Closed
Bug 274096
Opened 20 years ago
Closed 20 years ago
Trunk crash blocking iframes with AdBlock extension
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: stdowa+bugzilla, Assigned: brendan)
References
()
Details
(Keywords: crash)
Attachments
(1 file)
2.67 KB,
patch
|
shaver
:
review+
|
Details | Diff | Splinter Review |
The following comes from bug 267804. ------- Additional Comment #12 From Stephen Walker 2004-12-10 11:01 PDT ------- Using last night's trunk cvs on Windows XP I'm crashing while trying to block the atdmt iframe in the middle of the right-hand column on http://www.warp2search.net/. I'm getting the following stack often; I was only able to reproduce the nsESM::PreHandleEvent stack in talkback once. JS API usage error: the address passed to JS_AddNamedRoot currently holds an invalid jsval. This is usually caused by a missing call to JS_RemoveRoot. The root's name is "exn.report.root". Assertion failure: root_points_to_gcArenaPool, at c:/Mozilla/mozilla/js/src/jsgc.c:1335 ntdll.dll!7c901230() >js3250.dll!JS_Assert(const char * s=0x100cb0a0, const char * file=0x100cb07c, int ln=1335) Line 155 C js3250.dll!gc_root_marker(JSDHashTable * table=0x00af8028, JSDHashEntryHdr * hdr=0x02710264, unsigned long num=256, void * arg=0x02cf3c60) Line 1335 + 0x1c bytes C js3250.dll!JS_DHashTableEnumerate(JSDHashTable * table=0x00af8028, JSDHashOperator (JSDHashTable *, JSDHashEntryHdr *, unsigned long, void *)* etor=0x10043980, void * arg=0x02cf3c60) Line 618 + 0x19 bytes C js3250.dll!js_GC(JSContext * cx=0x02cf3c60, unsigned int gcflags=0) Line 1551 + 0x15 bytes C js3250.dll!js_ForceGC(JSContext * cx=0x02cf3c60, unsigned int gcflags=0) Line 1363 + 0xd bytes C js3250.dll!JS_GC(JSContext * cx=0x02cf3c60) Line 1747 + 0xb bytes C js3250.dll!JS_MaybeGC(JSContext * cx=0x02cf3c60) Line 1766 + 0x9 bytes C gklayout.dll!nsJSContext::ScriptEvaluated(int aTerminated=0) Line 1876 + 0xd bytes C++ gklayout.dll!nsJSContext::ScriptExecuted() Line 1947 C++ xpc3250.dll!AutoScriptEvaluate::~AutoScriptEvaluate() Line 107 C++ xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper=0x01ffc248, unsigned short methodIndex=3, const nsXPTMethodInfo * info=0x00ba4598, nsXPTCMiniVariant * nativeParams=0x0012b200) Line 1588 + 0x1f bytes C++ xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=3, const nsXPTMethodInfo * info=0x00ba4598, nsXPTCMiniVariant * params=0x0012b200) Line 450 C++ xpcom_core.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x01ffc248, unsigned int methodIndex=3, unsigned int * args=0x0012b2c8, unsigned int * stackBytesToPop=0x0012b2b8) Line 117 + 0x1e bytes C++ xpcom_core.dll!SharedStub() Line 147 C++ xpcom_core.dll!XPTC_InvokeByIndex(nsISupports * that=0x0012b3d8, unsigned int methodIndex=1226172, unsigned int paramCount=12802554, nsXPTCVariant * params=0x01ffc248) Line 102 C++ xpc3250.dll!AutoJSSuspendRequest::SuspendRequest() Line 3009 + 0xd bytes C++ js3250.dll!GetPropertyTreeChild(JSContext * cx=0x003e4aa0, JSScopeProperty * parent=0x02e3cdf8, JSScopeProperty * child=0x02d302e8) Line 785 + 0x9 bytes C 00000001()
Assignee | ||
Comment 1•20 years ago
|
||
Oops! Where was my brain, and my code reviewers'? ;-) Error paths must goto out to remove that root. /be
Assignee: general → brendan
Assignee | ||
Comment 2•20 years ago
|
||
Assignee | ||
Comment 3•20 years ago
|
||
Comment on attachment 168433 [details] [diff] [review] fix So what operation was adblock causing to fail? Why would a get on an exception object fail, anyway? Reporter, could you debug with a breakpoint at each return JS_FALSE in js_ReportUncaughtException? Thanks. In any case, this patch is a fix. I'm just wondering why adblock prevents properties of exception objects from being got. /be
Attachment #168433 -
Flags: review?(shaver)
Assignee | ||
Comment 4•20 years ago
|
||
Comment on attachment 168433 [details] [diff] [review] fix D'oh! What if someone throws null? We need a separate "rooted" flag. /be
Attachment #168433 -
Attachment is obsolete: true
Attachment #168433 -
Flags: review?(shaver)
Reporter | ||
Comment 5•20 years ago
|
||
Blocking the 2nd iframe down from the top of http://www.warp2search.net/ ntdll.dll!7c901230() >xpcom_core.dll!nsDebugImpl::Break(const char * aFile=0x01aad518, int aLine=2943) Line 374C++ xpcom_core.dll!nsDebugImpl::Assertion(const char * aStr=0x01aad554, const char * aExpr=0x01aad54c, const char * aFile=0x01aad518, int aLine=2943) Line 290C++ xpcom_core.dll!nsDebug::Assertion(const char * aStr=0x01aad554, const char * aExpr=0x01aad54c, const char * aFile=0x01aad518, int aLine=2943) Line 109C++ gklayout.dll!nsDOMClassInfo::GetProperty(nsIXPConnectWrappedNative * wrapper=0x02f1dbd8, JSContext * cx=0x02ddaf40, JSObject * obj=0x02e5d520, long id=38986012, long * vp=0x0012c00c, int * _retval=0x0012b6ec) Line 2943 + 0x1a bytesC++ gklayout.dll!nsHTMLExternalObjSH::GetProperty(nsIXPConnectWrappedNative * wrapper=0x02f1dbd8, JSContext * cx=0x02ddaf40, JSObject * obj=0x02e5d520, long id=38986012, long * vp=0x0012c00c, int * _retval=0x0012b6ec) Line 7169C++ xpc3250.dll!XPC_WN_Helper_GetProperty(JSContext * cx=0x02ddaf40, JSObject * obj=0x02e5d520, long idval=38986012, long * vp=0x0012c00c) Line 811 + 0x31 bytesC++ js3250.dll!js_GetProperty(JSContext * cx=0x02ddaf40, JSObject * obj=0x02e5d520, long id=39019056, long * vp=0x0012c00c) Line 2638 + 0x13d bytesC js3250.dll!js_Interpret(JSContext * cx=0x02ddaf40, long * result=0x0012c154) Line 3445 + 0x611 bytesC js3250.dll!js_Invoke(JSContext * cx=0x02ddaf40, unsigned int argc=2, unsigned int flags=2) Line 1306 + 0xd bytesC js3250.dll!js_InternalInvoke(JSContext * cx=0x02ddaf40, JSObject * obj=0x024db3c0, long fval=39909824, unsigned int flags=0, unsigned int argc=2, long * argv=0x02e1a798, long * rval=0x0012c2dc) Line 1383 + 0x14 bytesC js3250.dll!JS_CallFunctionValue(JSContext * cx=0x02ddaf40, JSObject * obj=0x024db3c0, long fval=39909824, unsigned int argc=2, long * argv=0x02e1a798, long * rval=0x0012c2dc) Line 3767 + 0x1f bytesC gklayout.dll!nsJSContext::CallEventHandler(JSObject * aTarget=0x024db3c0, JSObject * aHandler=0x0260f9c0, unsigned int argc=2, long * argv=0x02e1a798, long * rval=0x0012c2dc) Line 1352 + 0x21 bytesC++ gklayout.dll!GlobalWindowImpl::RunTimeout(nsTimeoutImpl * aTimeout=0x02e1a8a8) Line 5197C++ gklayout.dll!GlobalWindowImpl::TimerCallback(nsITimer * aTimer=0x02e1a978, void * aClosure=0x02e1a8a8) Line 5558C++ xpcom_core.dll!nsTimerImpl::Fire() Line 383 + 0x13 bytesC++ xpcom_core.dll!nsTimerManager::FireNextIdleTimer() Line 617C++ gkwidget.dll!nsAppShell::GetNativeEvent(int & aRealEvent=1, void * & aEvent=0x00d9a458) Line 197C++ appshell.dll!nsXULWindow::ShowModal() Line 378 + 0x21 bytesC++ appshell.dll!nsWebShellWindow::ShowModal() Line 1101C++ appshell.dll!nsContentTreeOwner::ShowAsModal() Line 441C++ embedcomponents.dll!nsWindowWatcher::OpenWindowJS(nsIDOMWindow * aParent=0x01eeed8c, const char * aUrl=0x0253a7f0, const char * aName=0x0012c8e8, const char * aFeatures=0x0012c940, int aDialog=1, unsigned int argc=2, long * argv=0x02daf150, nsIDOMWindow * * _retval=0x0012ca84) Line 786C++ gklayout.dll!GlobalWindowImpl::OpenInternal(const nsAString & aUrl={...}, const nsAString & aName={...}, const nsAString & aOptions={...}, int aDialog=1, long * argv=0x02daf144, unsigned int argc=5, nsISupports * aExtraArgument=0x00000000, nsIDOMWindow * * aReturn=0x0012ce04) Line 4792 + 0x91 bytesC++ gklayout.dll!GlobalWindowImpl::OpenDialog(nsIDOMWindow * * _retval=0x0012ce04) Line 3394 + 0x37 bytesC++ xpcom_core.dll!XPTC_InvokeByIndex(nsISupports * that=0x00000010, unsigned int methodIndex=1, unsigned int paramCount=1232388, nsXPTCVariant * params=0x0012cd08) Line 102C++ xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2034 + 0x1e bytesC++ xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x01eef000, JSObject * obj=0x01fbd960, unsigned int argc=5, long * argv=0x02daf144, long * vp=0x0012d0d8) Line 1287 + 0xb bytesC++ js3250.dll!js_Invoke(JSContext * cx=0x01eef000, unsigned int argc=5, unsigned int flags=0) Line 1286 + 0x20 bytesC js3250.dll!js_Interpret(JSContext * cx=0x01eef000, long * result=0x0012db24) Line 3619 + 0xf bytesC js3250.dll!js_Invoke(JSContext * cx=0x01eef000, unsigned int argc=1, unsigned int flags=0) Line 1306 + 0xd bytesC js3250.dll!js_Interpret(JSContext * cx=0x01eef000, long * result=0x0012e4ec) Line 3619 + 0xf bytesC js3250.dll!js_Invoke(JSContext * cx=0x01eef000, unsigned int argc=1, unsigned int flags=2) Line 1306 + 0xd bytesC js3250.dll!js_InternalInvoke(JSContext * cx=0x01eef000, JSObject * obj=0x020da0d8, long fval=38645888, unsigned int flags=0, unsigned int argc=1, long * argv=0x0012e768, long * rval=0x0012e770) Line 1383 + 0x14 bytesC js3250.dll!JS_CallFunctionValue(JSContext * cx=0x01eef000, JSObject * obj=0x020da0d8, long fval=38645888, unsigned int argc=1, long * argv=0x0012e768, long * rval=0x0012e770) Line 3767 + 0x1f bytesC gklayout.dll!nsJSContext::CallEventHandler(JSObject * aTarget=0x020da0d8, JSObject * aHandler=0x024db080, unsigned int argc=1, long * argv=0x0012e768, long * rval=0x0012e770) Line 1352 + 0x21 bytesC++ gklayout.dll!nsJSEventListener::HandleEvent(nsIDOMEvent * aEvent=0x02c78b38) Line 175 + 0x2d bytesC++ gklayout.dll!nsEventListenerManager::HandleEventSubType(nsListenerStruct * aListenerStruct=0x02546c50, nsIDOMEvent * aDOMEvent=0x02c78b38, nsIDOMEventTarget * aCurrentTarget=0x02c78ae8, unsigned int aSubType=8, unsigned int aPhaseFlags=7) Line 1520 + 0x16 bytesC++ gklayout.dll!nsEventListenerManager::HandleEvent(nsPresContext * aPresContext=0x024c75d8, nsEvent * aEvent=0x0012edb4, nsIDOMEvent * * aDOMEvent=0x0012eca8, nsIDOMEventTarget * aCurrentTarget=0x02c78ae8, unsigned int aFlags=7, nsEventStatus * aEventStatus=0x0012edb0) Line 1614C++ gklayout.dll!nsXULElement::HandleDOMEvent(nsPresContext * aPresContext=0x024c75d8, nsEvent * aEvent=0x0012edb4, nsIDOMEvent * * aDOMEvent=0x0012eca8, unsigned int aFlags=7, nsEventStatus * aEventStatus=0x0012edb0) Line 2820C++ gklayout.dll!PresShell::HandleDOMEventWithTarget(nsIContent * aTargetContent=0x02546c88, nsEvent * aEvent=0x0012edb4, nsEventStatus * aStatus=0x0012edb0) Line 5996C++ gklayout.dll!nsMenuFrame::Execute(nsGUIEvent * aEvent=0x0012f27c) Line 1622C++ gklayout.dll!nsMenuFrame::HandleEvent(nsPresContext * aPresContext=0x024c75d8, nsGUIEvent * aEvent=0x0012f27c, nsEventStatus * aEventStatus=0x0012f01c) Line 439 + 0xc bytesC++ gklayout.dll!PresShell::HandleEventInternal(nsEvent * aEvent=0x0012f27c, nsIView * aView=0x02c5f990, unsigned int aFlags=1, nsEventStatus * aStatus=0x0012f01c) Line 5961 + 0x29 bytesC++ gklayout.dll!PresShell::HandleEvent(nsIView * aView=0x02c5f990, nsGUIEvent * aEvent=0x0012f27c, nsEventStatus * aEventStatus=0x0012f01c, int aForceHandle=0, int & aHandled=1) Line 5772 + 0x19 bytesC++ gklayout.dll!nsViewManager::HandleEvent(nsView * aView=0x02c8c9f8, nsGUIEvent * aEvent=0x0012f27c, int aCaptured=0) Line 2402C++ gklayout.dll!nsViewManager::DispatchEvent(nsGUIEvent * aEvent=0x0012f27c, nsEventStatus * aStatus=0x0012f150) Line 2127 + 0x14 bytesC++ gklayout.dll!HandleEvent(nsGUIEvent * aEvent=0x0012f27c) Line 174C++ gkwidget.dll!nsWindow::DispatchEvent(nsGUIEvent * event=0x0012f27c, nsEventStatus & aStatus=nsEventStatus_eIgnore) Line 1102 + 0xc bytesC++ gkwidget.dll!nsWindow::DispatchWindowEvent(nsGUIEvent * event=0x0012f27c) Line 1123C++ gkwidget.dll!nsWindow::DispatchMouseEvent(unsigned int aEventType=301, unsigned int wParam=0, nsPoint * aPoint=0x00000000) Line 5385 + 0x17 bytesC++ gkwidget.dll!ChildWindow::DispatchMouseEvent(unsigned int aEventType=301, unsigned int wParam=0, nsPoint * aPoint=0x00000000) Line 5639C++ gkwidget.dll!nsWindow::ProcessMessage(unsigned int msg=514, unsigned int wParam=0, long lParam=16777266, long * aRetValue=0x0012f758) Line 4083 + 0x1e bytesC++ gkwidget.dll!nsWindow::WindowProc(HWND__ * hWnd=0x009205f8, unsigned int msg=514, unsigned int wParam=0, long lParam=16777266) Line 1383 + 0x1d bytesC++ user32.dll!77d48709() user32.dll!77d487eb() user32.dll!77d70494() user32.dll!77d489a5() user32.dll!77d493df() user32.dll!77d70494() user32.dll!77d489e8() gkwidget.dll!nsAppShell::Run() Line 135C++ tkitcmps.dll!nsAppStartup::Run() Line 156C++ firefox.exe!xre_main(int argc=1, char * * argv=0x003e6b10, const nsXREAppData * aAppData=0x00420060) Line 2235 + 0x25 bytesC++ firefox.exe!main(int argc=1, char * * argv=0x003e6b10) Line 60 + 0x12 bytesC++ firefox.exe!mainCRTStartup() Line 524 + 0x19 bytesC kernel32.dll!7c816d4f() kernel32.dll!7c8399f3()
Assignee | ||
Comment 6•20 years ago
|
||
No, I'm wrong. The null value is a primitive type value, so JSVAL_IS_PRIMITIVE will be true, so we won't js_AddRoot and !exnObject will avoid save us from the js_RemoveRoot call. /be
Assignee | ||
Comment 7•20 years ago
|
||
Re: comment 5, that is not related to the failure to remove a GC root bug, but it's interesting (and it *might* be related). Cc'ing jst. /be
Assignee | ||
Comment 8•20 years ago
|
||
> Re: comment 5, that is not related to the failure to remove a GC root bug, but
I meant to write "*probably* not related".
/be
Status: NEW → ASSIGNED
Assignee | ||
Comment 9•20 years ago
|
||
Comment on attachment 168433 [details] [diff] [review] fix This is a fix, no matter what else is bad. /be
Attachment #168433 -
Attachment is obsolete: false
Attachment #168433 -
Flags: review?(shaver)
Attachment #168433 -
Flags: review?(shaver) → review+
Assignee | ||
Comment 10•20 years ago
|
||
Fixed. Still wondering what native getter was being called, that failed, for "lineNumber" on the exception object that was thrown. Perhaps it was an XPConnect wrapped object that had no such attribute or method? /be
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Comment 11•20 years ago
|
||
I've gotten a crash in the 12 December build blocking an iframe at http://www.wunderground.com/US/LA/Baton_Rouge.html Incident ID: 2503500 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a6) Gecko/20041212 Firefox/1.0+
Assignee | ||
Comment 12•20 years ago
|
||
File a new bug. The signature in that talkback: nsEventStateManager::PreHandleEvent [c:/builds/tinderbox/firefox/WINNT_5.0_Clobber/mozilla/content/events/src/nsEventStateManager.cpp, line 801] PresShell::HandleEventInternal [c:/builds/tinderbox/firefox/WINNT_5.0_Clobber/mozilla/layout/base/nsPresShell.cpp, line 5914] has nothing to do with this bug, which is fixed. /be
Comment 13•20 years ago
|
||
fwiw bug 274425 seems to cover that new stack
Updated•19 years ago
|
Flags: testcase-
You need to log in
before you can comment on or make changes to this bug.
Description
•