304259 - crash, null listener because the asyncopen wasn't quite async enough [@ nsInputStreamChannel::OnStartRequest]

Status: VERIFIED DUPLICATE of bug 302227

(Core :: Networking, defect)

Description

[timeless]

-	(nsIURI*)((*(nsCOMPtr_base*)(&this->mURI))).mRawPtr	0x03d8a548 
{mRefCnt={mValue=4 } fOuter=0x03d8a55c fAggregated={...} ...}	nsIURI *
+	(nsIURI*)((*(nsCOMPtr_base*)(&this->mOriginalURI))).mRawPtr
	0x03d8a548 {mRefCnt={mValue=4 } fOuter=0x03d8a55c fAggregated={...} ...}
	nsIURI *

mListenerContext is also 0x0
	mContentLength	194	int
	mLoadFlags	589824	unsigned int
	mStatus	0	unsigned int

+	{,,necko.dll}((*(nsACString_internal*)(&(*(nsCSubstring*)(&(*
(nsSimpleURI*){*}((nsIURI*)((*(nsCOMPtr_base*)(&this-
>mOriginalURI))).mRawPtr)).mScheme))))).mData	0x03d8a590 "javascript"	char *
+	{,,necko.dll}((*(nsACString_internal*)(&(*(nsCSubstring*)(&(*
(nsSimpleURI*){*}((nsIURI*)((*(nsCOMPtr_base*)(&this-
>mOriginalURI))).mRawPtr)).mPath))))).mData	0x03d8a5b0 "window.location"
	char *

-	mListener	{...}	nsCOMPtr<nsIStreamListener>
+	nsCOMPtr_base	{mRawPtr=0x00000000 }	nsCOMPtr_base

> 	necko.dll!nsInputStreamChannel::OnStartRequest(nsIRequest * 
req=0x03ce2758, nsISupports * ctx=0x00000000)  Line 360 + 0xb	C++
	necko.dll!nsInputStreamPump::OnStateStart()  Line 385	C++
 	necko.dll!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream * 
stream=0x039f4268)  Line 347	C++
 	xpcom_core.dll!nsOutputStreamReadyEvent::EventHandler(PLEvent * 
plevent=0x03c79624)  Line 120	C++
 	xpcom_core.dll!PL_HandleEvent(PLEvent * self=0x03c79624)  Line 686
	C
 	xpcom_core.dll!PL_ProcessPendingEvents(PLEventQueue * self=0x00a8ad28)  
Line 620 + 0x6	C
 	xpcom_core.dll!nsEventQueueImpl::ProcessPendingEvents()  Line 421
	C++
 	xpcom_core.dll!nsEventQueueImpl::ProcessPendingEvents()  Line 430
	C++
 	xpcom_core.dll!nsEventQueueImpl::ProcessPendingEvents()  Line 430
	C++
 	gkwidget.dll!nsWindow::DispatchPendingEvents()  Line 4127	C++
 	gkwidget.dll!nsWindow::ProcessMessage(unsigned int msg=257, unsigned 
int wParam=123, long lParam=-1067974655, long * aRetValue=0x0012c7f0)  Line 4489
	C++
 	gkwidget.dll!nsWindow::WindowProc(HWND__ * hWnd=0x00e0156c, unsigned 
int msg=257, unsigned int wParam=123, long lParam=44149884)  Line 1349 + 0x10
	C++
 	user32.dll!_InternalCallWinProc@20()  + 0x28	
 	user32.dll!_UserCallWinProcCheckWow@32()  + 0xb7	
 	user32.dll!_DispatchMessageWorker@8()  + 0xdc	
 	user32.dll!_DispatchMessageW@4()  + 0xf	
 	gkwidget.dll!nsAppShell::DispatchNativeEvent(int aRealEvent=1, void * 
aEvent=0x0178e704)  Line 221	C++
 	jsd3250.dll!jsdService::EnterNestedEventLoop(jsdINestCallback * 
callback=0x00000000, unsigned int * _rval=0x0012c9ac)  Line 2991	C++
 	xpcom_core.dll!XPTC_InvokeByIndex(nsISupports * that=0x00a924e8, 
unsigned int methodIndex=49, unsigned int paramCount=2, nsXPTCVariant * 
params=0x0012c99c)  Line 102	C++
 	xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, 
XPCWrappedNative::CallMode mode=CALL_METHOD)  Line 2122 + 0x16	C++
 	xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x00a16a88, JSObject * 
obj=0x02f063c8, unsigned int argc=1, long * argv=0x026b983c, long * 
vp=0x0012cc08)  Line 1376 + 0xa	C++
 	js3250.dll!js_Invoke(JSContext * cx=0x02a1ac78, unsigned int 
argc=59245664, unsigned int flags=1230784)  Line 1173 + 0x11	C
 	js3250.dll!js_Interpret(JSContext * cx=0x02a1ac78, unsigned char * 
pc=0x03880460, long * result=0x0012c7c0)  Line 3466 + 0xb	C
 	js3250.dll!js_Invoke(JSContext * cx=0x02a1ac78, unsigned int 
argc=59245664, unsigned int flags=1230784)  Line 1193 + 0xc	C
 	xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * 
wrapper=0x00afa940, unsigned short methodIndex=44152, const nsXPTMethodInfo * 
info=0x03880460, nsXPTCMiniVariant * nativeParams=0x0012c7c0)  Line 1413 + 0x10
	C++
 	xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=3, 
const nsXPTMethodInfo * info=0x02d6d218, nsXPTCMiniVariant * 
params=0x0012d054)  Line 462	C++
 	xpcom_core.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x02fff3f0, 
unsigned int methodIndex=3, unsigned int * args=0x0012d110, unsigned int * 
stackBytesToPop=0x0012d100)  Line 117 + 0x12	C++
 	xpcom_core.dll!SharedStub()  Line 147	C++
 	jsd3250.dll!jsds_ExecutionHookProc(JSDContext * jsdc=0x00a9aa50, 
JSDThreadState * jsdthreadstate=0x03978f30, unsigned int type=0, void * 
callerdata=0x00000000, long * rval=0x0012d308)  Line 683	C++
 	jsd3250.dll!jsd_CallExecutionHook(JSDContext * jsdc=0x00a9aa50, 
JSContext * cx=0x00a16a88, unsigned int type=0, unsigned int (JSDContext *, 
JSDThreadState *, unsigned int, void *, long *)* hook=0x00e88f13, void * 
hookData=0x00000000, long * rval=0x0012d308)  Line 178	C
 	jsd3250.dll!jsd_InterruptHandler(JSContext * cx=0x00a16a88, JSScript * 
script=0x02740f10, unsigned char * pc=0x02740f40, long * rval=0x0012d308, void 
* closure=0x00000000)  Line 80 + 0x15	C
 	js3250.dll!js_Interpret(JSContext * cx=0x02a1ac78, unsigned char * 
pc=0x03880460, long * result=0x0012c7c0)  Line 1856 + 0x1a	C
 	js3250.dll!js_Invoke(JSContext * cx=0x02a1ac78, unsigned int 
argc=59245664, unsigned int flags=1230784)  Line 1193 + 0xc	C
 	xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * 
wrapper=0x00afa940, unsigned short methodIndex=44152, const nsXPTMethodInfo * 
info=0x03880460, nsXPTCMiniVariant * nativeParams=0x0012c7c0)  Line 1413 + 0x10
	C++
 	xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=3, 
const nsXPTMethodInfo * info=0x027b80e0, nsXPTCMiniVariant * 
params=0x0012d580)  Line 462	C++
 	xpcom_core.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x027b6308, 
unsigned int methodIndex=3, unsigned int * args=0x0012d63c, unsigned int * 
stackBytesToPop=0x0012d62c)  Line 117 + 0x12	C++
 	xpcom_core.dll!SharedStub()  Line 147	C++
 	appcomps.dll!nsBrowserStatusFilter::OnStateChange(nsIWebProgress * 
aWebProgress=0x0279c204, nsIRequest * aRequest=0x03b1ae78, unsigned int 
aStateFlags=983041, unsigned int aStatus=0)  Line 178 + 0x13	C++
 	docshell.dll!nsDocLoader::FireOnStateChange(nsIWebProgress * 
aProgress=0x0279c204, nsIRequest * aRequest=0x03b1ae78, int aStateFlags=983041, 
unsigned int aStatus=0)  Line 1210 + 0x12	C++
 	docshell.dll!nsDocLoader::doStartDocumentLoad()  Line 772	C++
 	docshell.dll!nsDocLoader::OnStartRequest(nsIRequest * 
request=0x03b1ae78, nsISupports * aCtxt=0x00000000)  Line 512	C++
 	necko.dll!nsLoadGroup::AddRequest(nsIRequest * request=0x00090000, 
nsISupports * ctxt=0x00000000)  Line 648	C++
 	necko.dll!nsInputStreamChannel::AsyncOpen(nsIStreamListener * 
listener=0x03d8a6a0, nsISupports * ctxt=0x00000000)  Line 321	C++
 	gklayout.dll!nsJSChannel::InternalOpen(int aIsAsync=1, 
nsIStreamListener * aListener=0x03d8a6a0, nsISupports * aContext=0x00000000, 
nsIInputStream * * aResult=0x00000000)  Line 599 + 0x11	C++
 	gklayout.dll!nsJSChannel::AsyncOpen(nsIStreamListener * 
aListener=0x03d8a6a0, nsISupports * aContext=0x00000000)  Line 515	C++
 	docshell.dll!nsDocumentOpenInfo::Open(nsIChannel * 
aChannel=0x03d8a660)  Line 228	C++
 	docshell.dll!nsURILoader::OpenURI(nsIChannel * channel=0x03d8a660, int 
aIsContentPreferred=0, nsIInterfaceRequestor * aWindowContext=0x0279c208)  Line 
915 + 0x9	C++
 	docshell.dll!nsDocShell::DoChannelLoad(nsIChannel * 
aChannel=0x00000003, nsIURILoader * aURILoader=0x018b90e0)  Line 6757 + 0x1e
	C++
 	docshell.dll!nsDocShell::DoURILoad(nsIURI * aURI=0x03d8a548, nsIURI * 
aReferrerURI=0x00000000, int aSendReferrer=1, nsISupports * aOwner=0x02bd1578, 
const char * aTypeHint=0x00000000, nsIInputStream * aPostData=0x00000000, 
nsIInputStream * aHeadersData=0x00000000, int aFirstParty=1, nsIDocShell * * 
aDocShell=0x00000000, nsIRequest * * aRequest=0x0012d92c)  Line 6615	C++
 	docshell.dll!nsDocShell::InternalLoad(nsIURI * aURI=0x00859836, nsIURI 
* aReferrer=0x00a8ace8, nsISupports * aOwner=0x00afa944, unsigned int 
aFlags=1230132, const unsigned short * aWindowTarget=0x00859836, const char * 
aTypeHint=0x00a8ace8, nsIInputStream * aPostData=0x02a1ac78, nsIInputStream * 
aHeadersData=0x0012c554, unsigned int aLoadType=24609520, nsISHEntry * 
aSHEntry=0x00afa940, int aFirstParty=44149880, nsIDocShell * * 
aDocShell=0x03880460, nsIRequest * * aRequest=0x0012c7c0)  Line 6382 + 0x3d
	C++
 	docshell.dll!nsDocShell::LoadURI(nsIURI * aURI=0x03d8a548, 
nsIDocShellLoadInfo * aLoadInfo=0x002a6ec0, unsigned int aLoadFlags=0, int 
aFirstParty=1)  Line 789 + 0x2d	C++
 	docshell.dll!nsDocShell::LoadURI(const unsigned short * 
aURI=0x017782f0, unsigned int aLoadFlags=11512128, nsIURI * 
aReferringURI=0x02a1ac78, nsIInputStream * aPostStream=0x03880460, 
nsIInputStream * aHeaderStream=0x0012c7c0)  Line 2825	C++
 	xpcom_core.dll!XPTC_InvokeByIndex(nsISupports * that=0x0279c298, 
unsigned int methodIndex=8, unsigned int paramCount=5, nsXPTCVariant * 
params=0x0012daf0)  Line 102	C++
 	xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, 
XPCWrappedNative::CallMode mode=CALL_METHOD)  Line 2122 + 0x16	C++
 	xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x00a16a88, JSObject * 
obj=0x0397bc70, unsigned int argc=5, long * argv=0x038deb04, long * 
vp=0x0012dd5c)  Line 1376 + 0xa	C++
 	js3250.dll!js_Invoke(JSContext * cx=0x02a1ac78, unsigned int 
argc=59245664, unsigned int flags=1230784)  Line 1173 + 0x11	C
 	js3250.dll!js_Interpret(JSContext * cx=0x02a1ac78, unsigned char * 
pc=0x03880460, long * result=0x0012c7c0)  Line 3466 + 0xb	C
 	js3250.dll!js_Invoke(JSContext * cx=0x02a1ac78, unsigned int 
argc=59245664, unsigned int flags=1230784)  Line 1193 + 0xc	C
 	js3250.dll!js_Interpret(JSContext * cx=0x02a1ac78, unsigned char * 
pc=0x03880460, long * result=0x0012c7c0)  Line 3466 + 0xb	C
 	js3250.dll!js_Invoke(JSContext * cx=0x02a1ac78, unsigned int 
argc=59245664, unsigned int flags=1230784)  Line 1193 + 0xc	C
 	js3250.dll!js_Interpret(JSContext * cx=0x02a1ac78, unsigned char * 
pc=0x03880460, long * result=0x0012c7c0)  Line 3466 + 0xb	C
 	js3250.dll!js_Invoke(JSContext * cx=0x02a1ac78, unsigned int 
argc=59245664, unsigned int flags=1230784)  Line 1193 + 0xc	C
 	js3250.dll!fun_apply(JSContext * cx=0x00a16a88, JSObject * 
obj=0x025e5bc0, unsigned int argc=2, long * argv=0x03ae4a8c, long * 
rval=0x0012e4a4)  Line 1608	C
 	js3250.dll!js_Invoke(JSContext * cx=0x02a1ac78, unsigned int 
argc=59245664, unsigned int flags=1230784)  Line 1173 + 0x11	C
 	js3250.dll!js_Interpret(JSContext * cx=0x02a1ac78, unsigned char * 
pc=0x03880460, long * result=0x0012c7c0)  Line 3466 + 0xb	C
 	js3250.dll!js_Invoke(JSContext * cx=0x02a1ac78, unsigned int 
argc=59245664, unsigned int flags=1230784)  Line 1193 + 0xc	C
 	js3250.dll!js_InternalInvoke(JSContext * cx=0x00a16ab0, JSObject * 
obj=0x025e5bc0, long fval=60429328, unsigned int flags=0, unsigned int argc=1, 
long * argv=0x0012e8d8, long * rval=0x0012e91c)  Line 1270 + 0xe	C
 	js3250.dll!JS_CallFunctionValue(JSContext * cx=0x00a16a88, JSObject * 
obj=0x025e5bc0, long fval=60429328, unsigned int argc=1, long * 
argv=0x0012e8d8, long * rval=0x0012e91c)  Line 3951 + 0x16	C
 	gklayout.dll!nsJSContext::CallEventHandler(JSObject * 
aTarget=0x025e5bc0, JSObject * aHandler=0x039a1410, unsigned int argc=1, long * 
argv=0x0012e8d8, long * rval=0x00000000)  Line 1418	C++
 	gklayout.dll!nsJSEventListener::HandleEvent(nsIDOMEvent * 
aEvent=0x0012c7c0)  Line 209	C++
 	gklayout.dll!nsXBLPrototypeHandler::ExecuteHandler(nsIDOMEventReceiver 
* aReceiver=0x03880460, nsIDOMEvent * aEvent=0x0012c7c0)  Line 499	C++
 	gklayout.dll!nsXBLKeyEventHandler::HandleEvent(nsIDOMEvent * 
aEvent=0x038b66e0)  Line 143 + 0xb	C++
 	gklayout.dll!nsEventListenerManager::HandleEventSubType
(nsListenerStruct * aListenerStruct=0x017782f0, nsIDOMEvent * 
aDOMEvent=0x00afa940, nsIDOMEventTarget * aCurrentTarget=0x02a1ac78, unsigned 
int aSubType=59245664, unsigned int aPhaseFlags=1230784)  Line 1595 + 0xb
	C++
 	gklayout.dll!nsEventListenerManager::HandleEvent(nsPresContext * 
aPresContext=0x00000000, nsEvent * aEvent=0x0012f988, nsIDOMEvent * * 
aDOMEvent=0x0012f5d4, nsIDOMEventTarget * aCurrentTarget=0x038b66e0, unsigned 
int aFlags=4, nsEventStatus * aEventStatus=0x0012f8d8)  Line 1696 + 0x20
	C++
 	gklayout.dll!nsXULElement::HandleDOMEvent(nsPresContext * 
aPresContext=0x017782f0, nsEvent * aEvent=0x00afa940, nsIDOMEvent * * 
aDOMEvent=0x02a1ac78, unsigned int aFlags=59245664, nsEventStatus * 
aEventStatus=0x0012c7c0)  Line 2201	C++
 	gklayout.dll!nsXULElement::HandleDOMEvent(nsPresContext * 
aPresContext=0x017782f0, nsEvent * aEvent=0x00afa940, nsIDOMEvent * * 
aDOMEvent=0x02a1ac78, unsigned int aFlags=59245664, nsEventStatus * 
aEventStatus=0x0012c7c0)  Line 2180	C++
 	gklayout.dll!nsXULElement::HandleDOMEvent(nsPresContext * 
aPresContext=0x017782f0, nsEvent * aEvent=0x00afa940, nsIDOMEvent * * 
aDOMEvent=0x02a1ac78, unsigned int aFlags=59245664, nsEventStatus * 
aEventStatus=0x0012c7c0)  Line 2180	C++
 	gklayout.dll!nsGenericElement::HandleDOMEvent(nsPresContext * 
aPresContext=0x017782f0, nsEvent * aEvent=0x00afa940, nsIDOMEvent * * 
aDOMEvent=0x02a1ac78, unsigned int aFlags=59245664, nsEventStatus * 
aEventStatus=0x0012c7c0)  Line 2074	C++
 	gklayout.dll!nsHTMLInputElement::HandleDOMEvent(nsPresContext * 
aPresContext=0x017782f0, nsEvent * aEvent=0x00afa940, nsIDOMEvent * * 
aDOMEvent=0x02a1ac78, unsigned int aFlags=59245664, nsEventStatus * 
aEventStatus=0x0012c7c0)  Line 1382 + 0x1b	C++
 	gklayout.dll!PresShell::HandleEventInternal(nsEvent * 
aEvent=0x0012f988, nsIView * aView=0x0240c430, unsigned int aFlags=1, 
nsEventStatus * aStatus=0x0012f8d8)  Line 6357 + 0x12	C++
 	gklayout.dll!PresShell::HandleEvent(nsIView * aView=0x0240c430, 
nsGUIEvent * aEvent=0x0012f988, nsEventStatus * aEventStatus=0x0012f8d8, int 
aForceHandle=1, int & aHandled=1)  Line 6193 + 0x13	C++
 	gklayout.dll!nsViewManager::HandleEvent(nsView * aView=0x02a1ac78, 
nsGUIEvent * aEvent=0x03880460, int aCaptured=1230784)  Line 2502	C++
 	gklayout.dll!nsViewManager::DispatchEvent(nsGUIEvent * 
aEvent=0x3d888889, nsEventStatus * aStatus=0x0012f94c)  Line 2234 + 0x15
	C++
 	gklayout.dll!HandleEvent(nsGUIEvent * aEvent=0x0012f988)  Line 173
	C++
 	gkwidget.dll!nsWindow::DispatchEvent(nsGUIEvent * event=0x0012f988, 
nsEventStatus & aStatus=nsEventStatus_eIgnore)  Line 1172 + 0x3	C++
 	gkwidget.dll!nsWindow::DispatchWindowEvent(nsGUIEvent * 
event=0x00000000)  Line 1193	C++
 	gkwidget.dll!nsWindow::DispatchKeyEvent(unsigned int aEventType=131, 
unsigned short aCharCode=0, unsigned int aVirtualCharCode=13, long 
aKeyData=1835009, unsigned int aFlags=0)  Line 3364 + 0xe	C++
 	gkwidget.dll!nsWindow::OnKeyDown(unsigned int aVirtualKeyCode=13, 
unsigned int aScanCode=28, long aKeyData=1835009)  Line 3502	C++
 	gkwidget.dll!nsWindow::ProcessMessage(unsigned int msg=256, unsigned 
int wParam=13, long lParam=1835009, long * aRetValue=0x0012fd14)  Line 4363 + 
0x12	C++
 	gkwidget.dll!nsWindow::WindowProc(HWND__ * hWnd=0x01af1656, unsigned 
int msg=256, unsigned int wParam=13, long lParam=27135468)  Line 1349 + 0x10
	C++
 	user32.dll!_InternalCallWinProc@20()  + 0x28	
 	user32.dll!_UserCallWinProcCheckWow@32()  + 0xb7	
 	user32.dll!_DispatchMessageWorker@8()  + 0xdc	
 	user32.dll!_DispatchMessageW@4()  + 0xf	
 	gkwidget.dll!nsAppShell::Run()  Line 159	C++
 	appcomps.dll!nsAppStartup::Run()  Line 208	C++
 	seamonkey.exe!main1(int argc=2, char * * argv=0x002a2d30, nsISupports * 
nativeApp=0x00000000)  Line 1272 + 0x9	C++
 	seamonkey.exe!main(int argc=2, char * * argv=0x002a2d30)  Line 1777 + 
0x15	C++
 	seamonkey.exe!WinMain(HINSTANCE__ * __formal=0x00400000, HINSTANCE__ * 
__formal=0x00400000, char * args=0x0015231e, HINSTANCE__ * 
__formal=0x00400000)  Line 1801 + 0x17	C++
 	seamonkey.exe!WinMainCRTStartup()  Line 390 + 0x1b	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x23	

if you look carefully through the call stack, you'll see that asyncopen is on 
the call stack too :)

    if (mLoadGroup)
        mLoadGroup->AddRequest(this, nsnull); // we are here

    mListener = listener; // we'd be happier here

i think i already reported this bug before, but i can't find it atm, and it's 
clearly still not fixed, so i'm complaining again.

Comment 1

[Darin Fisher]

*** This bug has been marked as a duplicate of 302227 ***

Comment 2

[timeless]

oh right, i used a proxy to complain. oops :)