Closed Bug 273819 Opened 20 years ago Closed 20 years ago

ASSERTION: Native event queues should only be used on the main thread

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.8beta1

People

(Reporter: darin.moz, Assigned: darin.moz)

Details

(Keywords: crash)

Attachments

(1 file)

v1 patch
3.22 KB, patch
danm.moz
: review+
Bienvenu
: superreview+
Details | Diff | Splinter Review 
NTDLL! 77f75a58()
nsDebugImpl::Assertion(nsDebugImpl * const 0x00f8d310, const char * 0x00373900,
const char * 0x003738e4, const char * 0x003738a8, int 0x000000e4) line 290
nsDebug::Assertion(const char * 0x00373900, const char * 0x003738e4, const char
* 0x003738a8, int 0x000000e4) line 109
nsEventQueueImpl::NotifyObservers(const char * 0x0033bdec
gDestroyedNotification) line 228 + 34 bytes
nsEventQueueImpl::~nsEventQueueImpl() line 139
nsEventQueueImpl::`scalar deleting destructor'(unsigned int 0x00000001) + 15 bytes
nsEventQueueImpl::Release(nsEventQueueImpl * const 0x0315f318) line 195 + 142 bytes
nsCOMPtr<nsIEventQueue>::~nsCOMPtr<nsIEventQueue>() line 584
nsTimerImpl::PostTimerEvent() line 508 + 8 bytes
TimerThread::Run(TimerThread * const 0x003e82b0) line 287
nsThread::Main(void * 0x00f90538) line 118 + 26 bytes
_PR_NativeRunThread(void * 0x00f90638) line 436 + 13 bytes
pr_root(void * 0x00f90638) line 116 + 13 bytes
_threadstartex(void * 0x00f908c0) line 212 + 13 bytes
KERNEL32! 77e7d33b()

It would appear that the last reference to this particular native event queue is
being held by the timer thread.  As a result, we destroy the native event queue
on the timer thread, and in doing so, we call into the appshell code on the
timer thread.  This explains why checking IsMainThread was "wrong" previously.

What we should do I think is move the final call to NotifyObservers from the
destructor into CheckForDeactivation since that function will only ever be
called on the main thread.

This bug is a potential crash on all platforms.
Severity: normal → major
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.8beta
It actually isn't possible to tear down the event queue in CheckForDeactivation
since there may still be pending events that need to be processed.  We could
possibly tear down the native notify logic at that point, but that feels risky.

The solution is perhaps to tear down the event queue once we process the last
pending event on a deactivated event queue.  Then we should be fine provided
ProcessPendingEvents is always called ;-)
Attached patch v1 patchSplinter Review 
Possible patch.  This seems to do the trick.
Attachment #168681 - Flags: review?(danm.moz)
Attachment #168681 - Flags: review?(danm.moz) → review+
Attachment #168681 - Flags: superreview?(bienvenu)
Attachment #168681 - Flags: superreview?(bienvenu) → superreview+
fixed-on-trunk

begin prayer to the talkback goddess.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: