Closed
Bug 306909
Opened 19 years ago
Closed 19 years ago
nsHTMLDocument::GenerateParserKey ###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().: 'mRawPtr != 0', file
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: mrbkap)
Details
(Keywords: assertion, crash)
Attachments
(1 file, 2 obsolete files)
|
1.01 KB,
patch
|
jst
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
note: this isn't something normal web content can do (and normal xpcshell can't
either, but we believe it's generally a bug in the impl and should be fixed).
R:\mozilla\dbg-i686-pc-cygwin\dist\bin>xpcshell.exe -w -s
js>
dlf=Components.classes["@mozilla.org/content/document-loader-factory;1"].getService()
typein:1: strict warning: assignment to undeclared variable dlf
[xpconnect wrapped nsISupports @ 0xbfbcd0 (native @ 0xbfbc98)]
js> for each (i in Components.interfaces) dlf instanceof i; ''+dlf
!!! XPConnect won't warn about Shadowed Members of...
Window, HTMLInputElement, HTMLDocument, HTMLCollection, Event, ChromeWindow
[xpconnect wrapped nsIDocumentLoaderFactory @ 0xbfbcd0 (native @ 0xbfbc98)]
js> lg=Components.classes["@mozilla.org/network/load-group;1"].createInstance()
typein:3: strict warning: assignment to undeclared variable lg
[xpconnect wrapped nsISupports @ 0xbfc738 (native @ 0xbfc614)]
js> for each (i in Components.interfaces) lg instanceof i; ''+lg
[xpconnect wrapped (nsISupports, nsISupportsWeakReference, nsIRequest,
nsILoadGroup, nsISupportsPriority) @ 0xbfc738 (native @ 0xbfc614)]
js> doc=dlf.createBlankDocument(lg)
typein:5: strict warning: assignment to undeclared variable doc
[xpconnect wrapped nsISupports @ 0x24a28c8 (native @ 0xbfc050)]
js> for each (i in Components.interfaces) doc instanceof i; ''+doc
!!!Object wrapped by XPConnect has members whose names shadow each other!!!
{snip}
[xpconnect wrapped (nsISupports, nsIDOMDocumentTraversal,
nsISupportsWeakReference, nsIDOMDocumentXBL, nsIDOMDocumentStyle,
nsIDOMNSDocument, nsIDOMNode, nsIDOMNSEventTarget, nsIDOMDocumentEvent,
nsIDOMXPathEvaluator, nsIDOMHTMLDocument, nsIDOM3EventTarget, nsIDOM3Node,
nsIDOMNSDocumentStyle, nsIDOM3Document, nsIDOMDocumentView,
nsIDOM3DocumentEvent, nsIDOMDocument, nsIDOMEventTarget, nsIDOMDocumentRange,
nsIDOMNSHTMLDocument) @ 0x24a28c8 (native @ 0xbfc050)]
js> doc2=doc.open("text/html",true)
typein:66: strict warning: assignment to undeclared variable doc2
[xpconnect wrapped (nsISupports, nsIDOMDocumentTraversal,
nsISupportsWeakReference, nsIDOMDocumentXBL, nsIDOMDocumentStyle,
nsIDOMNSDocument, nsIDOMNode, nsIDOMNSEventTarget, nsIDOMDocumentEvent,
nsIDOMXPathEvaluator, nsIDOMHTMLDocument, nsIDOM3EventTarget, nsIDOM3Node,
nsIDOMNSDocumentStyle, nsIDOM3Document, nsIDOMDocumentView,
nsIDOM3DocumentEvent, nsIDOMDocument, nsIDOMEventTarget, nsIDOMDocumentRange,
nsIDOMNSHTMLDocument) @ 0x24a28c8 (native @ 0xbfc050)]
js> doc2.write("<title>hi")
###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().:
'mRawPtr != 0', file
r:\mozilla\dbg-i686-pc-cygwin\dist\include\xpcom\nsCOMPtr.h, line 849
Break: at file r:\mozilla\dbg-i686-pc-cygwin\dist\include\xpcom\nsCOMPtr.h, line 849
00 ntdll!DbgBreakPoint (FPO: [0,0,0])
01 xpcom_core!nsDebugImpl::Break(char * aFile = 0x01af5874
"r:\mozilla\dbg-i686-pc-cygwin\dist\include\xpcom\nsCOMPtr.h", int aLine =
849)+0x7e (FPO: [Non-Fpo]) (CONV: stdcall)
[r:\mozilla\xpcom\base\nsdebugimpl.cpp @ 350]
02 xpcom_core!nsDebugImpl::Assertion(char * aStr = 0x01af5820 "You can't
dereference a NULL nsCOMPtr with operator->().", char * aExpr = 0x01af5864
"mRawPtr != 0", char * aFile = 0x01af5874
"r:\mozilla\dbg-i686-pc-cygwin\dist\include\xpcom\nsCOMPtr.h", int aLine =
849)+0x29e (FPO: [Non-Fpo]) (CONV: stdcall)
[r:\mozilla\xpcom\base\nsdebugimpl.cpp @ 266]
03 xpcom_core!nsDebug::Assertion(char * aStr = 0x01af5820 "You can't dereference
a NULL nsCOMPtr with operator->().", char * aExpr = 0x01af5864 "mRawPtr != 0",
char * aFile = 0x01af5874
"r:\mozilla\dbg-i686-pc-cygwin\dist\include\xpcom\nsCOMPtr.h", int aLine =
849)+0x4d (FPO: [Non-Fpo]) (CONV: cdecl)
[r:\mozilla\dbg-i686-pc-cygwin\xpcom\build\nsdebug.cpp @ 109]
04 gklayout!nsCOMPtr<nsIScriptLoader>::operator->(void)+0x29 (FPO: [Non-Fpo])
(CONV: thiscall) [r:\mozilla\dbg-i686-pc-cygwin\dist\include\xpcom\nscomptr.h @ 849]
05 gklayout!nsHTMLDocument::GenerateParserKey(void)+0x1f (FPO: [Non-Fpo]) (CONV:
thiscall) [r:\mozilla\content\html\document\src\nshtmldocument.cpp @ 3466]
06 gklayout!nsHTMLDocument::WriteCommon(class nsAString_internal * aText =
0x0012de4c, int aNewlineTerminate = 0)+0x248 (FPO: [Non-Fpo]) (CONV: thiscall)
[r:\mozilla\content\html\document\src\nshtmldocument.cpp @ 2183]
07 gklayout!nsHTMLDocument::ScriptWriteCommon(int aNewlineTerminate = 0)+0x47a
(FPO: [Non-Fpo]) (CONV: thiscall)
[r:\mozilla\content\html\document\src\nshtmldocument.cpp @ 2267]
08 gklayout!nsHTMLDocument::Write(void)+0x13 (FPO: [Non-Fpo]) (CONV: stdcall)
[r:\mozilla\content\html\document\src\nshtmldocument.cpp @ 2296]
09 xpcom_core!XPTC_InvokeByIndex(class nsISupports * that = 0x00bfc22c, unsigned
int methodIndex = 0x14, unsigned int paramCount = 0, struct nsXPTCVariant *
params = 0x0012e02c)+0x27 (CONV: cdecl)
[r:\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp @ 102]
0a xpc3250!XPCWrappedNative::CallMethod(class XPCCallContext * ccx = 0x0012e1e0,
XPCWrappedNative::CallMode mode = CALL_METHOD (0))+0xddb (FPO: [Non-Fpo]) (CONV:
cdecl) [r:\mozilla\js\src\xpconnect\src\xpcwrappednative.cpp @ 2122]
0b xpc3250!XPC_WN_CallMethod(struct JSContext * cx = 0x00bf1028, struct JSObject
* obj = 0x024960b8, unsigned int argc = 1, long * argv = 0x025dc3bc, long * vp =
0x0012e300)+0x1c9 (FPO: [Non-Fpo]) (CONV: cdecl)
[r:\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp @ 1376]
0c js3250!js_Invoke(struct JSContext * cx = 0x00bf1028, unsigned int argc = 1,
unsigned int flags = 0)+0xcb6 (FPO: [Non-Fpo]) (CONV: cdecl)
[r:\mozilla\js\src\jsinterp.c @ 1173]
0d js3250!js_Interpret(struct JSContext * cx = 0x00bf1028, unsigned char * pc =
0x025d7632 ":", long * result = 0x0012ed14)+0xda7b (FPO: [Non-Fpo]) (CONV:
cdecl) [r:\mozilla\js\src\jsinterp.c @ 3466]
0e js3250!js_Execute(struct JSContext * cx = 0x00bf1028, struct JSObject * chain
= 0x00bafd90, struct JSScript * script = 0x025d75f8, struct JSStackFrame * down
= 0x00000000, unsigned int flags = 0, long * result = 0x0012fdc4)+0x334 (FPO:
[Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\src\jsinterp.c @ 1403]
0f js3250!JS_ExecuteScript(struct JSContext * cx = 0x00bf1028, struct JSObject *
obj = 0x00bafd90, struct JSScript * script = 0x025d75f8, long * rval =
0x0012fdc4)+0x41 (FPO: [Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\src\jsapi.c @ 3777]
10 xpcshell!ProcessFile(struct JSContext * cx = 0x00bf1028, struct JSObject *
obj = 0x00bafd90, char * filename = 0x00000000 "", struct _iobuf * file =
0x1027c838)+0x2b7 (FPO: [Non-Fpo]) (CONV: cdecl)
[r:\mozilla\js\src\xpconnect\shell\xpcshell.cpp @ 648]
11 xpcshell!Process(struct JSContext * cx = 0x00bf1028, struct JSObject * obj =
0x00bafd90, char * filename = 0x00000000 "")+0x93 (FPO: [Non-Fpo]) (CONV: cdecl)
[r:\mozilla\js\src\xpconnect\shell\xpcshell.cpp @ 705]
12 xpcshell!ProcessArgs(struct JSContext * cx = 0x00bf1028, struct JSObject *
obj = 0x00bafd90, char ** argv = 0x003671e4, int argc = 2)+0x49f (FPO:
[Non-Fpo]) (CONV: cdecl) [r:\mozilla\js\src\xpconnect\shell\xpcshell.cpp @ 861]
13 xpcshell!main(int argc = 2, char ** argv = 0x003671e4, char ** envp =
0x00362fc0)+0x965 (FPO: [Non-Fpo]) (CONV: cdecl)
[r:\mozilla\js\src\xpconnect\shell\xpcshell.cpp @ 1642]
|
Assignee | |
Comment 3•19 years ago
|
||
I don't like having critical bugs on my list, so we should either take a patch that fixes the crash or mark this as INVALID. This patch is actually correct. If we get here and don't have a script loader, then the parser won't be parsing anything, and will not have any parser contexts around. On the other hand, there is currently no way to get here without a script loader outside of timeless' changes allowing any nsISupports object to be reflected into JS, since content sinks _always_ initialize their documents with script loaders.
Attachment #194734 -
Attachment is obsolete: true
Attachment #196861 -
Flags: review?(jst)
|
||
Comment 4•19 years ago
|
||
Comment on attachment 196861 [details] [diff] [review] one that actually compiles nsHTMLDocument::GenerateParserKey(void) { // The script loader provides us with the currently executing script element, // which is guaranteed to be unique per script. nsCOMPtr<nsIScriptElement> key; - mScriptLoader->GetCurrentScript(getter_AddRefs(key)); + GetScriptLoader()->GetCurrentScript(getter_AddRefs(key)); return key; IMO it would be more correct to simply return null if (!mScriptLoader), same result with the benefit of not crashing if we're out of memory and GetScriptLoader() returns null. r+sr=jst with that fixed.
Attachment #196861 -
Flags: superreview+
Attachment #196861 -
Flags: review?(jst)
Attachment #196861 -
Flags: review+
|
|
Assignee | |
Comment 5•19 years ago
|
||
Fix checked in.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Summary: nsHTMLDocument::GenerateParserKey ###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().: 'mRawPtr != 0', file → nsHTMLDocument::GenerateParserKey ###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().: 'mRawPtr != 0', file
|
||
Updated•18 years ago
|
Flags: in-testsuite?
Component: DOM: HTML → DOM: Core & HTML
QA Contact: ian → general
You need to log in
before you can comment on or make changes to this bug.
Description
•