Closed Bug 292588 Opened 15 years ago Closed 15 years ago

shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess]

Categories

(Core :: Security: CAPS, defect, critical)

x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

Details

(Keywords: crash)

Crash Data

Attachments

(1 obsolete file)

I've changed caps to be a well behaved module (not holding onto other modules 
past the xpcom shutdown notification message). i don't think that change is 
required for this problem, since i think caps could just has easily have been 
unloaded before this js module.

+	message	0x01a3c168 "log is not defined"	const char *

+	sXPConnect	0x00000000	nsIXPConnect *
      sXPConnect->GetWrappedNativeOfJSObject(cx, obj, getter_AddRefs(wrapper));

>	caps.dll!nsScriptSecurityManager::CheckObjectAccess(JSContext * 
cx=0x00ab01a8, JSObject * obj=0x018b75e0, long id=0x00ab14e4, JSAccessMode 
mode=JSACC_READ, long * vp=0x0012f908)  Line 466 + 0xb	C++
 	js3250.dll!InitExceptionObject(JSContext * cx=0x00ab01a8, JSObject * 
obj=0x00b635d0, JSString * message=0x00ac76b8, JSString * filename=0x00ac76d4, 
unsigned int lineno=0x0000063c)  Line 429 + 0x15	C
 	js3250.dll!js_ErrorToException(JSContext * cx=0x00b635d8, const char * 
message=0x01a3c168, JSErrorReport * reportp=0x0012f96c)  Line 1016 + 0xf
	C
 	js3250.dll!ReportError(JSContext * cx=0x00b4e044, const char * 
message=0x01a3c168, JSErrorReport * reportp=0x000b0023)  Line 685 + 0xb	C
 	js3250.dll!js_ReportErrorNumberVA(JSContext * cx=0x00ab01a8, unsigned 
int flags=0x01a3c168, const JSErrorFormatString * (void *, const char *, const 
unsigned int)* callback=0x1000b7ed, void * userRef=0x00000000, const unsigned 
int errorNumber=0x00000001, int charArgs=0x00000001, char * ap=0x0012f9d4)  
Line 983	C
 	js3250.dll!JS_ReportErrorNumber(JSContext * cx=0x00ab01a8, const 
JSErrorFormatString * (void *, const char *, const unsigned int)* 
errorCallback=0x1000b7ed, void * userRef=0x00000000, const unsigned int 
errorNumber=0x00000001, ...)  Line 4150 + 0x19	C
 	js3250.dll!js_ReportIsNotDefined(JSContext * cx=0x00ab01a8, const char 
* name=0x018e0878)  Line 1031 + 0x16	C
 	js3250.dll!js_Interpret(JSContext * cx=0x00b8f800, unsigned char * 
pc=0x00000042, long * result=0x00000042)  Line 5136 + 0x9	C
 	js3250.dll!js_Invoke(JSContext * cx=0x00b8f800, unsigned int 
argc=0x00000042, unsigned int flags=0x00000042)  Line 1340 + 0xc	C
 	xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * 
wrapper=0x00ac76b8, unsigned short methodIndex=0xf800, const nsXPTMethodInfo * 
info=0x00000042, nsXPTCMiniVariant * nativeParams=0x00000042)  Line 1413 + 0x10
	C++
 	xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short 
methodIndex=0x0006, const nsXPTMethodInfo * info=0x00b2cf10, nsXPTCMiniVariant 
* params=0x0012fd94)  Line 450	C++
 	xpcom_core.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x0189f7f0, 
unsigned int methodIndex=0x00000006, unsigned int * args=0x0012fe50, unsigned 
int * stackBytesToPop=0x0012fe40)  Line 117 + 0x12	C++
 	xpcom_core.dll!SharedStub()  Line 147	C++
 	xpc3250.dll!UnloadAndReleaseModules(PLHashEntry * he=0x0189f888, int 
i=0x00000007, void * arg=0x003dd2f8)  Line 354	C++
 	plds4.dll!PL_HashTableEnumerateEntries(PLHashTable * ht=0x00b200a0, int 
(PLHashEntry *, int, void *)* f=0x00bb7b5e, void * arg=0x003dd2f8)  Line 432 + 
0xb	C
 	xpc3250.dll!mozJSComponentLoader::UnloadAll(int aWhen=0x00000003)  Line 
1129	C++
 	xpcom_core.dll!nsComponentManagerImpl::UnloadLibraries
(nsIServiceManager * serviceMgr=0x00000000, int aWhen=0x00000003)  Line 3126
	C++
 	xpcom_core.dll!nsComponentManagerImpl::Shutdown()  Line 901	C++
 	xpcom_core.dll!NS_ShutdownXPCOM_P(nsIServiceManager * 
servMgr=0x00000000)  Line 825 + 0x5	C++
 	xpcshell.exe!main(int argc=0x00000001, char * * argv=0x003d5b30, char * 
* envp=0x003d2ed0)  Line 1697	C++
 	xpcshell.exe!mainCRTStartup()  Line 398 + 0xe	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x23	

possible fixes:
0. caps should really fix the checkAccessOp when it shuts down so that js 
doesn't call it !!
1. make tiers for module shutdown (and stick caps after xpconnect implemented 
modules)
2. make caps first check for chrome privs before wasting cycles checking for 
sameorigin and related stuff.
This ties in to my 1.9-timeframe plans to make xpconnect shutdown properly:
basically, my plan is to have an extra "xpcom-loader-shutdown" after
"xpcom-shutdown", so that xpconnect can shut down after all of the modules have
shutdown. Perhaps CAPS can be told to watch the later topic instead of the
earlier one.
Assignee: dveditz → timeless
Status: UNCONFIRMED → ASSIGNED
Attachment #183507 - Flags: superreview?(jst)
Attachment #183507 - Flags: review?(dveditz)
Comment on attachment 183507 [details] [diff] [review]
store the runtime, unset the callback at shutdown

r=dveditz
Attachment #183507 - Flags: review?(dveditz) → review+
Comment on attachment 183507 [details] [diff] [review]
store the runtime, unset the callback at shutdown

sr=jst
Attachment #183507 - Flags: superreview?(jst) → superreview+
Attachment #183507 - Flags: approval1.8b3?
Attachment #183507 - Flags: approval1.8b3? → approval1.8b3+
Comment on attachment 183507 [details] [diff] [review]
store the runtime, unset the callback at shutdown

mozilla/caps/src/nsScriptSecurityManager.cpp	1.260
mozilla/caps/include/nsScriptSecurityManager.h	1.89
Attachment #183507 - Attachment is obsolete: true
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Crash Signature: [@ nsScriptSecurityManager::CheckObjectAccess]
You need to log in before you can comment on or make changes to this bug.