Closed
Bug 294427
Opened 20 years ago
Closed 7 years ago
crash because !obj->map from dom event handler [@ JS_GetPrivate]
Categories
(Core :: DOM: Events, defect, P5)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: timeless, Unassigned)
Details
(Keywords: crash)
Crash Data
steps:
JS_RUNTIME_SIZE=15
run winembed
visit http://dmoz.org
click various links until http://news.ft.com/... kinda loads
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 5:
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 5296
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 5:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 5:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: http://globalelements.ft.com/Common/Template/CT1.js, line 1:
missing variable name
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/content/xbl/src/nsXBLProtoImpl.cpp, line 122
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/content/xbl/src/nsXBLProtoImpl.cpp, line 83
JavaScript error: , line 0:
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/content/xbl/src/nsXBLProtoImpl.cpp, line 122
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/content/xbl/src/nsXBLProtoImpl.cpp, line 83
JavaScript error: , line 0:
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/content/xbl/src/nsXBLProtoImplMethod.cpp, line 304
JavaScript error: , line 0:
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 1277
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/content/xbl/src/nsXBLProtoImplMethod.cpp, line 304
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 9: missing variable name
JavaScript error: , line 0
JavaScript error: , line 0:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 9: missing variable name
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 11: missing variable name
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 11: missing variable name
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 11: missing variable name
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 11: missing variable name
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 11: missing variable name
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 27: missing variable name
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 33: missing variable name
JavaScript error: , line 0:
JavaScript error: , line 0:
###!!! ASSERTION: bad method name: '0', file
r:/mozilla/js/src/xpconnect/src/xpcwrappednativeinfo.cpp, line 372
JavaScript error: , line 0:
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(result)) failed, file
r:/mozilla/content/events/src/nsEventListenerManager.cpp, line 1430
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
###!!! ASSERTION: Can't initialize DOM class proto.: 'proto', file
r:/mozilla/dom/src/base/nsDOMClassInfo.cpp, line 4327
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1884
WARNING: NS_ENSURE_TRUE(NS_SUCCEEDED(rv)) failed, file
r:/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1588
JavaScript error: http://news.ft.com/comment, line 7:
JavaScript error: http://news.ft.com/comment, line 7:
JavaScript error: http://news.ft.com/comment, line 7:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error: , line 0:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 1:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 1:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 1:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 1:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 1:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 1:
JavaScript error:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/Page/SpecialLevel1&cid=1020498280400/,
line 1: wS is not defined
+ obj 0x016117c8 {map=0x00000000 {nrefs=??? ops=??? nslots=??? ...}
slots=0x01611089 } JSObject *
JS_ASSERT(OBJ_GET_CLASS(cx, obj)->flags & JSCLASS_HAS_PRIVATE);
this tries to use map, map being null is a fatal error here (dom should be to blame)
it comes from
funval 0x016117c8 long
+ eventString {mStorage=0x0012eb28 "mouseout" } nsAutoString
in nsJSEventListener::HandleEvent
js3250.dll!JS_GetPrivate(JSContext * cx=0x015ffb08, JSObject * obj=0x016117c8)
Line 2074 + 0xa C
caps.dll!nsScriptSecurityManager::GetFunctionObjectPrincipal(JSContext *
cx=0x015ffb08, JSObject * obj=0x016117c8, unsigned int * rv=0x0012e984) Line
1895 + 0xe C++
caps.dll!nsScriptSecurityManager::CheckFunctionAccess(JSContext *
aCx=0x015ffb08, void * aFunObj=0x016117c8, void * aTargetObj=0x00a61120) Line
1483 + 0x11 C++
gklayout.dll!nsJSContext::CallEventHandler(JSObject * aTarget=0x00a61120,
JSObject * aHandler=0x016117c8, unsigned int argc=0x00000001, long *
argv=0x0012ebc0, long * rval=0x0012ebc4) Line 1395 + 0x20 C++
gklayout.dll!nsJSEventListener::HandleEvent(nsIDOMEvent * aEvent=0x0311c5a0)
Line 205 + 0x2d C++
gklayout.dll!nsEventListenerManager::HandleEventSubType(nsListenerStruct *
aListenerStruct=0x030d1210, nsIDOMEvent * aDOMEvent=0x0311c5a0,
nsIDOMEventTarget * aCurrentTarget=0x0176ced8, unsigned int aSubType=0x00000020,
unsigned int aPhaseFlags=0x00000007) Line 1557 + 0x14 C++
gklayout.dll!nsEventListenerManager::HandleEvent(nsPresContext *
aPresContext=0x01738818, nsEvent * aEvent=0x0012f140, nsIDOMEvent * *
aDOMEvent=0x0012eee0, nsIDOMEventTarget * aCurrentTarget=0x0176ced8, unsigned
int aFlags=0x00000007, nsEventStatus * aEventStatus=0x0012f13c) Line 1656 C++
gklayout.dll!nsGenericElement::HandleDOMEvent(nsPresContext *
aPresContext=0x01738818, nsEvent * aEvent=0x0012f140, nsIDOMEvent * *
aDOMEvent=0x0012eee0, unsigned int aFlags=0x00000007, nsEventStatus *
aEventStatus=0x0012f13c) Line 2103 C++
gklayout.dll!nsGenericHTMLElement::HandleDOMEventForAnchors(nsPresContext *
aPresContext=0x01738818, nsEvent * aEvent=0x0012f140, nsIDOMEvent * *
aDOMEvent=0x00000000, unsigned int aFlags=0x00000001, nsEventStatus *
aEventStatus=0x0012f13c) Line 1461 + 0x1f C++
gklayout.dll!nsHTMLAnchorElement::HandleDOMEvent(nsPresContext *
aPresContext=0x01738818, nsEvent * aEvent=0x0012f140, nsIDOMEvent * *
aDOMEvent=0x00000000, unsigned int aFlags=0x00000001, nsEventStatus *
aEventStatus=0x0012f13c) Line 287 C++
> gklayout.dll!nsEventStateManager::DispatchMouseEvent(nsGUIEvent *
aEvent=0x0012f8b8, unsigned int aMessage=0x0000014c, nsIContent *
aTargetContent=0x030d11b8, nsIContent * aRelatedContent=0x0179d098) Line 2513 C++
gklayout.dll!nsEventStateManager::NotifyMouseOut(nsGUIEvent *
aEvent=0x0012f8b8, nsIContent * aMovingInto=0x0179d098) Line 2576 C++
gklayout.dll!nsEventStateManager::NotifyMouseOver(nsGUIEvent *
aEvent=0x0012f8b8, nsIContent * aContent=0x0179d098) Line 2621 C++
gklayout.dll!nsEventStateManager::GenerateMouseEnterExit(nsGUIEvent *
aEvent=0x0012f8b8) Line 2660 C++
gklayout.dll!nsEventStateManager::PreHandleEvent(nsPresContext *
aPresContext=0x01738818, nsEvent * aEvent=0x0012f8b8, nsIFrame *
aTargetFrame=0x03191624, nsEventStatus * aStatus=0x0012f64c, nsIView *
aView=0x030f7428) Line 479 C++
gklayout.dll!PresShell::HandleEventInternal(nsEvent * aEvent=0x0012f8b8,
nsIView * aView=0x030f7428, unsigned int aFlags=0x00000001, nsEventStatus *
aStatus=0x0012f64c) Line 6289 + 0x34 C++
gklayout.dll!PresShell::HandleEvent(nsIView * aView=0x030f7428, nsGUIEvent *
aEvent=0x0012f8b8, nsEventStatus * aEventStatus=0x0012f64c, int
aForceHandle=0x00000000, int & aHandled=0x00000001) Line 6142 + 0x19 C++
gklayout.dll!nsViewManager::HandleEvent(nsView * aView=0x031320f0, nsGUIEvent
* aEvent=0x0012f8b8, int aCaptured=0x00000000) Line 2506 C++
gklayout.dll!nsViewManager::DispatchEvent(nsGUIEvent * aEvent=0x0012f8b8,
nsEventStatus * aStatus=0x0012f794) Line 2228 + 0x14 C++
gklayout.dll!HandleEvent(nsGUIEvent * aEvent=0x0012f8b8) Line 174 C++
gkwidget.dll!nsWindow::DispatchEvent(nsGUIEvent * event=0x0012f8b8,
nsEventStatus & aStatus=nsEventStatus_eIgnore) Line 1181 + 0xa C++
gkwidget.dll!nsWindow::DispatchWindowEvent(nsGUIEvent * event=0x0012f8b8)
Line 1202 C++
gkwidget.dll!nsWindow::DispatchMouseEvent(unsigned int aEventType=0x0000012c,
unsigned int wParam=0x00000000, nsPoint * aPoint=0x00000000) Line 5903 + 0x15 C++
gkwidget.dll!ChildWindow::DispatchMouseEvent(unsigned int
aEventType=0x0000012c, unsigned int wParam=0x00000000, nsPoint *
aPoint=0x00000000) Line 6159 C++
gkwidget.dll!nsWindow::ProcessMessage(unsigned int msg=0x00000200, unsigned
int wParam=0x00000000, long lParam=0x01210041, long * aRetValue=0x0012fd8c)
Line 4533 + 0x1c C++
gkwidget.dll!nsWindow::WindowProc(HWND__ * hWnd=0x00190392, unsigned int
msg=0x00000200, unsigned int wParam=0x00000000, long lParam=0x01210041) Line
1473 + 0x1b C++
user32.dll!_InternalCallWinProc@20() + 0x28
user32.dll!_UserCallWinProcCheckWow@32() + 0xb7
user32.dll!_DispatchMessageWorker@8() + 0xdc
user32.dll!_DispatchMessageA@4() + 0xf
winEmbed.exe!AppCallbacks::RunEventLoop(int & aRunCondition=0x00000001)
Line 1198 C++
winEmbed.exe!main(int argc=0x00000001, char * * argv=0x003d7b80) Line 188 +
0x9 C++
winEmbed.exe!mainCRTStartup() Line 398 + 0x11 C
kernel32.dll!_BaseProcessStart@4() + 0x23
my guess, but i'm having a hard time proving it tonight is that
CompileEventHandler is failing to root its object, but i can't find any logical
path to this point.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
|
||
Updated•16 years ago
|
Assignee: events → nobody
QA Contact: ian → events
|
Assignee | |
Updated•14 years ago
|
Crash Signature: [@ JS_GetPrivate]
|
||
Comment 2•7 years ago
|
||
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•