Closed Bug 294846 Opened 19 years ago Closed 19 years ago

misplaced null checks in NS_ScriptErrorReporter

Categories

(Core :: DOM: Core & HTML, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

Details

Attachments

(2 obsolete files)

bug 220603 introduced a new way to crash for a certain error path:
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/dom/src/base/nsJSEnvironment.cpp&rev=1.203&mark=180,194,162-166,230-236#177

as it happens, we were already crashing:
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/dom/src/base/nsJSEnvironment.cpp&rev=1.84&mark=131,133,135,137,103-110,147-158#127

since the code for the most part tries fairly hard to handle the case where
there's no report, i'd like to fix it to actually work.
the oom path i followed to notice these problems:

	report->errorNumber	0x00000089	unsigned int
(JSMSG_OUT_OF_MEMORY)

>	gklayout.dll!NS_ScriptErrorReporter(JSContext * cx=0x019b49f8, const
char * message=0x012d9d5c, JSErrorReport * report=0x0012e834)  Line 250    C++
	js3250.dll!js_ReportOutOfMemory(JSContext * cx=0x019b49f8, const
JSErrorFormatString * (void *, const char *, const unsigned int)*
callback=0x011f1e97)  Line 746 + 0xf C
	js3250.dll!JS_ReportOutOfMemory(JSContext * cx=0x019b49f8)  Line 4211 +
0xe	C
	js3250.dll!js_NewGCThing(JSContext * cx=0x019b49f8, unsigned int
flags=0x00000000, unsigned int nbytes=0x00000008)  Line 719 + 0x9      C
	js3250.dll!js_NewObject(JSContext * cx=0x019b49f8, JSClass *
clasp=0x012e0c58, JSObject * proto=0x01831168, JSObject * parent=0x01831160) 
Line 1880 + 0xd      C
	js3250.dll!js_NewFunction(JSContext * cx=0x019b49f8, JSObject *
funobj=0x00000000, int (JSContext *, JSObject *, unsigned int, long *, long *)*
native=0x0129d690, unsigned int nargs=0x00000001, unsigned int
flags=0x00000000, JSObject * parent=0x01831160, JSAtom * atom=0x010e1600)  Line
1934 + 0x14	 C
	js3250.dll!js_DefineFunction(JSContext * cx=0x019b49f8, JSObject *
obj=0x01831160, JSAtom * atom=0x010e1600, int (JSContext *, JSObject *,
unsigned int, long *, long *)* native=0x0129d690, unsigned int
nargs=0x00000001, unsigned int attrs=0x00000000)  Line 1996 + 0x1f    C
	js3250.dll!JS_DefineFunction(JSContext * cx=0x019b49f8, JSObject *
obj=0x01831160, const char * name=0x012c689c, int (JSContext *, JSObject *,
unsigned int, long *, long *)* call=0x0129d690, unsigned int nargs=0x00000001,
unsigned int attrs=0x00000000)	Line 3233 + 0x1d  C
	js3250.dll!JS_DefineFunctions(JSContext * cx=0x019b49f8, JSObject *
obj=0x01831160, JSFunctionSpec * fs=0x012fa4b8)  Line 3215 + 0x2a   C
	js3250.dll!js_InitStringClass(JSContext * cx=0x019b49f8, JSObject *
obj=0x01831160)  Line 2440 + 0x12   C
	js3250.dll!JS_ResolveStandardClass(JSContext * cx=0x019b49f8, JSObject
* obj=0x01831160, long id=0x0106c4bc, int * resolved=0x0012eb90)  Line 1424 +
0xb	   C
	gklayout.dll!nsWindowSH::NewResolve(nsIXPConnectWrappedNative *
wrapper=0x03a98d38, JSContext * cx=0x019b49f8, JSObject * obj=0x01831160, long
id=0x0106c4bc, unsigned int flags=0x00000010, JSObject * * objp=0x0012ecb8, int
* _retval=0x0012ec3c)  Line 5129 + 0x16  C++
	xpc3250.dll!XPC_WN_Helper_NewResolve(JSContext * cx=0x019b49f8,
JSObject * obj=0x01831160, long idval=0x0106c4bc, unsigned int
flags=0x00000010, JSObject * * objp=0x0012ed38)  Line 951 + 0x45 C++
	js3250.dll!js_LookupPropertyWithFlags(JSContext * cx=0x019b49f8,
JSObject * obj=0x01831160, long id=0x01079868, unsigned int flags=0x00000010,
JSObject * * objp=0x0012ed8c, JSProperty * * propp=0x0012ed80)	Line 2524 +
0x4c C
	js3250.dll!js_FindConstructor(JSContext * cx=0x019b49f8, JSObject *
start=0x00000000, const char * name=0x012c50b4, long * vp=0x0012edbc)  Line
1984 + 0x1b	C
	js3250.dll!GetClassPrototype(JSContext * cx=0x019b49f8, JSObject *
scope=0x00000000, const char * name=0x012c50b4, JSObject * * protop=0x0012ee20)
 Line 3625 + 0x15    C
	js3250.dll!js_NewObject(JSContext * cx=0x019b49f8, JSClass *
clasp=0x012fa528, JSObject * proto=0x00000000, JSObject * parent=0x00000000) 
Line 1864 + 0x17     C
	js3250.dll!js_StringToObject(JSContext * cx=0x019b49f8, JSString *
str=0x01830838)  Line 2667 + 0x12    C
	js3250.dll!js_ValueToObject(JSContext * cx=0x019b49f8, long
v=0x0183083c, JSObject * * objp=0x0012ee6c)  Line 3686 + 0x10	    C
	js3250.dll!js_ValueToNonNullObject(JSContext * cx=0x019b49f8, long
v=0x0183083c)  Line 3708 + 0x11      C
	js3250.dll!js_Interpret(JSContext * cx=0x019b49f8, unsigned char *
pc=0x019a1c5d, long * result=0x0012f7f0)  Line 3437 + 0x7e   C
	js3250.dll!js_Execute(JSContext * cx=0x019b49f8, JSObject *
chain=0x01831160, JSScript * script=0x019a1bb8, JSStackFrame * down=0x00000000,
unsigned int flags=0x00000000, long * result=0x0012f8f8)  Line 1550 + 0x13  C
	js3250.dll!JS_EvaluateUCScriptForPrincipals(JSContext * cx=0x019b49f8,
JSObject * obj=0x01831160, JSPrincipals * principals=0x01967c24, const unsigned
short * chars=0x019a1080, unsigned int length=0x0000055e, const char *
filename=0x019abf98, unsigned int lineno=0x00000001, long * rval=0x0012f8f8) 
Line 3813 + 0x19    C
	gklayout.dll!nsJSContext::EvaluateString(const nsAString &
aScript={...}, void * aScopeObject=0x01831160, nsIPrincipal *
aPrincipal=0x01967c20, const char * aURL=0x019abf98, unsigned int
aLineNo=0x00000001, const char * aVersion=0x012c5854, nsAString *
aRetValue=0x00000000, int * aIsUndefined=0x0012f9c8)  Line 1038 + 0x43	   C++
	gklayout.dll!nsScriptLoader::EvaluateScript(nsScriptLoadRequest *
aRequest=0x019abe48, const nsString & aScript={...})  Line 723	      C++
	gklayout.dll!nsScriptLoader::ProcessRequest(nsScriptLoadRequest *
aRequest=0x019abe48)  Line 629 + 0x13 C++
	gklayout.dll!nsScriptLoader::OnStreamComplete(nsIStreamLoader *
aLoader=0x03ae68c8, nsISupports * aContext=0x019abe48, unsigned int
aStatus=0x00000000, unsigned int stringLen=0xffffffff, const unsigned char *
string=0x03a74627)  Line 975   C++
	necko.dll!nsStreamLoader::OnStopRequest(nsIRequest *
request=0x03ae61a8, nsISupports * ctxt=0x019abe48, unsigned int
aStatus=0x00000000)  Line 137	   C++
	necko.dll!nsStreamListenerTee::OnStopRequest(nsIRequest *
request=0x03ae61a8, nsISupports * context=0x019abe48, unsigned int
status=0x00000000)  Line 66	   C++
	necko.dll!nsHttpChannel::OnStopRequest(nsIRequest * request=0x03a73f70,
nsISupports * ctxt=0x00000000, unsigned int status=0x00000000)	Line 3825      
C++
	necko.dll!nsInputStreamPump::OnStateStop()  Line 507	C++
	necko.dll!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream *
stream=0x03a73d18)  Line 343 + 0xb	  C++
	xpcom_core.dll!nsInputStreamReadyEvent::EventHandler(PLEvent *
plevent=0x03a7405c)  Line 120	 C++
	xpcom_core.dll!PL_HandleEvent(PLEvent * self=0x03a7405c)  Line 698 +
0xa	   C
	xpcom_core.dll!PL_ProcessPendingEvents(PLEventQueue * self=0x010e85d0) 
Line 633 + 0x9	C
	xpcom_core.dll!_md_EventReceiverProc(HWND__ * hwnd=0x000c108a, unsigned
int uMsg=0x0000c118, unsigned int wParam=0x00000000, long lParam=0x010e85d0) 
Line 1435 + 0x9   C
	user32.dll!_InternalCallWinProc@20()  + 0x28	
	user32.dll!_UserCallWinProcCheckWow@32()  + 0xb7	
	user32.dll!_DispatchMessageWorker@8()  + 0xdc	
	user32.dll!_DispatchMessageA@4()  + 0xf 
	mfc71d.dll!AfxInternalPumpMessage()  Line 188	C++
	mfc71d.dll!CWinThread::PumpMessage()  Line 916	C++
	mfc71d.dll!CWinThread::Run()  Line 637 + 0xb	C++
	mfc71d.dll!CWinApp::Run()  Line 701	C++
	mfc71d.dll!AfxWinMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ *
hPrevInstance=0x00000000, char * lpCmdLine=0x00142384, int nCmdShow=0x0000000a)
 Line 49 + 0xb	C++
	mfcembed.exe!WinMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ *
hPrevInstance=0x00000000, char * lpCmdLine=0x00142384, int nCmdShow=0x0000000a)
 Line 25 C++
	mfcembed.exe!WinMainCRTStartup()  Line 390 + 0x39	C
	kernel32.dll!_BaseProcessStart@4()  + 0x23
Attachment #184055 - Flags: superreview?(jst)
Attachment #184055 - Flags: review?(jst)
Attachment #184055 - Flags: superreview?(jst)
Attachment #184055 - Flags: review?(jst)
Attachment #184055 - Attachment is obsolete: true
Attachment #184643 - Flags: superreview?(jst)
Attachment #184643 - Flags: review?(jst)
Comment on attachment 184643 [details] [diff] [review]
rearrange null checks and don't try to send a dom error for OOM - include a definition of OOM...

r+sr=jst, but please add a comment regarding why we don't want to report OOM
error messages to the console.
Attachment #184643 - Flags: superreview?(jst)
Attachment #184643 - Flags: superreview+
Attachment #184643 - Flags: review?(jst)
Attachment #184643 - Flags: review+
the dom and jsconsole paths can never work because the act of trying to report
to these targets involves js (and creating a couple of js objects), when you're
out of memory (generally this is a spidermonkey controlled resource and not real
os vm), that js fails which triggers a new asynchronous error report. the result
is amusing, you lose all your cpu to continuous attempts at reporting oom. you
also lose any evidence of the original problems as your 250 element
consoleservice buffer is *very* quickly wiped. note that you don't get stack
overflow because the dispatch to consolelisteners is async.

but what you don't get is an actual exception which anyone in js can possibly
handle usefully.

i will include a note akin to this in the code too.
Status: NEW → ASSIGNED
Attachment #184643 - Flags: approval1.8b3?
Attachment #184643 - Flags: approval1.8b3? → approval1.8b3+
Comment on attachment 184643 [details] [diff] [review]
rearrange null checks and don't try to send a dom error for OOM - include a definition of OOM...

mozilla/dom/src/base/nsJSEnvironment.cpp	1.250
Attachment #184643 - Attachment is obsolete: true
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: