Closed
Bug 301097
Opened 19 years ago
Closed 15 years ago
Crash [@ JS_GetPrivate] line 1813
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: bc, Unassigned)
References
()
Details
(Keywords: crash, top100)
Crash Data
Found during testing a debug Firefox 1.0.6 using Spider, not a new bug though however looks fairly common in talkback. Could not reproduce on the trunk. Very similar stack to bug 269568, bug 269472 JS_GetPrivate(JSContext * 0x02c9d9d8, JSObject * 0xc04d8b00) line 1998 + 3 bytes nsScriptSecurityManager::GetFunctionObjectPrincipal(JSContext * 0x02c9d9d8, JSObject * 0xc04d8b00, JSStackFrame * 0x0012f02c, nsIPrincipal * * 0x0012ed6c) line 1813 + 14 bytes nsScriptSecurityManager::GetFramePrincipal(JSContext * 0x02c9d9d8, JSStackFrame * 0x0012f02c, nsIPrincipal * * 0x0012ed6c) line 1874 + 24 bytes nsScriptSecurityManager::GetPrincipalAndFrame(JSContext * 0x02c9d9d8, nsIPrincipal * * 0x0012ed6c, JSStackFrame * * 0x0012ed2c) line 1898 + 20 bytes nsScriptSecurityManager::GetSubjectPrincipal(JSContext * 0x02c9d9d8, nsIPrincipal * * 0x0012ed6c) line 1938 nsScriptSecurityManager::GetSubjectPrincipal(nsScriptSecurityManager * const 0x00f2a9d0, nsIPrincipal * * 0x0012ed6c) line 1601 nsScriptSecurityManager::SubjectPrincipalIsSystem(nsScriptSecurityManager * const 0x00f2a9d0, int * 0x0012ed80) line 1634 + 36 bytes nsContentUtils::IsCallerChrome() line 920 + 21 bytes PresShell::HandleEventInternal(nsEvent * 0x0012f07c, nsIView * 0x024ec760, unsigned int 1, nsEventStatus * 0x0012ef28) line 6027 + 5 bytes PresShell::HandleEvent(PresShell * const 0x024ece4c, nsIView * 0x024ec760, nsGUIEvent * 0x0012f07c, nsEventStatus * 0x0012ef28, int 1, int & 1) line 5921 + 25 bytes nsViewManager::HandleEvent(nsView * 0x024ec760, nsGUIEvent * 0x0012f07c, int 0) line 2275 nsViewManager::DispatchEvent(nsViewManager * const 0x024ec590, nsGUIEvent * 0x0012f07c, nsEventStatus * 0x0012f078) line 2061 + 20 bytes GlobalWindowImpl::Deactivate(GlobalWindowImpl * const 0x024190c4) line 4678 nsWebShellWindow::HandleEvent(nsGUIEvent * 0x0012f234) line 567 nsWindow::DispatchEvent(nsWindow * const 0x0239604c, nsGUIEvent * 0x0012f234, nsEventStatus & nsEventStatus_eIgnore) line 1067 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f234) line 1088 nsWindow::DispatchFocus(unsigned int 108, int 0) line 5451 + 15 bytes nsWindow::ProcessMessage(unsigned int 8, unsigned int 0, long 0, long * 0x0012f698) line 4214 + 23 bytes nsWindow::WindowProc(HWND__ * 0x0165023a, unsigned int 8, unsigned int 0, long 0) line 1349 + 27 bytes USER32! 77d48734() USER32! 77d48816() USER32! 77d4b4c0() USER32! 77d4b50c() NTDLL! 7c90eae3() USER32! 77d49402() PeekKeyAndIMEMessage(tagMSG * 0x0012f8d4 {msg=0x00000113 wp=0x000073d9 lp=0x60d46a20}, HWND__ * 0x00000000) line 90 + 24 bytes nsAppShell::Run(nsAppShell * const 0x00eb1b30) line 128 + 11 bytes nsAppShellService::Run(nsAppShellService * const 0x00eb1880) line 495 xre_main(int 5, char * * 0x003e7708, const nsXREAppData * 0x0041e01c kAppData) line 1907 + 35 bytes main(int 5, char * * 0x003e7708) line 58 + 18 bytes mainCRTStartup() line 338 + 17 bytes - cx 0x02c9d9d8 + links {...} interpLevel 0 stackLimit 718584 version 0 jsop_eq 18 '' jsop_ne 19 '' + runtime 0x00eb4d98 + stackPool {...} + fp 0x0012f02c + tempPool {...} + globalObject 0x02ca1570 + newborn 0x02c9da34 + lastAtom 0x02d8e930 + regExpStatics {...} + sharpObjectMap {...} + argumentFormatMap 0x02c9dc48 + lastMessage 0x084b0cc0 "assignment to undeclared variable output" tracefp 0x00000000 branchCallback 0x01b04fa0 nsJSContext::DOMBranchCallback(JSContext *, JSScript *) errorReporter 0x01b04490 NS_ScriptErrorReporter(JSContext *, const char *, JSErrorReport *) data 0x02c9d830 + dormantFrameChain 0x00000000 thread 4085080 requestDepth 0 + scopeToShare 0x00000000 + lockedSealedScope 0x00000000 rval2 0 rval2set 0 '' creatingException 0 '' throwing 0 '' exception -2147483647 options 25 + localeCallbacks 0x01e59260 + resolvingTable 0x02c9e3d0 + stackHeaders 0x00000000 findObjectPrincipals 0x01b076f0 ObjectPrincipalFinder(JSContext *, JSObject *) - obj 0xc04d8b00 map CXX0017: Error: symbol "" not found slots CXX0030: Error: expression cannot be evaluated v 0 Loading the page by itself however gives a completely different stack with an uninitialized atom. js_Interpret(JSContext * 0x02e2b5f8, long * 0x0012f18c) line 3114 + 26 bytes js_Execute(JSContext * 0x02e2b5f8, JSObject * 0x02df6908, JSScript * 0x03ead818, JSStackFrame * 0x00000000, unsigned int 0, long * 0x0012f2a4) line 1173 + 13 bytes JS_EvaluateUCScriptForPrincipals(JSContext * 0x02e2b5f8, JSObject * 0x02df6908, JSPrincipals * 0x0336f398, const unsigned short * 0x03ea4068, unsigned int 8635, const char * 0x03e973a8, unsigned int 1, long * 0x0012f2a4) line 3649 + 25 bytes nsJSContext::EvaluateString(const nsAString & {...}, void * 0x02df6908, nsIPrincipal * 0x0336f390, const char * 0x03e973a8, unsigned int 1, const char * 0x100ba430, nsAString & {...}, int * 0x0012f2f0) line 946 + 67 bytes nsScriptLoader::EvaluateScript(nsScriptLoadRequest * 0x03e97188, const nsString & {...}) line 668 nsScriptLoader::ProcessRequest(nsScriptLoadRequest * 0x03e97188) line 581 + 22 bytes nsScriptLoader::OnStreamComplete(nsScriptLoader * const 0x033d9394, nsIStreamLoader * 0x03e9ae10, nsISupports * 0x03e97188, unsigned int 0, unsigned int 4294967295, const char * 0x03e9e1bc) line 905 nsStreamLoader::OnStopRequest(nsStreamLoader * const 0x03e9ae14, nsIRequest * 0x03e97648, nsISupports * 0x03e97188, unsigned int 0) line 144 nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x03814590, nsIRequest * 0x03e97648, nsISupports * 0x03e97188, unsigned int 0) line 66 nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x03e97650, nsIRequest * 0x03e9b9f0, nsISupports * 0x00000000, unsigned int 0) line 3670 nsInputStreamPump::OnStateStop() line 499 nsInputStreamPump::OnInputStreamReady(nsInputStreamPump * const 0x03e9b9f4, nsIAsyncInputStream * 0x03e9b7d4) line 339 + 11 bytes nsInputStreamReadyEvent::EventHandler(PLEvent * 0x039e10cc) line 119 PL_HandleEvent(PLEvent * 0x039e10cc) line 673 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00eee8a0) line 608 + 9 bytes _md_EventReceiverProc(HWND__ * 0x01610206, unsigned int 49517, unsigned int 0, long 15657120) line 1414 + 9 bytes USER32! 77d48734() USER32! 77d48816() USER32! 77d489cd() USER32! 77d48a10() nsAppShell::Run(nsAppShell * const 0x00ec0080) line 135 nsAppShellService::Run(nsAppShellService * const 0x00f2adb0) line 495 xre_main(int 4, char * * 0x003e7708, const nsXREAppData * 0x0041e01c kAppData) line 1907 + 35 bytes main(int 4, char * * 0x003e7708) line 58 + 18 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 7c816d4f() + atom 0xcdcdcdcd - cx 0x02e2b5f8 + links {...} interpLevel 1 stackLimit 718584 version 0 jsop_eq 18 '' jsop_ne 19 '' + runtime 0x00f012e0 + stackPool {...} + fp 0x0012f16c + tempPool {...} + globalObject 0x02df6908 + newborn 0x02e2b654 + lastAtom 0x00f098a8 + regExpStatics {...} + sharpObjectMap {...} + argumentFormatMap 0x02e2b868 + lastMessage 0x039e33d8 "assignment to undeclared variable output" tracefp 0x00000000 branchCallback 0x01b14fa0 nsJSContext::DOMBranchCallback(JSContext *, JSScript *) errorReporter 0x01b14490 NS_ScriptErrorReporter(JSContext *, const char *, JSErrorReport *) data 0x02e2b450 + dormantFrameChain 0x00000000 thread 4085080 requestDepth 0 + scopeToShare 0x00000000 + lockedSealedScope 0x00000000 rval2 0 rval2set 0 '' creatingException 0 '' throwing 0 '' exception -2147483647 options 9 + localeCallbacks 0x01e69260 + resolvingTable 0x02e2bff0 + stackHeaders 0x00000000 findObjectPrincipals 0x01b176f0 ObjectPrincipalFinder(JSContext *, JSObject *) + pc 0x03ead871 "=" - script 0x03ead818 + code 0x03ead848 "" length 628 + main 0x03ead863 "l" version 0 + atomMap {...} + filename 0x03eac43d "http://adopt.specificclick.net/adopt.sm?l=1801392231&sz=pop&r=j&pfc=1&v=1&rnd=25699942205226456" lineno 1 depth 7 + trynotes 0x00000000 + principals 0x0336f398 + object 0x00000000
Comment 1•19 years ago
|
||
This has the earmarks of dead JS objects....
Assignee: dveditz → general
Component: Security: CAPS → JavaScript Engine
QA Contact: general
Comment 2•19 years ago
|
||
Lots of rooting fixes, in JS, XBL, and DOM, since 1.0.x. Anyone want to guess which one might help here? /be
this is a very very very common crash of mine. i'd love to see it killed :)
Summary: Crash @ JS_GetPrivate line 1813 → Crash [@ JS_GetPrivate] line 1813
which is to say, i don't believe it's fixed. although i haven't seen it in the past 10 days.
Comment 5•19 years ago
|
||
timeless: what do you mean by "this"? The JS_GetPrivate line number means nothing. You have to include much of the stack in the signature. Are you? /be
i recognize this crash as: no js on stack PresShell::HandleEventInternal nsContentUtils::IsCallerChrome nsScriptSecurityManager::GetFunctionObjectPrincipal http://viper.haque.net/~timeless/jsgffo.ssm.icc.crash http://viper.haque.net/~timeless/jsgp.ssm.icc.crash
Reporter | ||
Comment 7•19 years ago
|
||
*** Bug 319015 has been marked as a duplicate of this bug. ***
Comment 8•19 years ago
|
||
(In reply to comment #7) > *** Bug 319015 has been marked as a duplicate of this bug. *** > ...and just FYI, bug 319015 was Fx 1.5, not 1.0.x
*** Bug 319121 has been marked as a duplicate of this bug. ***
Comment 10•18 years ago
|
||
why is this not listed on the talkback server as an open bug for JS_GetPrivate crashes ?
Comment 12•15 years ago
|
||
The cbs URL worksforme on trunk, and the stack trace was never enough to implicate a specific rooting bug, so marking as WFM.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Updated•13 years ago
|
Crash Signature: [@ JS_GetPrivate]
You need to log in
before you can comment on or make changes to this bug.
Description
•