Closed
Bug 294427
Opened 20 years ago
Closed 6 years ago
crash because !obj->map from dom event handler [@ JS_GetPrivate]
Categories
(Core :: DOM: Events, defect, P5)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: timeless, Unassigned)
Details
(Keywords: crash)
Crash Data
steps: JS_RUNTIME_SIZE=15 run winembed visit http://dmoz.org click various links until http://news.ft.com/... kinda loads JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 5: WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277 WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 5296 JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 5: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 5: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: http://globalelements.ft.com/Common/Template/CT1.js, line 1: missing variable name JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277 WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277 WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/content/xbl/src/nsXBLProtoImpl.cpp, line 122 WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/content/xbl/src/nsXBLProtoImpl.cpp, line 83 JavaScript error: , line 0: WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277 WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277 WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/content/xbl/src/nsXBLProtoImpl.cpp, line 122 WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/content/xbl/src/nsXBLProtoImpl.cpp, line 83 JavaScript error: , line 0: WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277 WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277 WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/content/xbl/src/nsXBLProtoImplMethod.cpp, line 304 JavaScript error: , line 0: WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277 WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277 WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/content/xbl/src/nsXBLProtoImplMethod.cpp, line 304 JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 9: missing variable name JavaScript error: , line 0 JavaScript error: , line 0: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 9: missing variable name JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 11: missing variable name JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 11: missing variable name JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 11: missing variable name JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 11: missing variable name JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 11: missing variable name JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 27: missing variable name JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 33: missing variable name JavaScript error: , line 0: JavaScript error: , line 0: ###!!! ASSERTION: bad method name: '0', file r:/mozilla/js/src/xpconnect/src/xpcwrappednativeinfo.cpp, line 372 JavaScript error: , line 0: WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(result)) failed, file r:/mozilla/content/events/src/nsEventListenerManager.cpp, line 1430 JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: ###!!! ASSERTION: Can't initialize DOM class proto.: 'proto', file r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 4327 WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1884 WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file r:/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1588 JavaScript error: http://news.ft.com/comment, line 7: JavaScript error: http://news.ft.com/comment, line 7: JavaScript error: http://news.ft.com/comment, line 7: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: , line 0: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 1: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 1: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 1: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 1: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 1: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 1: JavaScript error: http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/, line 1: wS is not defined + obj 0x016117c8 {map=0x00000000 {nrefs=??? ops=??? nslots=??? ...} slots=0x01611089 } JSObject * JS_ASSERT(OBJ_GET_CLASS(cx, obj)->flags & JSCLASS_HAS_PRIVATE); this tries to use map, map being null is a fatal error here (dom should be to blame) it comes from funval 0x016117c8 long + eventString {mStorage=0x0012eb28 "mouseout" } nsAutoString in nsJSEventListener::HandleEvent js3250.dll!JS_GetPrivate(JSContext * cx=0x015ffb08, JSObject * obj=0x016117c8) Line 2074 + 0xa C caps.dll!nsScriptSecurityManager::GetFunctionObjectPrincipal(JSContext * cx=0x015ffb08, JSObject * obj=0x016117c8, unsigned int * rv=0x0012e984) Line 1895 + 0xe C++ caps.dll!nsScriptSecurityManager::CheckFunctionAccess(JSContext * aCx=0x015ffb08, void * aFunObj=0x016117c8, void * aTargetObj=0x00a61120) Line 1483 + 0x11 C++ gklayout.dll!nsJSContext::CallEventHandler(JSObject * aTarget=0x00a61120, JSObject * aHandler=0x016117c8, unsigned int argc=0x00000001, long * argv=0x0012ebc0, long * rval=0x0012ebc4) Line 1395 + 0x20 C++ gklayout.dll!nsJSEventListener::HandleEvent(nsIDOMEvent * aEvent=0x0311c5a0) Line 205 + 0x2d C++ gklayout.dll!nsEventListenerManager::HandleEventSubType(nsListenerStruct * aListenerStruct=0x030d1210, nsIDOMEvent * aDOMEvent=0x0311c5a0, nsIDOMEventTarget * aCurrentTarget=0x0176ced8, unsigned int aSubType=0x00000020, unsigned int aPhaseFlags=0x00000007) Line 1557 + 0x14 C++ gklayout.dll!nsEventListenerManager::HandleEvent(nsPresContext * aPresContext=0x01738818, nsEvent * aEvent=0x0012f140, nsIDOMEvent * * aDOMEvent=0x0012eee0, nsIDOMEventTarget * aCurrentTarget=0x0176ced8, unsigned int aFlags=0x00000007, nsEventStatus * aEventStatus=0x0012f13c) Line 1656 C++ gklayout.dll!nsGenericElement::HandleDOMEvent(nsPresContext * aPresContext=0x01738818, nsEvent * aEvent=0x0012f140, nsIDOMEvent * * aDOMEvent=0x0012eee0, unsigned int aFlags=0x00000007, nsEventStatus * aEventStatus=0x0012f13c) Line 2103 C++ gklayout.dll!nsGenericHTMLElement::HandleDOMEventForAnchors(nsPresContext * aPresContext=0x01738818, nsEvent * aEvent=0x0012f140, nsIDOMEvent * * aDOMEvent=0x00000000, unsigned int aFlags=0x00000001, nsEventStatus * aEventStatus=0x0012f13c) Line 1461 + 0x1f C++ gklayout.dll!nsHTMLAnchorElement::HandleDOMEvent(nsPresContext * aPresContext=0x01738818, nsEvent * aEvent=0x0012f140, nsIDOMEvent * * aDOMEvent=0x00000000, unsigned int aFlags=0x00000001, nsEventStatus * aEventStatus=0x0012f13c) Line 287 C++ > gklayout.dll!nsEventStateManager::DispatchMouseEvent(nsGUIEvent * aEvent=0x0012f8b8, unsigned int aMessage=0x0000014c, nsIContent * aTargetContent=0x030d11b8, nsIContent * aRelatedContent=0x0179d098) Line 2513 C++ gklayout.dll!nsEventStateManager::NotifyMouseOut(nsGUIEvent * aEvent=0x0012f8b8, nsIContent * aMovingInto=0x0179d098) Line 2576 C++ gklayout.dll!nsEventStateManager::NotifyMouseOver(nsGUIEvent * aEvent=0x0012f8b8, nsIContent * aContent=0x0179d098) Line 2621 C++ gklayout.dll!nsEventStateManager::GenerateMouseEnterExit(nsGUIEvent * aEvent=0x0012f8b8) Line 2660 C++ gklayout.dll!nsEventStateManager::PreHandleEvent(nsPresContext * aPresContext=0x01738818, nsEvent * aEvent=0x0012f8b8, nsIFrame * aTargetFrame=0x03191624, nsEventStatus * aStatus=0x0012f64c, nsIView * aView=0x030f7428) Line 479 C++ gklayout.dll!PresShell::HandleEventInternal(nsEvent * aEvent=0x0012f8b8, nsIView * aView=0x030f7428, unsigned int aFlags=0x00000001, nsEventStatus * aStatus=0x0012f64c) Line 6289 + 0x34 C++ gklayout.dll!PresShell::HandleEvent(nsIView * aView=0x030f7428, nsGUIEvent * aEvent=0x0012f8b8, nsEventStatus * aEventStatus=0x0012f64c, int aForceHandle=0x00000000, int & aHandled=0x00000001) Line 6142 + 0x19 C++ gklayout.dll!nsViewManager::HandleEvent(nsView * aView=0x031320f0, nsGUIEvent * aEvent=0x0012f8b8, int aCaptured=0x00000000) Line 2506 C++ gklayout.dll!nsViewManager::DispatchEvent(nsGUIEvent * aEvent=0x0012f8b8, nsEventStatus * aStatus=0x0012f794) Line 2228 + 0x14 C++ gklayout.dll!HandleEvent(nsGUIEvent * aEvent=0x0012f8b8) Line 174 C++ gkwidget.dll!nsWindow::DispatchEvent(nsGUIEvent * event=0x0012f8b8, nsEventStatus & aStatus=nsEventStatus_eIgnore) Line 1181 + 0xa C++ gkwidget.dll!nsWindow::DispatchWindowEvent(nsGUIEvent * event=0x0012f8b8) Line 1202 C++ gkwidget.dll!nsWindow::DispatchMouseEvent(unsigned int aEventType=0x0000012c, unsigned int wParam=0x00000000, nsPoint * aPoint=0x00000000) Line 5903 + 0x15 C++ gkwidget.dll!ChildWindow::DispatchMouseEvent(unsigned int aEventType=0x0000012c, unsigned int wParam=0x00000000, nsPoint * aPoint=0x00000000) Line 6159 C++ gkwidget.dll!nsWindow::ProcessMessage(unsigned int msg=0x00000200, unsigned int wParam=0x00000000, long lParam=0x01210041, long * aRetValue=0x0012fd8c) Line 4533 + 0x1c C++ gkwidget.dll!nsWindow::WindowProc(HWND__ * hWnd=0x00190392, unsigned int msg=0x00000200, unsigned int wParam=0x00000000, long lParam=0x01210041) Line 1473 + 0x1b C++ user32.dll!_InternalCallWinProc@20() + 0x28 user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 user32.dll!_DispatchMessageWorker@8() + 0xdc user32.dll!_DispatchMessageA@4() + 0xf winEmbed.exe!AppCallbacks::RunEventLoop(int & aRunCondition=0x00000001) Line 1198 C++ winEmbed.exe!main(int argc=0x00000001, char * * argv=0x003d7b80) Line 188 + 0x9 C++ winEmbed.exe!mainCRTStartup() Line 398 + 0x11 C kernel32.dll!_BaseProcessStart@4() + 0x23
my guess, but i'm having a hard time proving it tonight is that CompileEventHandler is failing to root its object, but i can't find any logical path to this point.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
|
||
Updated•15 years ago
|
Assignee: events → nobody
QA Contact: ian → events
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@ JS_GetPrivate]
|
||
Comment 2•6 years ago
|
||
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•