Closed
Bug 308577
Opened 20 years ago
Closed 20 years ago
Crash [@ js_GetSlotThreadSafe] because nsXBLPrototypeHandler::ExecuteHandler did not root handler
Categories
(Core :: XBL, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla1.8beta5
People
(Reporter: timeless, Assigned: bzbarsky)
References
()
Details
(Keywords: crash, fixed1.8)
Crash Data
Attachments
(2 files, 1 obsolete file)
|
27.93 KB,
patch
|
Details | Diff | Splinter Review | |
|
19.95 KB,
patch
|
asa
:
approval1.8b5+
|
Details | Diff | Splinter Review |
00 0x100
01 js3250!js_GetSlotThreadSafe(struct JSContext * cx = 0x0c611ff0, struct
JSObject * obj = 0x0d4561d0, unsigned long slot = 3)+0x34 (FPO: [Non-Fpo])
(CONV: cdecl) [c:\build\chs3\build\mozilla\js\src\jslock.c @ 554]
02 js3250!JS_GetPrivate(struct JSContext * cx = 0x00e5435f, struct JSObject *
obj = 0x13224448)+0x69 (FPO: [2,0,0]) (CONV: cdecl) [c:\build\chs3
\build\mozilla\js\src\jsapi.c @ 2160]
03 js3250!js_CloneFunctionObject(struct JSContext * cx = 0x00e5435f, struct
JSObject * funobj = 0x13224448, struct JSObject * parent = 0x00000000)+0x2c
(FPO: [3,0,0]) (CONV: cdecl) [c:\build\chs3\build\mozilla\js\src\jsfun.c @ 2000]
04 js3250!JS_CloneFunctionObject(struct JSContext * cx = 0x00e5435f, struct
JSObject * funobj = 0x13224448, struct JSObject * parent = 0x00000000)+0x57
(FPO: [3,0,0]) (CONV: cdecl) [c:\build\chs3\build\mozilla\js\src\jsapi.c @ 3254]
05 gklayout!nsJSContext::BindCompiledEventHandler(void * aTarget = 0x13224448,
class nsIAtom * aName = 0x00000000, void * aHandler = 0x0d4561d0)+0x87 (FPO:
[Non-Fpo]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\dom\src\base\nsjsenvironment.cpp @ 1476]
06 gklayout!nsXBLPrototypeHandler::ExecuteHandler(class nsIDOMEventReceiver *
aReceiver = 0x1497b390, class nsIDOMEvent * aEvent = 0x07466500)+0x787 (FPO:
[Uses EBP] [2,240,0]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\content\xbl\src\nsxblprototypehandler.cpp @ 495]
07 gklayout!nsXBLKeyEventHandler::HandleEvent(class nsIDOMEvent * aEvent =
0x1497b390)+0xd2 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\content\xbl\src\nsxbleventhandler.cpp @ 151]
08 gklayout!nsEventListenerManager::HandleEventSubType(struct nsListenerStruct
* aListenerStruct = 0x13809cf8, class nsIDOMEvent * aDOMEvent = 0x07466500,
class nsIDOMEventTarget * aCurrentTarget = 0x1497b390, unsigned int aSubType =
0x7466508, unsigned int aPhaseFlags = 7)+0x14e (FPO: [Uses EBP] [5,54,0])
(CONV: thiscall) [c:\build\chs3
\build\mozilla\content\events\src\nseventlistenermanager.cpp @ 1685]
09 gklayout!nsEventListenerManager::HandleEvent(class nsPresContext *
aPresContext = 0x00000000, class nsEvent * aEvent = 0x0012cba8, class
nsIDOMEvent ** aDOMEvent = 0x0012c964, class nsIDOMEventTarget * aCurrentTarget
= 0x1497b390, unsigned int aFlags = 7, nsEventStatus * aEventStatus =
0x0012caf8)+0x241 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\content\events\src\nseventlistenermanager.cpp @ 1786]
0a gklayout!nsXULElement::HandleDOMEvent(class nsPresContext * aPresContext =
0x0c5ba7a0, class nsEvent * aEvent = 0x00000000, class nsIDOMEvent ** aDOMEvent
= 0x0012c964, unsigned int aFlags = 7, nsEventStatus * aEventStatus =
0x0012caf8)+0x5b2 (FPO: [Uses EBP] [5,127,0]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\content\xul\content\src\nsxulelement.cpp @ 2201]
0b gklayout!PresShell::HandleEventInternal(class nsEvent * aEvent = 0x00000000,
class nsIView * aView = 0x0b929510, unsigned int aFlags = 1, nsEventStatus *
aStatus = 0x0012caf8)+0x1dc (FPO: [Non-Fpo]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\layout\base\nspresshell.cpp @ 6379]
0c gklayout!PresShell::HandleEvent(class nsIView * aView = 0x0b929510, class
nsGUIEvent * aEvent = 0x0012cba8, nsEventStatus * aEventStatus = 0x0012caf8,
int aForceHandle = 1, int * aHandled = 0x0012caf4)+0x210 (FPO: [Non-Fpo])
(CONV: stdcall) [c:\build\chs3\build\mozilla\layout\base\nspresshell.cpp @ 6215]
0d gklayout!nsViewManager::HandleEvent(class nsView * aView = 0x00000001, class
nsGUIEvent * aEvent = 0x00000000, int aCaptured = 0)+0x2bc (FPO: [Non-Fpo])
(CONV: thiscall) [c:\build\chs3\build\mozilla\view\src\nsviewmanager.cpp @ 2514]
0e gklayout!nsViewManager::DispatchEvent(class nsGUIEvent * aEvent =
0x3d888889, nsEventStatus * aStatus = 0x0012cb6c)+0x63a (FPO: [Non-Fpo]) (CONV:
stdcall) [c:\build\chs3\build\mozilla\view\src\nsviewmanager.cpp @ 2246]
0f gklayout!HandleEvent(class nsGUIEvent * aEvent = 0x0012cba8)+0x27 (FPO: [Non-
Fpo]) (CONV: cdecl) [c:\build\chs3\build\mozilla\view\src\nsview.cpp @ 174]
10 gkwidget!nsWindow::DispatchEvent(class nsGUIEvent * event = 0x00000000,
nsEventStatus * aStatus = 0x07d8e910)+0x35 (FPO: [3,0,0]) (CONV: stdcall)
[c:\build\chs3\build\mozilla\widget\src\windows\nswindow.cpp @ 1253]
11 gkwidget!nsWindow::DispatchWindowEvent(class nsGUIEvent * event = 0x00000000)
+0x16 (FPO: [Non-Fpo]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\widget\src\windows\nswindow.cpp @ 1274]
12 gkwidget!nsWindow::DispatchKeyEvent(unsigned int aEventType = 0x83, unsigned
short aCharCode = 0, unsigned int aVirtualCharCode = 0x26, long aKeyData =
0x1480001, unsigned int aFlags = 0)+0xa4 (FPO: [Non-Fpo]) (CONV: thiscall)
[c:\build\chs3\build\mozilla\widget\src\windows\nswindow.cpp @ 3449]
13 gkwidget!nsWindow::OnKeyDown(unsigned int aVirtualKeyCode = 0x26, unsigned
int aScanCode = 0x148, long aKeyData = 0x1480001)+0x30e (FPO: [Non-Fpo]) (CONV:
thiscall) [c:\build\chs3\build\mozilla\widget\src\windows\nswindow.cpp @ 3587]
14 gkwidget!nsWindow::ProcessMessage(unsigned int msg = 0x100, unsigned int
wParam = 0x26, long lParam = 0x1480001, long * aRetValue = 0x0012cf30)+0xa5b
(FPO: [Non-Fpo]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\widget\src\windows\nswindow.cpp @ 4490]
15 gkwidget!nsWindow::WindowProc(struct HWND__ * hWnd = 0x001012a0, unsigned
int msg = 0x100, unsigned int wParam = 0x26, long lParam = 0x7d8e914)+0x9c
(FPO: [Non-Fpo]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\widget\src\windows\nswindow.cpp @ 1435]
16 USER32!InternalCallWinProc+0x28
17 USER32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo])
18 USER32!DispatchMessageWorker+0x306 (FPO: [Non-Fpo])
19 USER32!DispatchMessageW+0xf (FPO: [Non-Fpo])
1a gkwidget!nsAppShell::DispatchNativeEvent(int aRealEvent = 1, void * aEvent =
0x00000000)+0xa (FPO: [3,0,0]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\widget\src\windows\nsappshell.cpp @ 221]
1b jsd3250!jsdService::EnterNestedEventLoop(class jsdINestCallback * callback =
0x00000000, unsigned int * _rval = 0x0012d0ec)+0x127 (FPO: [Non-Fpo]) (CONV:
stdcall) [c:\build\chs3\build\mozilla\js\jsd\jsd_xpc.cpp @ 2966]
1c xpcom_core!XPTC_InvokeByIndex(class nsISupports * that = 0x01b815e0,
unsigned int methodIndex = 0x31, unsigned int paramCount = 2, struct
nsXPTCVariant * params = 0x0012d0dc)+0x27 (CONV: cdecl) [c:\build\chs3
\build\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp @ 102]
1d xpc3250!XPCWrappedNative::CallMethod(class XPCCallContext * ccx =
0x0012d280, XPCWrappedNative::CallMode mode = CALL_METHOD (0))+0x6c4 (FPO: [Non-
Fpo]) (CONV: cdecl) [c:\build\chs3
\build\mozilla\js\src\xpconnect\src\xpcwrappednative.cpp @ 2139]
1e xpc3250!XPC_WN_CallMethod(struct JSContext * cx = 0x01cf31e8, struct
JSObject * obj = 0x0cd3a040, unsigned int argc = 1, long * argv = 0x0b4ae10c,
long * vp = 0x0012d340)+0x8e (FPO: [Non-Fpo]) (CONV: cdecl) [c:\build\chs3
\build\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp @ 1402]
1f js3250!js_Invoke(struct JSContext * cx = 0x00000001, unsigned int argc = 1,
unsigned int flags = 0)+0x539 (FPO: [Uses EBP] [3,35,0]) (CONV: cdecl)
[c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 1163]
20 js3250!js_Interpret(struct JSContext * cx = 0x01cf31e8, unsigned char * pc =
0x0c71f78f ":", long * result = 0x0012d5c0)+0x4ff7 (FPO: [Uses EBP] [3,83,0])
(CONV: cdecl) [c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 3460]
21 js3250!js_Invoke(struct JSContext * cx = 0x00000001, unsigned int argc = 3,
unsigned int flags = 2)+0x57a (FPO: [Uses EBP] [3,35,0]) (CONV: cdecl)
[c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 1183]
22 xpc3250!nsXPCWrappedJSClass::CallMethod(class nsXPCWrappedJS * wrapper =
0x03d42008, unsigned short methodIndex = 3, class nsXPTMethodInfo * info =
0x01abcff0, struct nsXPTCMiniVariant * nativeParams = 0x0012d768)+0x6b1 (FPO:
[Uses EBP] [5,82,0]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\js\src\xpconnect\src\xpcwrappedjsclass.cpp @ 1340]
23 xpc3250!nsXPCWrappedJS::CallMethod(unsigned short methodIndex = 0x2008,
class nsXPTMethodInfo * info = 0x00000003, struct nsXPTCMiniVariant * params =
0x0012d824)+0x27 (FPO: [4,0,0]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\js\src\xpconnect\src\xpcwrappedjs.cpp @ 515]
24 xpcom_core!PrepareAndDispatch(class nsXPTCStubBase * self = 0x0cd42008,
unsigned int methodIndex = 3, unsigned int * args = 0x0012d824, unsigned int *
stackBytesToPop = 0x0012d814)+0xee (FPO: [Non-Fpo]) (CONV: stdcall)
[c:\build\chs3\build\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcstubs.cpp @
117]
25 xpcom_core!SharedStub(void)+0x16 (CONV: cdecl) [c:\build\chs3
\build\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcstubs.cpp @ 147]
26 jsd3250!jsds_ExecutionHookProc(struct JSDContext * jsdc = 0x01ba9e48, struct
JSDThreadState * jsdthreadstate = 0x14154fd0, unsigned int type = 1, void *
callerdata = 0x00000001, long * rval = 0x0012da40)+0x182 (FPO: [Non-Fpo])
(CONV: cdecl) [c:\build\chs3\build\mozilla\js\jsd\jsd_xpc.cpp @ 682]
27 jsd3250!jsd_CallExecutionHook(struct JSDContext * jsdc = 0x01ba9e48, struct
JSContext * cx = 0x01cf31e8, unsigned int type = 1, <function> * hook =
0x010b7eb1, void * hookData = 0x00000001, long * rval = 0x0012da40)+0x56 (FPO:
[Non-Fpo]) (CONV: cdecl) [c:\build\chs3\build\mozilla\js\jsd\jsd_hook.c @ 178]
28 jsd3250!jsd_TrapHandler(struct JSContext * cx = 0x01cf31e8, struct JSScript
* script = 0x0caa9f38, unsigned char * pc = 0x0caa9f69 "S", long * rval =
0x0012da40, void * closure = 0x13fa4b41)+0x6c (FPO: [Non-Fpo]) (CONV: cdecl)
[c:\build\chs3\build\mozilla\js\jsd\jsd_scpt.c @ 735]
29 js3250!JS_HandleTrap(struct JSContext * cx = 0x01cf31e8, struct JSScript *
script = 0x0caa9f38, unsigned char * pc = 0x0caa9f69 "S", long * rval =
0x0012da40)+0x31 (FPO: [Non-Fpo]) (CONV: cdecl) [c:\build\chs3
\build\mozilla\js\src\jsdbgapi.c @ 212]
2a js3250!js_Interpret(struct JSContext * cx = 0x01cf31e8, unsigned char * pc =
0x0caa9f69 "S", long * result = 0x0012daec)+0x1e6 (FPO: [Uses EBP] [3,83,0])
(CONV: cdecl) [c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 4051]
2b js3250!js_Invoke(struct JSContext * cx = 0x00000001, unsigned int argc = 1,
unsigned int flags = 0)+0x57a (FPO: [Uses EBP] [3,35,0]) (CONV: cdecl)
[c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 1183]
2c js3250!js_Interpret(struct JSContext * cx = 0x01cf31e8, unsigned char * pc =
0x1404fd44 ":", long * result = 0x0012dd04)+0x4ff7 (FPO: [Uses EBP] [3,83,0])
(CONV: cdecl) [c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 3460]
2d js3250!js_Invoke(struct JSContext * cx = 0x00000001, unsigned int argc = 2,
unsigned int flags = 0)+0x57a (FPO: [Uses EBP] [3,35,0]) (CONV: cdecl)
[c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 1183]
2e js3250!js_Interpret(struct JSContext * cx = 0x01cf31e8, unsigned char * pc =
0x029f24c6 ":", long * result = 0x0012df1c)+0x4ff7 (FPO: [Uses EBP] [3,83,0])
(CONV: cdecl) [c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 3460]
2f js3250!js_Invoke(struct JSContext * cx = 0x00000001, unsigned int argc = 2,
unsigned int flags = 0)+0x57a (FPO: [Uses EBP] [3,35,0]) (CONV: cdecl)
[c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 1183]
30 js3250!js_Interpret(struct JSContext * cx = 0x01cf31e8, unsigned char * pc =
0x01b245dd ":", long * result = 0x0012e134)+0x4ff7 (FPO: [Uses EBP] [3,83,0])
(CONV: cdecl) [c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 3460]
31 js3250!js_Invoke(struct JSContext * cx = 0x00000001, unsigned int argc = 3,
unsigned int flags = 2)+0x57a (FPO: [Uses EBP] [3,35,0]) (CONV: cdecl)
[c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 1183]
32 xpc3250!nsXPCWrappedJSClass::CallMethod(class nsXPCWrappedJS * wrapper =
0x03592fa8, unsigned short methodIndex = 3, class nsXPTMethodInfo * info =
0x019c7150, struct nsXPTCMiniVariant * nativeParams = 0x0012e2dc)+0x6b1 (FPO:
[Uses EBP] [5,82,0]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\js\src\xpconnect\src\xpcwrappedjsclass.cpp @ 1340]
33 xpc3250!nsXPCWrappedJS::CallMethod(unsigned short methodIndex = 0x2fa8,
class nsXPTMethodInfo * info = 0x00000003, struct nsXPTCMiniVariant * params =
0x0012e398)+0x27 (FPO: [4,0,0]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\js\src\xpconnect\src\xpcwrappedjs.cpp @ 515]
34 xpcom_core!PrepareAndDispatch(class nsXPTCStubBase * self = 0x0c592fa8,
unsigned int methodIndex = 3, unsigned int * args = 0x0012e398, unsigned int *
stackBytesToPop = 0x0012e388)+0xee (FPO: [Non-Fpo]) (CONV: stdcall)
[c:\build\chs3\build\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcstubs.cpp @
117]
35 xpcom_core!SharedStub(void)+0x16 (CONV: cdecl) [c:\build\chs3
\build\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcstubs.cpp @ 147]
36 xpcom_core!XPTC_InvokeByIndex(class nsISupports * that = 0x0c592fa8,
unsigned int methodIndex = 3, unsigned int paramCount = 3, struct nsXPTCVariant
* params = 0x0012e3d4)+0x27 (CONV: cdecl) [c:\build\chs3
\build\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp @ 102]
37 xpc3250!XPCWrappedNative::CallMethod(class XPCCallContext * ccx =
0x0012e578, XPCWrappedNative::CallMode mode = CALL_METHOD (0))+0x6c4 (FPO: [Non-
Fpo]) (CONV: cdecl) [c:\build\chs3
\build\mozilla\js\src\xpconnect\src\xpcwrappednative.cpp @ 2139]
38 xpc3250!XPC_WN_CallMethod(struct JSContext * cx = 0x01cf31e8, struct
JSObject * obj = 0x028a90f0, unsigned int argc = 3, long * argv = 0x02853a28,
long * vp = 0x0012e638)+0x8e (FPO: [Non-Fpo]) (CONV: cdecl) [c:\build\chs3
\build\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp @ 1402]
39 js3250!js_Invoke(struct JSContext * cx = 0x00000001, unsigned int argc = 3,
unsigned int flags = 0)+0x539 (FPO: [Uses EBP] [3,35,0]) (CONV: cdecl)
[c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 1163]
3a js3250!js_Interpret(struct JSContext * cx = 0x01cf31e8, unsigned char * pc =
0x00a2ddb2 ":", long * result = 0x0012e8b8)+0x4ff7 (FPO: [Uses EBP] [3,83,0])
(CONV: cdecl) [c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 3460]
3b js3250!js_Invoke(struct JSContext * cx = 0x00000001, unsigned int argc = 1,
unsigned int flags = 2)+0x57a (FPO: [Uses EBP] [3,35,0]) (CONV: cdecl)
[c:\build\chs3\build\mozilla\js\src\jsinterp.c @ 1183]
3c xpc3250!nsXPCWrappedJSClass::CallMethod(class nsXPCWrappedJS * wrapper =
0x0107c918, unsigned short methodIndex = 3, class nsXPTMethodInfo * info =
0x01bff3a0, struct nsXPTCMiniVariant * nativeParams = 0x0012ea60)+0x6b1 (FPO:
[Uses EBP] [5,82,0]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\js\src\xpconnect\src\xpcwrappedjsclass.cpp @ 1340]
3d xpc3250!nsXPCWrappedJS::CallMethod(unsigned short methodIndex = 0xc918,
class nsXPTMethodInfo * info = 0x00000003, struct nsXPTCMiniVariant * params =
0x0012eb1c)+0x27 (FPO: [4,0,0]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\js\src\xpconnect\src\xpcwrappedjs.cpp @ 515]
3e xpcom_core!PrepareAndDispatch(class nsXPTCStubBase * self = 0x0707c918,
unsigned int methodIndex = 3, unsigned int * args = 0x0012eb1c, unsigned int *
stackBytesToPop = 0x0012eb0c)+0xee (FPO: [Non-Fpo]) (CONV: stdcall)
[c:\build\chs3\build\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcstubs.cpp @
117]
3f xpcom_core!SharedStub(void)+0x16 (CONV: cdecl) [c:\build\chs3
\build\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcstubs.cpp @ 147]
40 gklayout!nsEventListenerManager::HandleEventSubType(struct nsListenerStruct
* aListenerStruct = 0x06e95538, class nsIDOMEvent * aDOMEvent = 0x0c504628,
class nsIDOMEventTarget * aCurrentTarget = 0x01cf2fcc, unsigned int aSubType =
0xc504630, unsigned int aPhaseFlags = 4)+0x14e (FPO: [Uses EBP] [5,54,0])
(CONV: thiscall) [c:\build\chs3
\build\mozilla\content\events\src\nseventlistenermanager.cpp @ 1685]
41 gklayout!nsEventListenerManager::HandleEvent(class nsPresContext *
aPresContext = 0x00000000, class nsEvent * aEvent = 0x0012f87c, class
nsIDOMEvent ** aDOMEvent = 0x0012f83c, class nsIDOMEventTarget * aCurrentTarget
= 0x01cf2fcc, unsigned int aFlags = 4, nsEventStatus * aEventStatus =
0x0012f910)+0x241 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\content\events\src\nseventlistenermanager.cpp @ 1786]
42 gklayout!nsGlobalWindow::HandleDOMEvent(class nsPresContext * aPresContext =
0x13536228, class nsEvent * aEvent = 0x0012f87c, class nsIDOMEvent ** aDOMEvent
= 0x0012f83c, unsigned int aFlags = 4, nsEventStatus * aEventStatus =
0x0012f910)+0x24d (FPO: [Non-Fpo]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\dom\src\base\nsglobalwindow.cpp @ 1525]
43 gklayout!nsXULDocument::HandleDOMEvent(class nsPresContext * aPresContext =
0x13536228, class nsEvent * aEvent = 0x00000000, class nsIDOMEvent ** aDOMEvent
= 0x0012f83c, unsigned int aFlags = 4, nsEventStatus * aEventStatus =
0x0012f910)+0x6f (FPO: [Non-Fpo]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\content\xul\document\src\nsxuldocument.cpp @ 1238]
44 gklayout!nsXULElement::HandleDOMEvent(class nsPresContext * aPresContext =
0x13536228, class nsEvent * aEvent = 0x00000000, class nsIDOMEvent ** aDOMEvent
= 0x0012f83c, unsigned int aFlags = 4, nsEventStatus * aEventStatus =
0x0012f910)+0x54a (FPO: [Uses EBP] [5,127,0]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\content\xul\content\src\nsxulelement.cpp @ 2183]
45 gklayout!nsXULElement::HandleDOMEvent(class nsPresContext * aPresContext =
0x13536228, class nsEvent * aEvent = 0x00000000, class nsIDOMEvent ** aDOMEvent
= 0x0012f83c, unsigned int aFlags = 4, nsEventStatus * aEventStatus =
0x0012f910)+0x523 (FPO: [Uses EBP] [5,127,0]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\content\xul\content\src\nsxulelement.cpp @ 2180]
46 gklayout!nsXULElement::HandleDOMEvent(class nsPresContext * aPresContext =
0x13536228, class nsEvent * aEvent = 0x00000000, class nsIDOMEvent ** aDOMEvent
= 0x0012f83c, unsigned int aFlags = 4, nsEventStatus * aEventStatus =
0x0012f910)+0x523 (FPO: [Uses EBP] [5,127,0]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\content\xul\content\src\nsxulelement.cpp @ 2180]
47 gklayout!nsXULElement::HandleDOMEvent(class nsPresContext * aPresContext =
0x13536228, class nsEvent * aEvent = 0x00000000, class nsIDOMEvent ** aDOMEvent
= 0x0012f83c, unsigned int aFlags = 4, nsEventStatus * aEventStatus =
0x0012f910)+0x523 (FPO: [Uses EBP] [5,127,0]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\content\xul\content\src\nsxulelement.cpp @ 2180]
48 gklayout!nsXULElement::HandleDOMEvent(class nsPresContext * aPresContext =
0x13536228, class nsEvent * aEvent = 0x00000000, class nsIDOMEvent ** aDOMEvent
= 0x0012f83c, unsigned int aFlags = 4, nsEventStatus * aEventStatus =
0x0012f910)+0x523 (FPO: [Uses EBP] [5,127,0]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\content\xul\content\src\nsxulelement.cpp @ 2180]
49 gklayout!nsXULElement::HandleChromeEvent(class nsPresContext * aPresContext
= 0x13536228, class nsEvent * aEvent = 0x0012f87c, class nsIDOMEvent **
aDOMEvent = 0x0012f83c, unsigned int aFlags = 4, nsEventStatus * aEventStatus =
0x0012f910)+0x30 (FPO: [Non-Fpo]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\content\xul\content\src\nsxulelement.cpp @ 2881]
4a gklayout!nsGlobalWindow::HandleDOMEvent(class nsPresContext * aPresContext =
0x13536228, class nsEvent * aEvent = 0x0012f87c, class nsIDOMEvent ** aDOMEvent
= 0x0012f83c, unsigned int aFlags = 7, nsEventStatus * aEventStatus =
0x0012f910)+0x1e2 (FPO: [Non-Fpo]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\dom\src\base\nsglobalwindow.cpp @ 1512]
4b gklayout!DocumentViewerImpl::LoadComplete(unsigned int aStatus = 0)+0xa8
(FPO: [Non-Fpo]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\layout\base\nsdocumentviewer.cpp @ 1012]
4c docshell!nsDocShell::EndPageLoad(class nsIWebProgress * aProgress =
0x05e70224, class nsIChannel * aChannel = 0x07c7be6c, unsigned int aStatus = 0)
+0x47 (FPO: [Non-Fpo]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\docshell\base\nsdocshell.cpp @ 4661]
4d docshell!nsWebShell::EndPageLoad(class nsIWebProgress * aProgress =
0x05e70224, class nsIChannel * channel = 0x07c7be6c, unsigned int aStatus = 0)
+0x8d (FPO: [Uses EBP] [3,149,0]) (CONV: thiscall) [c:\build\chs3
\build\mozilla\docshell\base\nswebshell.cpp @ 667]
4e docshell!nsDocShell::OnStateChange(class nsIWebProgress * aProgress =
0x05e70224, class nsIRequest * aRequest = 0x07c7be6c, unsigned int aStateFlags
= 0x5e70224, unsigned int aStatus = 0)+0x1df (FPO: [Non-Fpo]) (CONV: stdcall)
[c:\build\chs3\build\mozilla\docshell\base\nsdocshell.cpp @ 4580]
4f docshell!nsDocLoader::FireOnStateChange(class nsIWebProgress * aProgress =
0x05e70224, class nsIRequest * aRequest = 0x07c7be6c, int aStateFlags =
0x20010, unsigned int aStatus = 0)+0xf5 (FPO: [Non-Fpo]) (CONV: thiscall)
[c:\build\chs3\build\mozilla\uriloader\base\nsdocloader.cpp @ 1220]
50 docshell!nsDocLoader::doStopDocumentLoad(class nsIRequest * request =
0x00c3463f, unsigned int aStatus = 0)+0x22 (FPO: [2,0,0]) (CONV: thiscall)
[c:\build\chs3\build\mozilla\uriloader\base\nsdocloader.cpp @ 851]
51 docshell!nsDocLoader::DocLoaderIsEmpty(void)+0x6c (FPO: [Non-Fpo]) (CONV:
thiscall) [c:\build\chs3\build\mozilla\uriloader\base\nsdocloader.cpp @ 743]
52 docshell!nsDocLoader::OnStopRequest(class nsIRequest * aRequest =
0x13fc6aa8, class nsISupports * aCtxt = 0x00000000, unsigned int aStatus = 0)
+0x18b (FPO: [Non-Fpo]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\uriloader\base\nsdocloader.cpp @ 667]
53 necko!nsLoadGroup::RemoveRequest(class nsIRequest * request = 0x05e70214,
class nsISupports * ctxt = 0x00000000, unsigned int aStatus = 0)+0xb6 (FPO:
[Non-Fpo]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\netwerk\base\src\nsloadgroup.cpp @ 732]
54 gklayout!nsDocument::UnblockOnload(void)+0x3d (FPO: [Non-Fpo]) (CONV:
thiscall) [c:\build\chs3\build\mozilla\content\base\src\nsdocument.cpp @ 5118]
55 gklayout!DestroyImagePLEvent(struct PLEvent * aEvent = 0x778b0c24)+0x10
(FPO: [1,0,0]) (CONV: cdecl) [c:\build\chs3
\build\mozilla\content\base\src\nsimageloadingcontent.cpp @ 670]
56 xpcom_core!PL_DestroyEvent(struct PLEvent * self = 0x778b0c24)+0x2b (FPO:
[1,0,0]) (CONV: cdecl) [c:\build\chs3\build\mozilla\xpcom\threads\plevent.c @
727]
57 xpcom_core!PL_HandleEvent(struct PLEvent * self = 0x778b0c24)+0x47 (FPO:
[1,0,0]) (CONV: cdecl) [c:\build\chs3\build\mozilla\xpcom\threads\plevent.c @
699]
58 xpcom_core!PL_ProcessPendingEvents(struct PLEventQueue * self = 0x778b0c24)
+0x61 (FPO: [Uses EBP] [1,0,0]) (CONV: cdecl) [c:\build\chs3
\build\mozilla\xpcom\threads\plevent.c @ 623]
59 xpcom_core!_md_TimerProc(struct HWND__ * hwnd = 0x77d49857, unsigned int
uMsg = 0x1002bd8c, unsigned int idEvent = 0xbaa03b0, unsigned long dwTime =
0x113)+0x2d (FPO: [4,0,0]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\xpcom\threads\plevent.c @ 1013]
5a USER32!InternalCallWinProc+0x28
5b USER32!UserCallWinProc+0xf3 (FPO: [Non-Fpo])
5c USER32!DispatchMessageWorker+0x10e (FPO: [Non-Fpo])
5d USER32!DispatchMessageW+0xf (FPO: [Non-Fpo])
5e gkwidget!nsAppShell::Run(void)+0x10c (FPO: [Non-Fpo]) (CONV: stdcall)
[c:\build\chs3\build\mozilla\widget\src\windows\nsappshell.cpp @ 159]
5f appcomps!nsAppStartup::Run(void)+0xd (FPO: [1,0,0]) (CONV: stdcall)
[c:\build\chs3\build\mozilla\xpfe\components\startup\src\nsappstartup.cpp @ 208]
60 HsEngine!main1(int argc = 3, char ** argv = 0x002a4728, class nsISupports *
nativeApp = 0x00000020)+0x355 (FPO: [Non-Fpo]) (CONV: cdecl) [c:\build\chs3
\build\mozilla\xpfe\bootstrap\nsapprunner.cpp @ 1264]
61 HsEngine!main(int argc = 3, char ** argv = 0x002a4728)+0xc5 (FPO: [Non-Fpo])
(CONV: cdecl) [c:\build\chs3\build\mozilla\xpfe\bootstrap\nsapprunner.cpp @
1765]
62 HsEngine!WinMain(struct HINSTANCE__ * __formal = 0x7c816d4f, struct
HINSTANCE__ * __formal = 0x80000001, char * args =
0x0853ee34 "mponents/hsRecord.js", int __formal = 0x7ffd4000)+0x18 (FPO:
[4,0,0]) (CONV: stdcall) [c:\build\chs3
\build\mozilla\xpfe\bootstrap\nsapprunner.cpp @ 1789]
63 HsEngine!WinMainCRTStartup(void)+0x185 (FPO: [Non-Fpo]) (CONV: cdecl)
[f:\vs70builds\3077\vc\crtbld\crt\src\crtexe.c @ 390]
64 kernel32!BaseProcessStart+0x23 (FPO: [Non-Fpo])
oops, this is 1.8 branch. i don't see anything protecting handler, and i
believe it's the thing that was killed.
Version: Trunk → 1.8 Branch
|
Assignee | |
Comment 2•20 years ago
|
||
Most of this patch is just me consolidating the two sets of named root helpers
we had into a single set in nsContentUtils (and fixing up the Add code to
really deal with errors; please check over that carefully!). The part that
fixes this bug is just the single nsAutoGCRoot in nsXBLPrototypeHandler.
Attachment #196349 -
Flags: superreview?(brendan)
Attachment #196349 -
Flags: review?(jst)
|
||
Comment 3•20 years ago
|
||
Comment on attachment 196349 [details] [diff] [review]
Proposed patch
Seems ok to me, just wish we could make nsXULPrototypeScript's ctor fail when
the add-root fails, to avoid the rv out param and extra code in caller.
/be
Attachment #196349 -
Flags: superreview?(brendan) → superreview+
|
|
Assignee | |
Comment 4•20 years ago
|
||
Yeah, I wish that too. Just don't know of a way to do it...
|
||
Comment 5•20 years ago
|
||
Comment on attachment 196349 [details] [diff] [review]
Proposed patch
+PRInt32 nsContentUtils::sScriptRuntimeRefcnt = 0;
Maybe name that sScriptRootCount or something, it's got nothing to do with the
reference count to or in the script runtime...
- In nsContentUtils::AddJSGCRoot(void* aPtr, const char* aName):
+ if (!sScriptRuntime) {
...
+ if (! sScriptRuntime) {
Remove the space after '!'.
...
+ if (! ok) {
Same here.
r=jst
Attachment #196349 -
Flags: review?(jst) → review+
|
|
Assignee | |
Comment 6•20 years ago
|
||
|
|
Assignee | |
Comment 7•20 years ago
|
||
Requesting approval. This is pretty safe (just moving code around, mostly) and
should fix some more of these fun GC crashes.
Attachment #196349 -
Attachment is obsolete: true
Attachment #197238 -
Flags: approval1.8b5?
|
|
Assignee | |
Comment 8•20 years ago
|
||
Fixed on trunk
Status: NEW → RESOLVED
Closed: 20 years ago
Priority: -- → P2
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.8beta5
|
|
||
Comment 9•20 years ago
|
||
This bug's patch is safe, and clearly a win for correctness. It's not the total
solution, but it will help clarify the bugscape in 1.8, and spare users some
real crash hazards.
/be
Flags: blocking1.8b5+
|
||
Updated•20 years ago
|
Attachment #197238 -
Flags: approval1.8b5? → approval1.8b5+
|
||
Comment 11•20 years ago
|
||
FYI. I believe I may have experienced this crash with the 2005092607 1.8 branch
build on Windows. See talkback ID 9789458.
Based on comment #10, I'm assuming my build was just too old.
|
||
Updated•14 years ago
|
Crash Signature: [@ js_GetSlotThreadSafe]
You need to log in
before you can comment on or make changes to this bug.
Description
•