browser crashes some times when loading gmail and loading another tab [@ js_Interpret]

RESOLVED FIXED in mozilla1.9alpha1

Status

()

Product:
Core
Component:
XPConnect
P1
critical
RESOLVED FIXED
Reported:
13 years ago
Modified:
a year ago

People

(Reporter: Erez Kalman, Assigned: mrbkap)

Tracking

({crash, fixed1.8.0.2, fixed1.8.1})

Version:
Trunk
Target:
mozilla1.9alpha1
Keywords:
crash, fixed1.8.0.2, fixed1.8.1
Points:
---
Duplicates:
328557
Bug Flags:
blocking1.8.0.2 +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: requires fix in bug 328044 [tcn-dl], crash signature)

Attachments

(2 attachments, 1 obsolete attachment)

crash log
18.54 KB, text/rtf
Details
Proposed patch
2.38 KB, patch
brendan
: review+
jst
: superreview+
brendan
: approval-branch-1.8.1+
dveditz
: approval1.8.0.2+
Details | Diff | Splinter Review
(Reporter)

Description

13 years ago 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1

browser crashes some times when loading gmail and loading another tab

Reproducible: Always
Steps to Reproduce:
1.load firefox without home page (about:blank)
2.open using link gmail (www.gmail.com)
3.while loading load different address in same/different tab

Actual Results:  
error messege - crash

Expected Results:  
worked . . .

Comment 1

13 years ago 
I encountered the same type of crash this morning while opening a new tab with
gmail loading in the background. My talkback ID was TB1549193Z.

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041026 Firefox/1.0RC1

Comment 2

13 years ago 
js_Interpret()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 
1494]
js_Invoke()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 
958]
js_InternalInvoke()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/
jsinterp.c, line 1036]
JS_CallFunctionValue()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/
jsapi.c, line 3698]
nsJSContext::CallEventHandler()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
dom/src/base/nsJSEnvironment.cpp, line 1296]
nsJSEventListener::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
dom/src/events/nsJSEventListener.cpp, line 177]
nsXBLPrototypeHandler::ExecuteHandler()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp, line 458]
nsXBLEventHandler::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/xbl/src/nsXBLEventHandler.cpp, line 84]
nsEventListenerManager::HandleEventSubType()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20
-28.8_Clobber/mozilla/content/events/src/nsEventListenerManager.cpp, line 1436]
nsEventListenerManager::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/events/src/nsEventListenerManager.cpp, line 1529]
nsXULElement::HandleDOMEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/xul/content/src/nsXULElement.cpp, line 2841]
PresShell::HandleEventInternal()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
layout/html/base/src/nsPresShell.cpp, line 710]
PresShell::HandleEventWithTarget()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/layout/html/base/src/nsPresShell.cpp, line 5984]
nsEventStateManager::CheckForAndDispatchClick()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20
-28.8_Clobber/mozilla/content/events/src/nsEventStateManager.cpp, line 2985]
nsEventStateManager::PostHandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/events/src/nsEventStateManager.cpp, line 142]
PresShell::HandleEventInternal()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
layout/html/base/src/nsPresShell.cpp, line 710]
PresShell::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/layout/
html/base/src/nsPresShell.cpp, line 5920]
nsViewManager::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
view/src/nsViewManager.cpp, line 710]
nsViewManager::DispatchEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
view/src/nsViewManager.cpp, line 2066]
HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/view/src/
nsView.cpp, line 243]
nsCommonWidget::DispatchEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/widget/src/gtk2/nsCommonWidget.cpp, line 215]
nsWindow::OnButtonReleaseEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/widget/src/gtk2/nsWindow.cpp, line 1449]
button_release_event_cb()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/widget/
src/gtk2/nsWindow.cpp, line 3277]
libgtk-x11-2.0.so.0 + 0x112434 (0x00223434)
libgobject-2.0.so.0 + 0x9160 (0x003f2160)
libgobject-2.0.so.0 + 0x1d165 (0x00406165)
libgobject-2.0.so.0 + 0x1befe (0x00404efe)
libgobject-2.0.so.0 + 0x1c424 (0x00405424)
libgtk-x11-2.0.so.0 + 0x2119e5 (0x003229e5)
libgtk-x11-2.0.so.0 + 0x1109d2 (0x002219d2)
libgtk-x11-2.0.so.0 + 0x10f726 (0x00220726)
libgdk-x11-2.0.so.0 + 0x3e025 (0x004cd025)
libglib-2.0.so.0 + 0x241e2 (0x005ef1e2)
libglib-2.0.so.0 + 0x252d8 (0x005f02d8)
libglib-2.0.so.0 + 0x25610 (0x005f0610)
libglib-2.0.so.0 + 0x25c53 (0x005f0c53)
libgtk-x11-2.0.so.0 + 0x10eff3 (0x0021fff3)
nsAppShell::Run()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/
gtk2/nsAppShell.cpp, line 144]
nsAppShellService::Run()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/xpfe/
appshell/src/nsAppShellService.cpp, line 495]
xre_main()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/toolkit/xre/
nsAppRunner.cpp, line 692]
main()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/browser/app/
nsBrowserApp.cpp, line 59]
libc.so.6 + 0x14ad4 (0x00b94ad4)

kinda sounds like pc=0 (since i had that happen to me only yesterday)
Assignee: general → general
Component: Browser-General → JavaScript Engine
Keywords: crash
QA Contact: general → pschwartau
Summary: browser crashes some times when loading gmail and loading another tab → browser crashes some times when loading gmail and loading another tab [@ js_Interpret]

Comment 3

13 years ago 
I experience the same crash. I'm using FireFox 1.0 on Linux.
I've already logged into GMail before so this time it doesn't ask for a
password. First it says "Redirecting to /gmail", then "Loading..." and then
FireFox crashes before showing my inbox.
This bug is very severe because GMail is gaining popularity.

Comment 4

13 years ago 
Hongli Lai, did you send a talkback report?  Please post it here if so.  Anyone
who gets this crash, please show the stack backtrace and as much debugging data
as you can.  Thanks,

/be
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 5

13 years ago 
A quick search for "gmail" in the comments for Firefox10 branch builds shows a
lot of crashes in js_MarkScript (but bug 273221 is already logged for the gmail
pop-up compose window problem):
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=comments&match=contains&searchfor=gmail&vendor=All&product=Firefox10&platform=All&buildid=&sdate=&stime=&edate=&etime=&sortby=bbid

I wonder if this is related to that bug in some way.  Does gmail ever throw any
kind of pop-up windows after login?   I have never seen any except for when
opening a compose window. 

I'll do some more digging tomorrow to see what I can find.

Comment 6

13 years ago 
Created attachment 177137 [details]
crash log

Comment 7

13 years ago 
Scott, that attachment is not useful, unfortunately (RTF isn't that good a
format, either).  Talkback is better -- did you have the talkback agent
installed, and see it sending a report?  You can run it to find the ID, IIRC.

The stacks in this bug are not consistent, but this smells like a bad JSContext
pointer being passed in from DOM or window/dialog embedding code.  Reassigning.

/be
Assignee: general → general
Component: JavaScript Engine → DOM: Level 0
QA Contact: pschwartau → ian

Comment 8

13 years ago 
Er... is this seriously just an issue in Firefox 0.10.1?  Can people reproduce
this on trunk?

Comment 9

12 years ago 
I had a similar experince as comment #3 with FF 1.0.6 on XP, although I had to
enter my username and password, because I had no gmail session open. I've had
this happen many times before (probably FF 1.0.4) but this is the first time I
was able to file a talkback report (TB8209877K). 

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716
Firefox/1.0.6

Comment 10

12 years ago 
I'm having crashes with Gmail here as well.
Steps to reproduce:

1. Log in to Gmail.
2. Click "Compose Mail".
3. Click "Open in new window" icon.
4. Just before new window loads, Firefox crashes with error in js3250.dll

Btw, the following settings might be related:
browser.link.open_newwindow = 3;
browser.link.open_newwindow.restriction = 2;
browser.tabs.showSingleWindowModePrefs = true;

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716
Firefox/1.0.6

Comment 11

12 years ago 
My *guess* would be that this will be fixed by the cleanup patch in bug 296639.

Comment 12

12 years ago 
I think I can confirm this problem.  I'm using a build compiled from CVS and
when I load Gmail (and a few other things) the browser will crash if I'm not
focused on the tab that is loading gmail.

Comment 13

12 years ago 
This happens to me often too, using FF V1.0.7 on Windows XP SP2. It can happen even if another page isn't loading but more commonly if one is. It's actually happened a few times with other encrypted (https) pages but seems to be far more common with Gmail. The most recent time (just a minute ago), Talkbalk also closed itself a second after it appeared.

In most cases this only happens when first loading Gmail, not when viewing a message, sending, etc; however it has happened one time when viewing a message while submitting a form in another tab.

Also, in reply to #5, Gmail does not launch any popup windows when loading.

Comment 14

12 years ago 
Is anyone seeing this with something moderately non-ancient?  That is, current trunk or Firefox 1.5?

Comment 15

12 years ago 
Yes -- it's been happening since I installed 1.5 for OS-X

Comment 16

12 years ago 
Do you have a talkback id?

Comment 17

12 years ago 
I probably do, but can't figure out how to find it.  Next time it crashes and talkback opens up I'll let you know.

Comment 18

12 years ago 
William, there are directions explaining how to find the incident id in the next to last paragraph of the "How to Write a Useful Bug Report" section at http://www.mozilla.org/quality/bug-writing-guidelines.html

Comment 19

12 years ago 
Ok -- the latest crash has this talkback id:

TB12927458Q

Comment 20

12 years ago 
that one's useless. no stack to speak of

Incident ID: 12927458 
Stack Signature 0x20202020 189b7728 
Product ID Firefox15 
Build ID 2005111116 
Trigger Time 2005-12-13 15:55:21.0 
Platform MacOSX 
Operating System Darwin 7.9.0 
Module  
URL visited  
User Comments  
Since Last Crash 325246 sec 
Total Uptime 1189075 sec 
Trigger Reason SIGSEGV: Segmentation Violation: (signal 11) 
Source File, Line No. N/A 
Stack Trace  

0x20202020

Comment 21

12 years ago 
OK -- here are a couple more:

12772045W

12799100Y

Comment 22

12 years ago 
Incident ID: TB15019505
Stack Signature	xpsp2res.dll + 0x202113 (0x20202113) e86a7100
Product ID	Firefox15
Build ID	2006011112
Trigger Time	2006-02-10 17:41:57.0
Platform	Win32
Operating System	Windows NT 5.1 build 2600
Module	xpsp2res.dll + (00202113)
URL visited	
User Comments	opening GMail. tbid: monks
Since Last Crash	20449 sec
Total Uptime	20449 sec
Trigger Reason	Access violation
Source File, Line No.	N/A
Stack Trace 	
xpsp2res.dll + 0x202113 (0x20202113)
XPCNativeWrapper::AttachNewConstructorObject  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/XPCNativeWrapper.cpp, line 1316]
nsXPConnect::InitClasses  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/nsXPConnect.cpp, line 451]
nsXPCComponents_utils_Sandbox::CallOrConstruct  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpccomponents.cpp, line 2253]
nsXPCComponents_utils_Sandbox::Call  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpccomponents.cpp, line 2208]
XPC_WN_Helper_Construct  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1000]
js_Construct  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsobj.c, line 3768]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3095]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
fun_apply  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsfun.c, line 1640]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
fun_apply  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsfun.c, line 1640]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
nsXPCWrappedJSClass::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1369]
nsXPCWrappedJS::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 462]
SharedStub  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 147]
XPTC_InvokeByIndex  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 102]
XPCWrappedNative::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2152]
XPC_WN_CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1444]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
fun_apply  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsfun.c, line 1640]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
fun_apply  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsfun.c, line 1640]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
nsXPCWrappedJSClass::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1369]
nsXPCWrappedJS::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 462]
SharedStub  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 147]
nsEventListenerManager::HandleEventSubType  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1685]
nsEventListenerManager::HandleEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1786]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2153]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleChromeEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2833]
nsGlobalWindow::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/dom/src/base/nsGlobalWindow.cpp, line 1585]
nsDocument::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/base/src/nsDocument.cpp, line 4013]
nsEventStateManager::DispatchNewEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/events/src/nsEventStateManager.cpp, line 4578]
nsDocument::DispatchEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/base/src/nsDocument.cpp, line 4097]
nsDocument::DispatchContentLoadedEvents  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/base/src/nsDocument.cpp, line 2213]
nsHTMLDocument::EndLoad  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/html/document/src/nsHTMLDocument.cpp, line 983]
HTMLContentSink::DidBuildModel  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/html/document/src/nsHTMLContentSink.cpp, line 2203]
CNavDTD::DidBuildModel  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/parser/htmlparser/src/CNavDTD.cpp, line 604]

Comment 23

12 years ago 
Created attachment 212252 [details] [diff] [review]
this is the patch i'd want
Attachment #212252 - Flags: review?(mrbkap)
 (Assignee)

Comment 24

12 years ago 
Comment on attachment 212252 [details] [diff] [review]
this is the patch i'd want

>+    jsval val = OBJECT_TO_JSVAL(sandbox);
>+    AUTO_MARK_JSVAL(ccx, val);

There isn't any particular reason to use an AUTO_MARK_JSVAL, except to waste cycles. Other options include:
- *vp = OBJECT_TO_JSVAL(sandbox);
- JS_SetGlobalObject(tempcx, sandbox)

I think I prefer the 2nd one.

Comment 25

12 years ago 
Comment on attachment 212252 [details] [diff] [review]
this is the patch i'd want

>+    jsval val = OBJECT_TO_JSVAL(sandbox);
>+    AUTO_MARK_JSVAL(ccx, val);

You don't need val -- just pass OBJECT_TO_JSVAL(sandbox) to AUTO_MARK_JSVAL as the second actual argument.

/be

Comment 26

12 years ago 
(In reply to comment #24)
> There isn't any particular reason to use an AUTO_MARK_JSVAL, except to waste
> cycles. Other options include:
> - *vp = OBJECT_TO_JSVAL(sandbox);
> - JS_SetGlobalObject(tempcx, sandbox)
> 
> I think I prefer the 2nd one.

Yeah, that's more righteous.

/be
 (Assignee)

Comment 27

12 years ago 
Comment on attachment 212252 [details] [diff] [review]
this is the patch i'd want

As well as my previous comment. Won't nsXPCComponents_Utils::EvalInSandbox need an AutoJSRequest as well? I'll put together a new patch.
Attachment #212252 - Flags: review?(mrbkap) → review-
 (Assignee)

Comment 28

12 years ago 
Created attachment 212275 [details] [diff] [review]
Proposed patch

This even avoids making a new native call context.
Assignee: general → mrbkap
Attachment #212252 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #212275 - Flags: superreview?(jst)
Attachment #212275 - Flags: review?(brendan)

Comment 29

12 years ago 
Comment on attachment 212275 [details] [diff] [review]
Proposed patch

sr=jst
Attachment #212275 - Flags: superreview?(jst) → superreview+
 (Assignee)

Comment 30

12 years ago 
This is a GC hazard in code that's pretty extensively used by GreaseMonkey. The fix is straightforward. I think that we are going to want this on the branches.
Component: DOM: Level 0 → XPConnect
Flags: blocking1.8.1?
Flags: blocking1.8.0.2?
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.9alpha

Comment 31

12 years ago 
Comment on attachment 212275 [details] [diff] [review]
Proposed patch

r=me.

/be
Attachment #212275 - Flags: review?(brendan)
Attachment #212275 - Flags: review+
Attachment #212275 - Flags: approval1.8.0.2?
Attachment #212275 - Flags: approval-branch-1.8.1+
 (Assignee)

Comment 32

12 years ago 
Fix checked into trunk.
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED

Comment 33

12 years ago 
Actually, evalinsandbox needs *two*, one for when it reports an error. so that stuff isn't complete. i'll file a new bug after i resolve the conflicts w/ your changes.

Comment 34

12 years ago 
This bug only used to occurr (except in rare cases) if you switched to another tab while Gmail was loading. However, since the addition of the chat feature, I'm encountering it even with no other tabs open. It still doesn't happen every time, though.
Flags: blocking1.8.0.2? → blocking1.8.0.2+

Comment 35

12 years ago 
Comment on attachment 212275 [details] [diff] [review]
Proposed patch

approved for 1.8.0 branch, a=dveditz
Attachment #212275 - Flags: approval1.8.0.2? → approval1.8.0.2+

Updated

12 years ago
Depends on: 328044
Whiteboard: requires fix in bug 328044

Comment 36

12 years ago 
Woah... I just had Gmail fail to load for some reason (presumably my connection cut out). It left the browser in a semi-frozen state; dialogs and menus would appear, and tabs could be opened and closed, but nothing would redraw. It crashed when I tried to close it, though the 'you are closing multiple tabs' dialog appeared as normal.
 (Assignee)

Comment 37

12 years ago 
Fix checked into the 1.8 branches. I opted against checking the request stuff in since I realized that even with the fix for bug 3228044, it wasn't entirely complete (but it wasn't wrong either).
Keywords: fixed1.8.0.2, fixed1.8.1

Comment 38

12 years ago 
The bug number in comment 37 had a typo.  It should have been "bug 328044".

Comment 39

12 years ago 
Can someone attach a simple testcase so QA can verify the fix?
Whiteboard: requires fix in bug 328044 → requires fix in bug 328044 [tcn-dl]

Comment 40

12 years ago 
*** Bug 328557 has been marked as a duplicate of this bug. ***
Crash Signature: [@ js_Interpret]
 (Assignee)

Updated

a year ago
Flags: blocking1.8.1?
You need to log in before you can comment on or make changes to this bug.