Last Comment Bug 265740 - browser crashes some times when loading gmail and loading another tab [@ js_Interpret]
: browser crashes some times when loading gmail and loading another tab [@ js_I...
Status: RESOLVED FIXED
requires fix in bug 328044 [tcn-dl]
: crash, fixed1.8.0.2, fixed1.8.1
Product: Core
Classification: Components
Component: XPConnect (show other bugs)
: Trunk
: All All
: P1 critical with 3 votes (vote)
: mozilla1.9alpha1
Assigned To: Blake Kaplan (:mrbkap)
: Hixie (not reading bugmail)
:
Mentors:
: 328557 (view as bug list)
Depends on: 328044
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-23 05:22 PDT by Erez Kalman
Modified: 2016-05-11 15:45 PDT (History)
14 users (show)
dveditz: blocking1.8.0.2+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
crash log (18.54 KB, text/rtf)
2005-03-11 07:22 PST, Scott Field
no flags Details
this is the patch i'd want (1009 bytes, patch)
2006-02-17 13:39 PST, timeless
mrbkap: review-
Details | Diff | Splinter Review
Proposed patch (2.38 KB, patch)
2006-02-17 17:51 PST, Blake Kaplan (:mrbkap)
brendan: review+
jst: superreview+
brendan: approval‑branch‑1.8.1+
dveditz: approval1.8.0.2+
Details | Diff | Splinter Review

Description Erez Kalman 2004-10-23 05:22:10 PDT
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1

browser crashes some times when loading gmail and loading another tab

Reproducible: Always
Steps to Reproduce:
1.load firefox without home page (about:blank)
2.open using link gmail (www.gmail.com)
3.while loading load different address in same/different tab

Actual Results:  
error messege - crash

Expected Results:  
worked . . .
Comment 1 Cornelius 2004-10-27 07:19:28 PDT
I encountered the same type of crash this morning while opening a new tab with
gmail loading in the background. My talkback ID was TB1549193Z.

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041026 Firefox/1.0RC1
Comment 2 timeless 2004-10-27 08:49:35 PDT
js_Interpret()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 
1494]
js_Invoke()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 
958]
js_InternalInvoke()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/
jsinterp.c, line 1036]
JS_CallFunctionValue()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/
jsapi.c, line 3698]
nsJSContext::CallEventHandler()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
dom/src/base/nsJSEnvironment.cpp, line 1296]
nsJSEventListener::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
dom/src/events/nsJSEventListener.cpp, line 177]
nsXBLPrototypeHandler::ExecuteHandler()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp, line 458]
nsXBLEventHandler::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/xbl/src/nsXBLEventHandler.cpp, line 84]
nsEventListenerManager::HandleEventSubType()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20
-28.8_Clobber/mozilla/content/events/src/nsEventListenerManager.cpp, line 1436]
nsEventListenerManager::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/events/src/nsEventListenerManager.cpp, line 1529]
nsXULElement::HandleDOMEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/xul/content/src/nsXULElement.cpp, line 2841]
PresShell::HandleEventInternal()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
layout/html/base/src/nsPresShell.cpp, line 710]
PresShell::HandleEventWithTarget()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/layout/html/base/src/nsPresShell.cpp, line 5984]
nsEventStateManager::CheckForAndDispatchClick()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20
-28.8_Clobber/mozilla/content/events/src/nsEventStateManager.cpp, line 2985]
nsEventStateManager::PostHandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/events/src/nsEventStateManager.cpp, line 142]
PresShell::HandleEventInternal()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
layout/html/base/src/nsPresShell.cpp, line 710]
PresShell::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/layout/
html/base/src/nsPresShell.cpp, line 5920]
nsViewManager::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
view/src/nsViewManager.cpp, line 710]
nsViewManager::DispatchEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
view/src/nsViewManager.cpp, line 2066]
HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/view/src/
nsView.cpp, line 243]
nsCommonWidget::DispatchEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/widget/src/gtk2/nsCommonWidget.cpp, line 215]
nsWindow::OnButtonReleaseEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/widget/src/gtk2/nsWindow.cpp, line 1449]
button_release_event_cb()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/widget/
src/gtk2/nsWindow.cpp, line 3277]
libgtk-x11-2.0.so.0 + 0x112434 (0x00223434)
libgobject-2.0.so.0 + 0x9160 (0x003f2160)
libgobject-2.0.so.0 + 0x1d165 (0x00406165)
libgobject-2.0.so.0 + 0x1befe (0x00404efe)
libgobject-2.0.so.0 + 0x1c424 (0x00405424)
libgtk-x11-2.0.so.0 + 0x2119e5 (0x003229e5)
libgtk-x11-2.0.so.0 + 0x1109d2 (0x002219d2)
libgtk-x11-2.0.so.0 + 0x10f726 (0x00220726)
libgdk-x11-2.0.so.0 + 0x3e025 (0x004cd025)
libglib-2.0.so.0 + 0x241e2 (0x005ef1e2)
libglib-2.0.so.0 + 0x252d8 (0x005f02d8)
libglib-2.0.so.0 + 0x25610 (0x005f0610)
libglib-2.0.so.0 + 0x25c53 (0x005f0c53)
libgtk-x11-2.0.so.0 + 0x10eff3 (0x0021fff3)
nsAppShell::Run()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/
gtk2/nsAppShell.cpp, line 144]
nsAppShellService::Run()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/xpfe/
appshell/src/nsAppShellService.cpp, line 495]
xre_main()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/toolkit/xre/
nsAppRunner.cpp, line 692]
main()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/browser/app/
nsBrowserApp.cpp, line 59]
libc.so.6 + 0x14ad4 (0x00b94ad4)

kinda sounds like pc=0 (since i had that happen to me only yesterday)
Comment 3 Hongli Lai 2004-12-15 13:13:22 PST
I experience the same crash. I'm using FireFox 1.0 on Linux.
I've already logged into GMail before so this time it doesn't ask for a
password. First it says "Redirecting to /gmail", then "Loading..." and then
FireFox crashes before showing my inbox.
This bug is very severe because GMail is gaining popularity.
Comment 4 Brendan Eich [:brendan] 2004-12-15 14:24:55 PST
Hongli Lai, did you send a talkback report?  Please post it here if so.  Anyone
who gets this crash, please show the stack backtrace and as much debugging data
as you can.  Thanks,

/be
Comment 5 Jay Patel [:jay] 2004-12-15 22:58:58 PST
A quick search for "gmail" in the comments for Firefox10 branch builds shows a
lot of crashes in js_MarkScript (but bug 273221 is already logged for the gmail
pop-up compose window problem):
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=comments&match=contains&searchfor=gmail&vendor=All&product=Firefox10&platform=All&buildid=&sdate=&stime=&edate=&etime=&sortby=bbid

I wonder if this is related to that bug in some way.  Does gmail ever throw any
kind of pop-up windows after login?   I have never seen any except for when
opening a compose window. 

I'll do some more digging tomorrow to see what I can find.
Comment 6 Scott Field 2005-03-11 07:22:11 PST
Created attachment 177137 [details]
crash log
Comment 7 Brendan Eich [:brendan] 2005-03-11 09:33:21 PST
Scott, that attachment is not useful, unfortunately (RTF isn't that good a
format, either).  Talkback is better -- did you have the talkback agent
installed, and see it sending a report?  You can run it to find the ID, IIRC.

The stacks in this bug are not consistent, but this smells like a bad JSContext
pointer being passed in from DOM or window/dialog embedding code.  Reassigning.

/be
Comment 8 Boris Zbarsky [:bz] (still a bit busy) 2005-03-11 09:39:18 PST
Er... is this seriously just an issue in Firefox 0.10.1?  Can people reproduce
this on trunk?
Comment 9 Jani Forssell 2005-08-09 01:28:00 PDT
I had a similar experince as comment #3 with FF 1.0.6 on XP, although I had to
enter my username and password, because I had no gmail session open. I've had
this happen many times before (probably FF 1.0.4) but this is the first time I
was able to file a talkback report (TB8209877K). 

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716
Firefox/1.0.6
Comment 10 badjunk 2005-08-11 15:09:38 PDT
I'm having crashes with Gmail here as well.
Steps to reproduce:

1. Log in to Gmail.
2. Click "Compose Mail".
3. Click "Open in new window" icon.
4. Just before new window loads, Firefox crashes with error in js3250.dll

Btw, the following settings might be related:
browser.link.open_newwindow = 3;
browser.link.open_newwindow.restriction = 2;
browser.tabs.showSingleWindowModePrefs = true;

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716
Firefox/1.0.6
Comment 11 Johnny Stenback (:jst, jst@mozilla.com) 2005-08-11 15:55:06 PDT
My *guess* would be that this will be fixed by the cleanup patch in bug 296639.
Comment 12 Martin Meyer 2005-09-25 23:10:54 PDT
I think I can confirm this problem.  I'm using a build compiled from CVS and
when I load Gmail (and a few other things) the browser will crash if I'm not
focused on the tab that is loading gmail.
Comment 13 HyperHacker 2005-12-09 15:01:47 PST
This happens to me often too, using FF V1.0.7 on Windows XP SP2. It can happen even if another page isn't loading but more commonly if one is. It's actually happened a few times with other encrypted (https) pages but seems to be far more common with Gmail. The most recent time (just a minute ago), Talkbalk also closed itself a second after it appeared.

In most cases this only happens when first loading Gmail, not when viewing a message, sending, etc; however it has happened one time when viewing a message while submitting a form in another tab.

Also, in reply to #5, Gmail does not launch any popup windows when loading.
Comment 14 Boris Zbarsky [:bz] (still a bit busy) 2005-12-10 08:03:15 PST
Is anyone seeing this with something moderately non-ancient?  That is, current trunk or Firefox 1.5?
Comment 15 William Flesch 2005-12-10 08:16:18 PST
Yes -- it's been happening since I installed 1.5 for OS-X
Comment 16 Boris Zbarsky [:bz] (still a bit busy) 2005-12-10 08:21:59 PST
Do you have a talkback id?
Comment 17 William Flesch 2005-12-10 17:51:00 PST
I probably do, but can't figure out how to find it.  Next time it crashes and talkback opens up I'll let you know.
Comment 18 Boris Zbarsky [:bz] (still a bit busy) 2005-12-11 09:15:12 PST
William, there are directions explaining how to find the incident id in the next to last paragraph of the "How to Write a Useful Bug Report" section at http://www.mozilla.org/quality/bug-writing-guidelines.html
Comment 19 William Flesch 2005-12-13 16:01:46 PST
Ok -- the latest crash has this talkback id:

TB12927458Q
Comment 20 timeless 2005-12-13 18:00:13 PST
that one's useless. no stack to speak of

Incident ID: 12927458 
Stack Signature 0x20202020 189b7728 
Product ID Firefox15 
Build ID 2005111116 
Trigger Time 2005-12-13 15:55:21.0 
Platform MacOSX 
Operating System Darwin 7.9.0 
Module  
URL visited  
User Comments  
Since Last Crash 325246 sec 
Total Uptime 1189075 sec 
Trigger Reason SIGSEGV: Segmentation Violation: (signal 11) 
Source File, Line No. N/A 
Stack Trace  

0x20202020
Comment 21 William Flesch 2005-12-13 18:14:03 PST
OK -- here are a couple more:

12772045W

12799100Y
Comment 22 Robin Monks 2006-02-17 10:29:09 PST
Incident ID: TB15019505
Stack Signature	xpsp2res.dll + 0x202113 (0x20202113) e86a7100
Product ID	Firefox15
Build ID	2006011112
Trigger Time	2006-02-10 17:41:57.0
Platform	Win32
Operating System	Windows NT 5.1 build 2600
Module	xpsp2res.dll + (00202113)
URL visited	
User Comments	opening GMail. tbid: monks
Since Last Crash	20449 sec
Total Uptime	20449 sec
Trigger Reason	Access violation
Source File, Line No.	N/A
Stack Trace 	
xpsp2res.dll + 0x202113 (0x20202113)
XPCNativeWrapper::AttachNewConstructorObject  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/XPCNativeWrapper.cpp, line 1316]
nsXPConnect::InitClasses  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/nsXPConnect.cpp, line 451]
nsXPCComponents_utils_Sandbox::CallOrConstruct  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpccomponents.cpp, line 2253]
nsXPCComponents_utils_Sandbox::Call  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpccomponents.cpp, line 2208]
XPC_WN_Helper_Construct  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1000]
js_Construct  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsobj.c, line 3768]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3095]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
fun_apply  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsfun.c, line 1640]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
fun_apply  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsfun.c, line 1640]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
nsXPCWrappedJSClass::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1369]
nsXPCWrappedJS::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 462]
SharedStub  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 147]
XPTC_InvokeByIndex  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 102]
XPCWrappedNative::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2152]
XPC_WN_CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1444]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
fun_apply  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsfun.c, line 1640]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
fun_apply  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsfun.c, line 1640]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
nsXPCWrappedJSClass::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1369]
nsXPCWrappedJS::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 462]
SharedStub  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 147]
nsEventListenerManager::HandleEventSubType  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1685]
nsEventListenerManager::HandleEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1786]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2153]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleChromeEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2833]
nsGlobalWindow::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/dom/src/base/nsGlobalWindow.cpp, line 1585]
nsDocument::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/base/src/nsDocument.cpp, line 4013]
nsEventStateManager::DispatchNewEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/events/src/nsEventStateManager.cpp, line 4578]
nsDocument::DispatchEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/base/src/nsDocument.cpp, line 4097]
nsDocument::DispatchContentLoadedEvents  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/base/src/nsDocument.cpp, line 2213]
nsHTMLDocument::EndLoad  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/html/document/src/nsHTMLDocument.cpp, line 983]
HTMLContentSink::DidBuildModel  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/html/document/src/nsHTMLContentSink.cpp, line 2203]
CNavDTD::DidBuildModel  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/parser/htmlparser/src/CNavDTD.cpp, line 604]
Comment 23 timeless 2006-02-17 13:39:01 PST
Created attachment 212252 [details] [diff] [review]
this is the patch i'd want
Comment 24 Blake Kaplan (:mrbkap) 2006-02-17 14:45:59 PST
Comment on attachment 212252 [details] [diff] [review]
this is the patch i'd want

>+    jsval val = OBJECT_TO_JSVAL(sandbox);
>+    AUTO_MARK_JSVAL(ccx, val);

There isn't any particular reason to use an AUTO_MARK_JSVAL, except to waste cycles. Other options include:
- *vp = OBJECT_TO_JSVAL(sandbox);
- JS_SetGlobalObject(tempcx, sandbox)

I think I prefer the 2nd one.
Comment 25 Brendan Eich [:brendan] 2006-02-17 14:56:15 PST
Comment on attachment 212252 [details] [diff] [review]
this is the patch i'd want

>+    jsval val = OBJECT_TO_JSVAL(sandbox);
>+    AUTO_MARK_JSVAL(ccx, val);

You don't need val -- just pass OBJECT_TO_JSVAL(sandbox) to AUTO_MARK_JSVAL as the second actual argument.

/be
Comment 26 Brendan Eich [:brendan] 2006-02-17 15:00:00 PST
(In reply to comment #24)
> There isn't any particular reason to use an AUTO_MARK_JSVAL, except to waste
> cycles. Other options include:
> - *vp = OBJECT_TO_JSVAL(sandbox);
> - JS_SetGlobalObject(tempcx, sandbox)
> 
> I think I prefer the 2nd one.

Yeah, that's more righteous.

/be
Comment 27 Blake Kaplan (:mrbkap) 2006-02-17 17:16:55 PST
Comment on attachment 212252 [details] [diff] [review]
this is the patch i'd want

As well as my previous comment. Won't nsXPCComponents_Utils::EvalInSandbox need an AutoJSRequest as well? I'll put together a new patch.
Comment 28 Blake Kaplan (:mrbkap) 2006-02-17 17:51:48 PST
Created attachment 212275 [details] [diff] [review]
Proposed patch

This even avoids making a new native call context.
Comment 29 Johnny Stenback (:jst, jst@mozilla.com) 2006-02-17 17:53:18 PST
Comment on attachment 212275 [details] [diff] [review]
Proposed patch

sr=jst
Comment 30 Blake Kaplan (:mrbkap) 2006-02-17 18:07:59 PST
This is a GC hazard in code that's pretty extensively used by GreaseMonkey. The fix is straightforward. I think that we are going to want this on the branches.
Comment 31 Brendan Eich [:brendan] 2006-02-17 18:12:08 PST
Comment on attachment 212275 [details] [diff] [review]
Proposed patch

r=me.

/be
Comment 32 Blake Kaplan (:mrbkap) 2006-02-17 19:00:57 PST
Fix checked into trunk.
Comment 33 timeless 2006-02-19 20:00:57 PST
Actually, evalinsandbox needs *two*, one for when it reports an error. so that stuff isn't complete. i'll file a new bug after i resolve the conflicts w/ your changes.
Comment 34 HyperHacker 2006-02-20 21:59:57 PST
This bug only used to occurr (except in rare cases) if you switched to another tab while Gmail was loading. However, since the addition of the chat feature, I'm encountering it even with no other tabs open. It still doesn't happen every time, though.
Comment 35 Daniel Veditz [:dveditz] 2006-02-21 18:06:54 PST
Comment on attachment 212275 [details] [diff] [review]
Proposed patch

approved for 1.8.0 branch, a=dveditz
Comment 36 HyperHacker 2006-02-22 23:22:51 PST
Woah... I just had Gmail fail to load for some reason (presumably my connection cut out). It left the browser in a semi-frozen state; dialogs and menus would appear, and tabs could be opened and closed, but nothing would redraw. It crashed when I tried to close it, though the 'you are closing multiple tabs' dialog appeared as normal.
Comment 37 Blake Kaplan (:mrbkap) 2006-02-23 18:10:58 PST
Fix checked into the 1.8 branches. I opted against checking the request stuff in since I realized that even with the fix for bug 3228044, it wasn't entirely complete (but it wasn't wrong either).
Comment 38 Jesse Ruderman 2006-02-23 19:43:02 PST
The bug number in comment 37 had a typo.  It should have been "bug 328044".
Comment 39 Dave Liebreich [:davel] 2006-02-24 14:24:33 PST
Can someone attach a simple testcase so QA can verify the fix?
Comment 40 Steve England [:stevee] 2006-02-25 17:08:25 PST
*** Bug 328557 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.