Closed
Bug 273953
Opened 20 years ago
Closed 19 years ago
Crash during GC after leaving page in URL
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: mrbkap, Assigned: dbradley)
References
()
Details
(Keywords: crash)
Attachments
(1 obsolete file)
It looks like |this| has already been deleted (all its members are 0xfeeefee).
Here's the stack:
> xpc3250.dll!XPCDispInterface::SetJSObject(JSObject * jsobj=0x00000000) Line
309 + 0x6 C++
xpc3250.dll!XPCWrappedNativeTearOff::SetJSObject(JSObject * JSObj=0x00000000)
Line 593 C++
xpc3250.dll!XPCWrappedNativeTearOff::JSObjectFinalized() Line 1687 + 0x11 C++
xpc3250.dll!XPC_WN_TearOff_Finalize(JSContext * cx=0x037c87c0, JSObject *
obj=0x03829c40) Line 1583 C++
js3250.dll!js_FinalizeObject(JSContext * cx=0x037c87c0, JSObject *
obj=0x03829c40) Line 1983 + 0x60 C
js3250.dll!js_GC(JSContext * cx=0x037c87c0, unsigned int gcflags=0) Line
1684 + 0xb C
js3250.dll!js_ForceGC(JSContext * cx=0x037c87c0, unsigned int gcflags=0) Line
1363 + 0xd C
js3250.dll!JS_GC(JSContext * cx=0x037c87c0) Line 1747 + 0xb C
gklayout.dll!nsJSContext::Notify(nsITimer * timer=0x03abc260) Line 1955 + 0xd C++
xpcom_core.dll!nsTimerImpl::Fire() Line 387 C++
xpcom_core.dll!nsTimerManager::FireNextIdleTimer() Line 617 C++
gkwidget.dll!nsAppShell::Run() Line 142 C++
appcomps.dll!nsAppStartup::Run() Line 216 C++
mozilla.exe!main1(int argc=1, char * * argv=0x002a55e0, nsISupports *
nativeApp=0x00ee3e08) Line 1320 + 0x20 C++
mozilla.exe!main(int argc=1, char * * argv=0x002a55e0) Line 1798 + 0x25 C++
mozilla.exe!mainCRTStartup() Line 398 + 0x11 C
kernel32.dll!7c816d4f()
kernel32.dll!7c8399f3()
Reporter | ||
Updated•20 years ago
|
Assignee | ||
Comment 1•20 years ago
|
||
I've been able to reproduce. Unfortunately due to forgetting to turn off optimizations my crash stack is pretty much useless. Will report back after rebuilding.
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•20 years ago
|
||
The IDispatch logic was calling FindTearoff which actually created the tearoff if it didn't exist. My intent with the IDispatch logic was just to find one if it existed and try and resolve the property, not create one if it didn't exist. This patch fixes that issue. However I think there's and additional underlying issue here as well. I'd like to go ahead and get this patch in, and then I'll track down why we're double freeing/finalizing the tearoff. I suspect in a real IDispatch situation may still be an issue.
Assignee | ||
Updated•20 years ago
|
Attachment #171350 -
Flags: superreview?(brendan)
Attachment #171350 -
Flags: review?(jst)
Comment 3•20 years ago
|
||
Comment on attachment 171350 [details] [diff] [review] Eliminates creating uneeded IDispatch tearoffs r=jst
Attachment #171350 -
Flags: review?(jst) → review+
Comment 4•20 years ago
|
||
Comment on attachment 171350 [details] [diff] [review] Eliminates creating uneeded IDispatch tearoffs Odd for loop style with that newline after the for(, your call but it seems like a change from the style of old.... /be
Attachment #171350 -
Flags: superreview?(brendan) → superreview+
Attachment #171350 -
Flags: approval1.8b?
Comment on attachment 171350 [details] [diff] [review] Eliminates creating uneeded IDispatch tearoffs mozilla/js/src/xpconnect/src/XPCIDispatchExtension.cpp 1.15 mozilla/js/src/xpconnect/src/xpcprivate.h 1.148 mozilla/js/src/xpconnect/src/xpcwrappednative.cpp 1.87
Attachment #171350 -
Attachment is obsolete: true
Comment on attachment 171350 [details] [diff] [review] Eliminates creating uneeded IDispatch tearoffs too late for 1.8b; please land on trunk (which is now open)
Attachment #171350 -
Flags: approval1.8b? → approval1.8b-
Comment 7•19 years ago
|
||
Timeless, say what you did more clearly. It looks like you checked in. If so, shouldn't this bug be marked FIXED? /be
Assignee | ||
Comment 8•19 years ago
|
||
Looks like the patch was checked in, and so this shouldn't be an issue anymore. Feel free to reopen if this crash occurs again. Marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•