPC_WN_Helper_GetProperty
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp line
792]
js_GetProperty
[c:/builds/seamonkey/mozilla/js/src/jsobj.c line 2666]
JS_GetProperty
[c:/builds/seamonkey/mozilla/js/src/jsapi.c line 2491]
nsDOMClassInfo::PostCreate
[c:/builds/seamonkey/mozilla/dom/src/base/nsDOMClassInfo.cpp line 2533]
XPCWrappedNative::GetNewOrUsed
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp line 427]
XPCConvert::NativeInterface2JSObject
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcconvert.cpp line 1061]
nsXPConnect::WrapNative
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/nsXPConnect.cpp line 564]
nsJSEventListener::HandleEvent
[c:/builds/seamonkey/mozilla/dom/src/events/nsJSEventListener.cpp line 166]
nsXBLPrototypeHandler::ExecuteHandler
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp line 464]
nsXBLPrototypeHandler::BindingAttached
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp line 512]
nsXBLBinding::ExecuteAttachedHandler
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLBinding.cpp line 847]
nsElementSH::PostCreate
[c:/builds/seamonkey/mozilla/dom/src/base/nsDOMClassInfo.cpp line 4701]
nsHTMLExternalObjSH::PostCreate
[c:/builds/seamonkey/mozilla/dom/src/base/nsDOMClassInfo.cpp line 5779]
XPCWrappedNative::GetNewOrUsed
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp line 427]
XPCWrappedNative::GetNewOrUsed
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp line 317]
XPCConvert::NativeInterface2JSObject
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcconvert.cpp line 1061]
nsXPConnect::WrapNative
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/nsXPConnect.cpp line 564]
nsDOMClassInfo::WrapNative
[c:/builds/seamonkey/mozilla/dom/src/base/nsDOMClassInfo.cpp line 1036]
nsArraySH::GetProperty
[c:/builds/seamonkey/mozilla/dom/src/base/nsDOMClassInfo.cpp line 4783]
XPC_WN_Helper_GetProperty
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp line
792]
js_GetProperty
[c:/builds/seamonkey/mozilla/js/src/jsobj.c line 2603]
js_Interpret
[c:/builds/seamonkey/mozilla/js/src/jsinterp.c line 2709]
js_Invoke
[c:/builds/seamonkey/mozilla/js/src/jsinterp.c line 858]
nsXPCWrappedJSClass::CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp line 1333]
nsXPCWrappedJS::CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp line 429]
PrepareAndDispatch
[c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp
line 119]
SharedStub
[c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp
line 147]
nsEventListenerManager::HandleEventSubType
[c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp line
1423]
nsEventListenerManager::HandleEvent
[c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp line
1500]
nsXULDocument::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/document/src/nsXULDocument.cpp line 1273]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3171]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3164]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3164]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3164]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3164]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3164]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3164]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 3164]
nsXULElement::HandleChromeEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp line 4308]
GlobalWindowImpl::HandleDOMEvent
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp line 842]
nsDocument::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsDocument.cpp line 3741]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1928]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 1921]
nsEventStateManager::DispatchNewEvent
[c:/builds/seamonkey/mozilla/content/events/src/nsEventStateManager.cpp line 4536]
nsEventListenerManager::DispatchEvent
[c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp line
1912]
nsDOMEventRTTearoff::DispatchEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp line 704]

Source File : c:/builds/seamonkey/mozilla/js/src/jsdbgapi.c line : 731

OSs: w2k, wXP.

JS_GetFrameFunctionObject(JSContext *cx, JSStackFrame *fp)
{
    return fp->argv && fp->fun ? JSVAL_TO_OBJECT(fp->argv[-2]) : NULL;
}

Registers will almost certainly be needed.

This bug is filed based on talkback crash reports. I know there is one bugzilla
user who has experienced this bug, but that user isn't me, so don't ask me how
to reproduce it :).
(Reporter)

Comment 1

15 years ago
also appearing as:
BBID range: 24501178 - 24594061
Min/Max Seconds since last crash: 31 - 74091
Min/Max Runtime: 1732 - 74263
Crash data range: 2003-10-17 to 2003-10-20
Build ID range: 2003101604 to 2003102004

Stack Trace:
JS_GetParent
[c:/builds/seamonkey/mozilla/js/src/jsapi.c line 2029]
needsSecurityCheck
[c:/builds/seamonkey/mozilla/dom/src/base/nsDOMClassInfo.cpp line 2946]
nsWindowSH::GetProperty
[c:/builds/seamonkey/mozilla/dom/src/base/nsDOMClassInfo.cpp line 3098]
XPC_WN_Helper_GetProperty
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp line
792]
js_GetProperty
[c:/builds/seamonkey/mozilla/js/src/jsobj.c line 2666]
JS_GetProperty
[c:/builds/seamonkey/mozilla/js/src/jsapi.c line 2491]
nsDOMClassInfo::PostCreate
[c:/builds/seamonkey/mozilla/dom/src/base/nsDOMClassInfo.cpp line 2533]

Anyway, this looks like infinite recursion (the selected is a bit more
than a single round of a loop from the JS_GetParent flavor of the crash):
nsWindow::DispatchFocus
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 5393]
nsWindow::ProcessMessage
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 4137]
nsWindow::WindowProc
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 1334]
USER32.dll + 0x1d0a (0x77e11d0a)
USER32.dll + 0x2bcc (0x77e12bcc)
USER32.dll + 0x2b84 (0x77e12b84)
ntdll.dll + 0x11a7f (0x77f91a7f)
GlobalWindowImpl::Focus
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp line 2486]
nsEventStateManager::PreHandleEvent
[c:/builds/seamonkey/mozilla/content/events/src/nsEventStateManager.cpp line 732]
PresShell::HandleEventInternal
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp line 6210]
PresShell::HandleEvent
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp line 6140]
nsViewManager::HandleEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp line 2253]
nsView::HandleEvent
[c:/builds/seamonkey/mozilla/view/src/nsView.cpp line 298]
nsViewManager::DispatchEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp line 2042]
HandleEvent
[c:/builds/seamonkey/mozilla/view/src/nsView.cpp line 79]
nsWindow::DispatchEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 1054]
nsWindow::DispatchWindowEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 1071]
nsWindow::DispatchFocus
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 5393]
nsWindow::ProcessMessage
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 4144]
nsWindow::WindowProc
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp line 1334]
USER32.dll + 0x1d0a (0x77e11d0a)
USER32.dll + 0x2bcc (0x77e12bcc)
USER32.dll + 0x2b84 (0x77e12b84)
ntdll.dll + 0x11a7f (0x77f91a7f)
GlobalWindowImpl::Focus
Component: DOM Core → DOM Level 0
Summary: [@ JS_GetFrameFunctionObject] → Infinite recursion, GlobalWindowImpl::Focus [@ JS_GetFrameFunctionObject][@ JS_GetParent]

Comment 2

9 years ago
WFM or morphed?

in crash-stats, don't see any such crashes 
- no top of frame matches for seamonkey for last 3 months
- firefox crashes up through 3.5, but stacks don't match - checked 2 days and none contain GlobalWindowImpl::Focus. examples below

bp-ac71b3f6-52c2-477a-844b-918192090707
Signature	JS_GetFrameFunctionObject
UUID	ac71b3f6-52c2-477a-844b-918192090707
Time 	2009-07-07 16:06:58.673109
Uptime	8135
Product	Firefox
Version	3.5
Build ID	20090624025744
Branch	1.9.1
OS	Windows NT
OS Version	5.1.2600 Service Pack 2
CPU	x86
CPU Info	GenuineIntel family 6 model 23 stepping 6
Crash Reason	EXCEPTION_ACCESS_VIOLATION
Crash Address	0xffffffffc0558020
User Comments	tried to load office communicator web in an ie tab :)
Processor Notes 	
Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	js3250.dll 	JS_GetFrameFunctionObject 	js/src/jsdbgapi.cpp:1156
1 	xul.dll 	nsScriptSecurityManager::GetPrincipalAndFrame 	caps/src/nsScriptSecurityManager.cpp:2199
2 	xul.dll 	nsScriptSecurityManager::GetCxSubjectPrincipal 	caps/src/nsScriptSecurityManager.cpp:396
3 	xul.dll 	nsXPConnect::Push 	js/src/xpconnect/src/nsXPConnect.cpp:2514
4 	xul.dll 	nsJSContext::BindCompiledEventHandler 	dom/src/base/nsJSEnvironment.cpp:2100
5 	xul.dll 	nsXBLPrototypeHandler::ExecuteHandler 	content/xbl/src/nsXBLPrototypeHandler.cpp:329
6 	xul.dll 	nsXBLEventHandler::HandleEvent 	content/xbl/src/nsXBLEventHandler.cpp:88
7 	xul.dll 	nsEventListenerManager::HandleEventSubType 	content/events/src/nsEventListenerManager.cpp:1098
8 	xul.dll 	nsEventListenerManager::HandleEvent 	content/events/src/nsEventListenerManager.cpp:1206
9 	xul.dll 	nsEventTargetChainItem::HandleEvent 	content/events/src/nsEventDispatcher.cpp:236
10 	xul.dll 	nsEventTargetChainItem::HandleEventTargetChain 	content/events/src/nsEventDispatcher.cpp:300
11 	xul.dll 	nsEventDispatcher::Dispatch 	content/events/src/nsEventDispatcher.cpp:514
12 	xul.dll 	nsXULPopupManager::FirePopupHidingEvent 	layout/xul/base/src/nsXULPopupManager.cpp:1064

bp-79ff1d01-8c51-41aa-94a8-a9f1d2090726
Signature	JS_GetParent
UUID	79ff1d01-8c51-41aa-94a8-a9f1d2090726
Time 	2009-07-26 19:18:28.659308
Uptime	249
Last Crash	251 seconds before submission
Product	Firefox
Version	3.5.1
Build ID	20090715094852
Branch	1.9.1
OS	Windows NT
OS Version	5.1.2600 Service Pack 3
CPU	x86
CPU Info	GenuineIntel family 15 model 2 stepping 9
Crash Reason	EXCEPTION_ACCESS_VIOLATION
Crash Address	0x61e850f8
User Comments	
Processor Notes 	
Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	js3250.dll 	JS_GetParent 	js/src/jsapi.cpp:2836
1 	xul.dll 	nsJSUtils::GetStaticScriptGlobal 	dom/src/base/nsJSUtils.cpp:133
2 	xul.dll 	nsEventReceiverSH::RegisterCompileHandler 	dom/src/base/nsDOMClassInfo.cpp:7278
3 	xul.dll 	nsRunnable::Release 	obj-firefox/xpcom/build/nsThreadUtils.cpp:51
4 	xul.dll 	nsDocument::EndUpdate 	content/base/src/nsDocument.cpp:3717
5 	xul.dll 	mozAutoSubtreeModified::UpdateTarget 	obj-firefox/dist/include/content/nsIDocument.h:1306
6 	xul.dll 	nsHTMLDocument::EndUpdate 	content/html/document/src/nsHTMLDocument.cpp:3130
7 	xul.dll 	nsGenericHTMLElement::SetInnerHTML 	content/html/content/src/nsGenericHTMLElement.cpp:754
Keywords: topcrash → topcrash-
QA Contact: ian → general
Whiteboard: gone?
(Assignee)

Updated

7 years ago
Crash Signature: [@ JS_GetFrameFunctionObject] [@ JS_GetParent]

Comment 3

6 years ago
Both signatures still appear in Firefox.
Crash Signature: [@ JS_GetFrameFunctionObject] [@ JS_GetParent] → [@ JS_GetFrameFunctionObject] [@ JS_GetParent]

Comment 4

6 years ago
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #3)
> Both signatures still appear in Firefox.

That said, very low volume, but including 13.0.1 and 14 beta.

Comment 5

5 years ago
The topcrash- keyword is not actively maintained and pollutes queries with topcrash.
Keywords: topcrash-

Updated

4 years ago
Assignee: general → nobody

Comment 6

4 years ago
no crashes for current versions
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.