Closed Bug 265740 Opened 16 years ago Closed 15 years ago

browser crashes some times when loading gmail and loading another tab [@ js_Interpret]

Categories

(Core :: XPConnect, defect, P1)

Product:
Core
Component:
XPConnect
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9alpha1

People

(Reporter: kaerez, Assigned: mrbkap)

References

Details

(Keywords: crash, fixed1.8.0.2, fixed1.8.1, Whiteboard: requires fix in bug 328044 [tcn-dl])

Crash Data

Attachments

(2 files, 1 obsolete file)

crash log
18.54 KB, text/rtf
Details
Proposed patch
2.38 KB, patch
brendan
: review+
jst
: superreview+
brendan
: approval-branch-1.8.1+
dveditz
: approval1.8.0.2+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1

browser crashes some times when loading gmail and loading another tab

Reproducible: Always
Steps to Reproduce:
1.load firefox without home page (about:blank)
2.open using link gmail (www.gmail.com)
3.while loading load different address in same/different tab

Actual Results:  
error messege - crash

Expected Results:  
worked . . .
I encountered the same type of crash this morning while opening a new tab with
gmail loading in the background. My talkback ID was TB1549193Z.

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041026 Firefox/1.0RC1
js_Interpret()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 
1494]
js_Invoke()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 
958]
js_InternalInvoke()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/
jsinterp.c, line 1036]
JS_CallFunctionValue()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/
jsapi.c, line 3698]
nsJSContext::CallEventHandler()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
dom/src/base/nsJSEnvironment.cpp, line 1296]
nsJSEventListener::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
dom/src/events/nsJSEventListener.cpp, line 177]
nsXBLPrototypeHandler::ExecuteHandler()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp, line 458]
nsXBLEventHandler::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/xbl/src/nsXBLEventHandler.cpp, line 84]
nsEventListenerManager::HandleEventSubType()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20
-28.8_Clobber/mozilla/content/events/src/nsEventListenerManager.cpp, line 1436]
nsEventListenerManager::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/events/src/nsEventListenerManager.cpp, line 1529]
nsXULElement::HandleDOMEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/xul/content/src/nsXULElement.cpp, line 2841]
PresShell::HandleEventInternal()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
layout/html/base/src/nsPresShell.cpp, line 710]
PresShell::HandleEventWithTarget()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/layout/html/base/src/nsPresShell.cpp, line 5984]
nsEventStateManager::CheckForAndDispatchClick()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20
-28.8_Clobber/mozilla/content/events/src/nsEventStateManager.cpp, line 2985]
nsEventStateManager::PostHandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/content/events/src/nsEventStateManager.cpp, line 142]
PresShell::HandleEventInternal()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
layout/html/base/src/nsPresShell.cpp, line 710]
PresShell::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/layout/
html/base/src/nsPresShell.cpp, line 5920]
nsViewManager::HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
view/src/nsViewManager.cpp, line 710]
nsViewManager::DispatchEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/
view/src/nsViewManager.cpp, line 2066]
HandleEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/view/src/
nsView.cpp, line 243]
nsCommonWidget::DispatchEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/widget/src/gtk2/nsCommonWidget.cpp, line 215]
nsWindow::OnButtonReleaseEvent()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/
mozilla/widget/src/gtk2/nsWindow.cpp, line 1449]
button_release_event_cb()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/widget/
src/gtk2/nsWindow.cpp, line 3277]
libgtk-x11-2.0.so.0 + 0x112434 (0x00223434)
libgobject-2.0.so.0 + 0x9160 (0x003f2160)
libgobject-2.0.so.0 + 0x1d165 (0x00406165)
libgobject-2.0.so.0 + 0x1befe (0x00404efe)
libgobject-2.0.so.0 + 0x1c424 (0x00405424)
libgtk-x11-2.0.so.0 + 0x2119e5 (0x003229e5)
libgtk-x11-2.0.so.0 + 0x1109d2 (0x002219d2)
libgtk-x11-2.0.so.0 + 0x10f726 (0x00220726)
libgdk-x11-2.0.so.0 + 0x3e025 (0x004cd025)
libglib-2.0.so.0 + 0x241e2 (0x005ef1e2)
libglib-2.0.so.0 + 0x252d8 (0x005f02d8)
libglib-2.0.so.0 + 0x25610 (0x005f0610)
libglib-2.0.so.0 + 0x25c53 (0x005f0c53)
libgtk-x11-2.0.so.0 + 0x10eff3 (0x0021fff3)
nsAppShell::Run()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/
gtk2/nsAppShell.cpp, line 144]
nsAppShellService::Run()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/xpfe/
appshell/src/nsAppShellService.cpp, line 495]
xre_main()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/toolkit/xre/
nsAppRunner.cpp, line 692]
main()  [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/browser/app/
nsBrowserApp.cpp, line 59]
libc.so.6 + 0x14ad4 (0x00b94ad4)

kinda sounds like pc=0 (since i had that happen to me only yesterday)
Assignee: general → general
Component: Browser-General → JavaScript Engine
Keywords: crash
QA Contact: general → pschwartau
Summary: browser crashes some times when loading gmail and loading another tab → browser crashes some times when loading gmail and loading another tab [@ js_Interpret]
I experience the same crash. I'm using FireFox 1.0 on Linux.
I've already logged into GMail before so this time it doesn't ask for a
password. First it says "Redirecting to /gmail", then "Loading..." and then
FireFox crashes before showing my inbox.
This bug is very severe because GMail is gaining popularity.
Hongli Lai, did you send a talkback report?  Please post it here if so.  Anyone
who gets this crash, please show the stack backtrace and as much debugging data
as you can.  Thanks,

/be
Status: UNCONFIRMED → NEW
Ever confirmed: true
A quick search for "gmail" in the comments for Firefox10 branch builds shows a
lot of crashes in js_MarkScript (but bug 273221 is already logged for the gmail
pop-up compose window problem):
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=comments&match=contains&searchfor=gmail&vendor=All&product=Firefox10&platform=All&buildid=&sdate=&stime=&edate=&etime=&sortby=bbid

I wonder if this is related to that bug in some way.  Does gmail ever throw any
kind of pop-up windows after login?   I have never seen any except for when
opening a compose window. 

I'll do some more digging tomorrow to see what I can find.
Attached file crash log 
Scott, that attachment is not useful, unfortunately (RTF isn't that good a
format, either).  Talkback is better -- did you have the talkback agent
installed, and see it sending a report?  You can run it to find the ID, IIRC.

The stacks in this bug are not consistent, but this smells like a bad JSContext
pointer being passed in from DOM or window/dialog embedding code.  Reassigning.

/be
Assignee: general → general
Component: JavaScript Engine → DOM: Level 0
QA Contact: pschwartau → ian
Er... is this seriously just an issue in Firefox 0.10.1?  Can people reproduce
this on trunk?
I had a similar experince as comment #3 with FF 1.0.6 on XP, although I had to
enter my username and password, because I had no gmail session open. I've had
this happen many times before (probably FF 1.0.4) but this is the first time I
was able to file a talkback report (TB8209877K). 

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716
Firefox/1.0.6
I'm having crashes with Gmail here as well.
Steps to reproduce:

1. Log in to Gmail.
2. Click "Compose Mail".
3. Click "Open in new window" icon.
4. Just before new window loads, Firefox crashes with error in js3250.dll

Btw, the following settings might be related:
browser.link.open_newwindow = 3;
browser.link.open_newwindow.restriction = 2;
browser.tabs.showSingleWindowModePrefs = true;

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716
Firefox/1.0.6
My *guess* would be that this will be fixed by the cleanup patch in bug 296639.
I think I can confirm this problem.  I'm using a build compiled from CVS and
when I load Gmail (and a few other things) the browser will crash if I'm not
focused on the tab that is loading gmail.
This happens to me often too, using FF V1.0.7 on Windows XP SP2. It can happen even if another page isn't loading but more commonly if one is. It's actually happened a few times with other encrypted (https) pages but seems to be far more common with Gmail. The most recent time (just a minute ago), Talkbalk also closed itself a second after it appeared.

In most cases this only happens when first loading Gmail, not when viewing a message, sending, etc; however it has happened one time when viewing a message while submitting a form in another tab.

Also, in reply to #5, Gmail does not launch any popup windows when loading.
Is anyone seeing this with something moderately non-ancient?  That is, current trunk or Firefox 1.5?
Yes -- it's been happening since I installed 1.5 for OS-X
Do you have a talkback id?
I probably do, but can't figure out how to find it.  Next time it crashes and talkback opens up I'll let you know.
William, there are directions explaining how to find the incident id in the next to last paragraph of the "How to Write a Useful Bug Report" section at http://www.mozilla.org/quality/bug-writing-guidelines.html
Ok -- the latest crash has this talkback id:

TB12927458Q
that one's useless. no stack to speak of

Incident ID: 12927458 
Stack Signature 0x20202020 189b7728 
Product ID Firefox15 
Build ID 2005111116 
Trigger Time 2005-12-13 15:55:21.0 
Platform MacOSX 
Operating System Darwin 7.9.0 
Module  
URL visited  
User Comments  
Since Last Crash 325246 sec 
Total Uptime 1189075 sec 
Trigger Reason SIGSEGV: Segmentation Violation: (signal 11) 
Source File, Line No. N/A 
Stack Trace  

0x20202020

OK -- here are a couple more:

12772045W

12799100Y
Incident ID: TB15019505
Stack Signature	xpsp2res.dll + 0x202113 (0x20202113) e86a7100
Product ID	Firefox15
Build ID	2006011112
Trigger Time	2006-02-10 17:41:57.0
Platform	Win32
Operating System	Windows NT 5.1 build 2600
Module	xpsp2res.dll + (00202113)
URL visited	
User Comments	opening GMail. tbid: monks
Since Last Crash	20449 sec
Total Uptime	20449 sec
Trigger Reason	Access violation
Source File, Line No.	N/A
Stack Trace 	
xpsp2res.dll + 0x202113 (0x20202113)
XPCNativeWrapper::AttachNewConstructorObject  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/XPCNativeWrapper.cpp, line 1316]
nsXPConnect::InitClasses  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/nsXPConnect.cpp, line 451]
nsXPCComponents_utils_Sandbox::CallOrConstruct  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpccomponents.cpp, line 2253]
nsXPCComponents_utils_Sandbox::Call  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpccomponents.cpp, line 2208]
XPC_WN_Helper_Construct  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1000]
js_Construct  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsobj.c, line 3768]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3095]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
fun_apply  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsfun.c, line 1640]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
fun_apply  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsfun.c, line 1640]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
nsXPCWrappedJSClass::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1369]
nsXPCWrappedJS::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 462]
SharedStub  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 147]
XPTC_InvokeByIndex  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 102]
XPCWrappedNative::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2152]
XPC_WN_CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1444]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
fun_apply  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsfun.c, line 1640]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
fun_apply  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsfun.c, line 1640]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177]
js_Interpret  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551]
js_Invoke  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197]
nsXPCWrappedJSClass::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1369]
nsXPCWrappedJS::CallMethod  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 462]
SharedStub  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 147]
nsEventListenerManager::HandleEventSubType  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1685]
nsEventListenerManager::HandleEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1786]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2153]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleChromeEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2833]
nsGlobalWindow::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/dom/src/base/nsGlobalWindow.cpp, line 1585]
nsDocument::HandleDOMEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/base/src/nsDocument.cpp, line 4013]
nsEventStateManager::DispatchNewEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/events/src/nsEventStateManager.cpp, line 4578]
nsDocument::DispatchEvent  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/base/src/nsDocument.cpp, line 4097]
nsDocument::DispatchContentLoadedEvents  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/base/src/nsDocument.cpp, line 2213]
nsHTMLDocument::EndLoad  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/html/document/src/nsHTMLDocument.cpp, line 983]
HTMLContentSink::DidBuildModel  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/html/document/src/nsHTMLContentSink.cpp, line 2203]
CNavDTD::DidBuildModel  [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/parser/htmlparser/src/CNavDTD.cpp, line 604]
Attached patch this is the patch i'd want (obsolete) — Splinter Review
Attachment #212252 - Flags: review?(mrbkap)
Comment on attachment 212252 [details] [diff] [review]
this is the patch i'd want

>+    jsval val = OBJECT_TO_JSVAL(sandbox);
>+    AUTO_MARK_JSVAL(ccx, val);

There isn't any particular reason to use an AUTO_MARK_JSVAL, except to waste cycles. Other options include:
- *vp = OBJECT_TO_JSVAL(sandbox);
- JS_SetGlobalObject(tempcx, sandbox)

I think I prefer the 2nd one.
Comment on attachment 212252 [details] [diff] [review]
this is the patch i'd want

>+    jsval val = OBJECT_TO_JSVAL(sandbox);
>+    AUTO_MARK_JSVAL(ccx, val);

You don't need val -- just pass OBJECT_TO_JSVAL(sandbox) to AUTO_MARK_JSVAL as the second actual argument.

/be
(In reply to comment #24)
> There isn't any particular reason to use an AUTO_MARK_JSVAL, except to waste
> cycles. Other options include:
> - *vp = OBJECT_TO_JSVAL(sandbox);
> - JS_SetGlobalObject(tempcx, sandbox)
> 
> I think I prefer the 2nd one.

Yeah, that's more righteous.

/be
Comment on attachment 212252 [details] [diff] [review]
this is the patch i'd want

As well as my previous comment. Won't nsXPCComponents_Utils::EvalInSandbox need an AutoJSRequest as well? I'll put together a new patch.
Attachment #212252 - Flags: review?(mrbkap) → review-
Attached patch Proposed patchSplinter Review 
This even avoids making a new native call context.
Assignee: general → mrbkap
Attachment #212252 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #212275 - Flags: superreview?(jst)
Attachment #212275 - Flags: review?(brendan)
Comment on attachment 212275 [details] [diff] [review]
Proposed patch

sr=jst
Attachment #212275 - Flags: superreview?(jst) → superreview+
This is a GC hazard in code that's pretty extensively used by GreaseMonkey. The fix is straightforward. I think that we are going to want this on the branches.
Component: DOM: Level 0 → XPConnect
Flags: blocking1.8.1?
Flags: blocking1.8.0.2?
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Target Milestone: --- → mozilla1.9alpha
Comment on attachment 212275 [details] [diff] [review]
Proposed patch

r=me.

/be
Attachment #212275 - Flags: review?(brendan)
Attachment #212275 - Flags: review+
Attachment #212275 - Flags: approval1.8.0.2?
Attachment #212275 - Flags: approval-branch-1.8.1+
Fix checked into trunk.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Actually, evalinsandbox needs *two*, one for when it reports an error. so that stuff isn't complete. i'll file a new bug after i resolve the conflicts w/ your changes.
This bug only used to occurr (except in rare cases) if you switched to another tab while Gmail was loading. However, since the addition of the chat feature, I'm encountering it even with no other tabs open. It still doesn't happen every time, though.
Flags: blocking1.8.0.2? → blocking1.8.0.2+
Comment on attachment 212275 [details] [diff] [review]
Proposed patch

approved for 1.8.0 branch, a=dveditz
Attachment #212275 - Flags: approval1.8.0.2? → approval1.8.0.2+
Depends on: 328044
Whiteboard: requires fix in bug 328044
Woah... I just had Gmail fail to load for some reason (presumably my connection cut out). It left the browser in a semi-frozen state; dialogs and menus would appear, and tabs could be opened and closed, but nothing would redraw. It crashed when I tried to close it, though the 'you are closing multiple tabs' dialog appeared as normal.
Fix checked into the 1.8 branches. I opted against checking the request stuff in since I realized that even with the fix for bug 3228044, it wasn't entirely complete (but it wasn't wrong either).
Keywords: fixed1.8.0.2, fixed1.8.1
The bug number in comment 37 had a typo.  It should have been "bug 328044".
Can someone attach a simple testcase so QA can verify the fix?
Whiteboard: requires fix in bug 328044 → requires fix in bug 328044 [tcn-dl]
*** Bug 328557 has been marked as a duplicate of this bug. ***
Crash Signature: [@ js_Interpret]
Flags: blocking1.8.1?
You need to log in before you can comment on or make changes to this bug.