Last Comment Bug 316114 - myspace and other site crash [@ nsXPConnect::ReleaseJSContext]
: myspace and other site crash [@ nsXPConnect::ReleaseJSContext]
Status: RESOLVED FIXED
: crash, fixed1.8, topcrash
Product: Core
Classification: Components
Component: XPConnect (show other bugs)
: 1.0 Branch
: x86 Windows XP
: -- normal (vote)
: ---
Assigned To: David Bradley
: Phil Schwartau
Mentors:
http://myspace.com
Depends on: 316025
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-11 13:47 PST by chris hofmann
Modified: 2006-06-20 12:21 PDT (History)
9 users (show)
mtschrep: blocking1.8.1-
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description chris hofmann 2005-11-11 13:47:24 PST
This #2 top crash for 1.5 RC1 might be related to the number# top crash reported in Bug 316025

here is stack info out of talkback

nsXPConnect::ReleaseJSContext 3ee838a7
Product ID	Firefox15
Build ID	2005110712
Trigger Time	2005-11-11 10:54:23.0
Platform	Win32
Operating System	Windows NT 5.1 build 2600
Module	firefox.exe + (0000d8f7)
URL visited	http://browseusers.myspace.com/Browse/Browse.aspx?z=1&Mytoken=955FB0B2-C094-8404-522777CD4DAF9DFE1662130
User Comments	
Since Last Crash	3440 sec
Total Uptime	3440 sec
Trigger Reason	Access violation
Source File, Line No.	c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/nsXPConnect.cpp, line 1176
Stack Trace 	
nsXPConnect::ReleaseJSContext  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/nsXPConnect.cpp, line 1176]
nsDocShell::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp, line 3505]
nsFrameLoader::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsFrameLoader.cpp, line 219]
nsGenericHTMLFrameElement::UnbindFromTree  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/html/content/src/nsGenericHTMLElement.cpp, line 3578]
nsHTMLBodyElement::UnbindFromTree  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/html/content/src/nsHTMLBodyElement.cpp, line 425]
nsDocument::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsDocument.cpp, line 4907]
DocumentViewerImpl::Close  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/base/nsDocumentViewer.cpp, line 1285]
nsDocShell::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp, line 3494]
nsFrameLoader::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsFrameLoader.cpp, line 219]
nsSubDocumentFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/generic/nsFrameFrame.cpp, line 572]
nsFrameList::DestroyFrames  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/generic/nsFrameList.cpp, line 138]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsPositionedInlineFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/generic/nsInlineFrame.cpp, line 1079]
DocumentViewerImpl::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/base/nsDocumentViewer.cpp, line 1438]
nsDocShell::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp, line 3495]
nsXULWindow::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/xpfe/appshell/src/nsXULWindow.cpp, line 511]
nsWebShellWindow::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/xpfe/appshell/src/nsWebShellWindow.cpp, line 850]
nsWebShellWindow::HandleEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/xpfe/appshell/src/nsWebShellWindow.cpp, line 408]
nsWindow::DispatchEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1252]
nsWindow::DispatchStandardEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1292]
nsWindow::ProcessMessage  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 4292]
nsWindow::WindowProc  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1434]
USER32.dll + 0x8734 (0x77d18734)
USER32.dll + 0x8816 (0x77d18816)
USER32.dll + 0xb4c0 (0x77d1b4c0)
USER32.dll + 0xb50c (0x77d1b50c)
ntdll.dll + 0xeae3 (0x7c91eae3)
USER32.dll + 0xb3f9 (0x77d1b3f9)
USER32.dll + 0xb393 (0x77d1b393)
nsWindow::DefaultWindowProc  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1460]
USER32.dll + 0x8734 (0x77d18734)
USER32.dll + 0x8816 (0x77d18816)
USER32.dll + 0xc63f (0x77d1c63f)
USER32.dll + 0xc665 (0x77d1c665)
nsWindow::WindowProc  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1441]
USER32.dll + 0x8734 (0x77d18734)
USER32.dll + 0x8816 (0x77d18816)
USER32.dll + 0xb4c0 (0x77d1b4c0)
USER32.dll + 0xb50c (0x77d1b50c)
ntdll.dll + 0xeae3 (0x7c91eae3)
USER32.dll + 0xb3f9 (0x77d1b3f9)
USER32.dll + 0xb393 (0x77d1b393)
nsWindow::DefaultWindowProc  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1460]
USER32.dll + 0x8734 (0x77d18734)
USER32.dll + 0x8816 (0x77d18816)
USER32.dll + 0xc63f (0x77d1c63f)
USER32.dll + 0xc665 (0x77d1c665)
nsWindow::WindowProc  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1441]
USER32.dll + 0x8734 (0x77d18734)
USER32.dll + 0x8816 (0x77d18816)
USER32.dll + 0x89cd (0x77d189cd)
USER32.dll + 0x8a10 (0x77d18a10)
nsAppShell::Run  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsAppShell.cpp, line 159]
nsAppStartup::Run  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 151]
main  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 61]
kernel32.dll + 0x16d4f (0x7c816d4f)
Comment 1 Boris Zbarsky [:bz] (still a bit busy) 2005-11-11 14:15:18 PST
Hmm... The top frame looks like this on branch:

1172                              for(XPCCallContext* cur = tls->GetCallContext(); 
1173                                  cur; 
1174                                  cur = cur->GetPrevCallContext())
1175                              {
1176                                  if(cur->GetJSContext() == aJSContext)
1177                                  {
1178                                      ccx = cur;
1179                                      // Keep looping to find the deepest matching call context.
1180                                  }
1181                              }

with talkback claming we crash in 1176...  This code has been around for forever now (August 2001).

The odd part is that nsDocShell::Destroy does not call nsXPConnect::ReleaseJSContext directly.  That's called from the nsJSContext destructor, which _could_ be called from Destroy...

Except docshell on branch looks like this:

3499                           if (mObserveErrorPages) {
3500                               nsCOMPtr<nsIPrefBranch2> prefs(do_QueryInterface(mPrefs));
3501                               if (prefs) {
3502                                   prefs->RemoveObserver("browser.xul.error_pages.enabled", this);
3503                                   mObserveErrorPages = PR_FALSE;
3504                               }
3505                           }
3506                       
3507                           // Fire unload event before we blow anything away.

3508 bryner          1.687     (void) FirePageHideNotification(PR_TRUE);

Nothing even close to 3505 to be crashing.  We'd have to be in line 3540 (the block where we mess with mScriptGlobal) to affect this, I'd think.

For the next stack frame, the frame loader calls nsDocShell::Destroy in line 216, not 219.  But that's closer to how much talkback is usually off by....
Comment 2 chris hofmann 2005-11-11 15:59:34 PST
http://talkback-public.mozilla.org/reports/firefox/FF107/url-analysis-all.html shows that we have a good deal of trouble with myspace on 1.0.7 but not with a stack signature that shows nsXPConnect::ReleaseJSContext

http://talkback-public.mozilla.org/reports/firefox/FF107/FF107-topcrashers.html
show the nsXPConnect::ReleaseJSContext signature ranks at #60.

60 	nsXPConnect::ReleaseJSContext 	0.24% 	

so it's possible that we have wiped out 59 of the top crash bugs in 1.0.7 and this signature has bubbled to the top, or we have raised the visibility of an old bug somewhere in the last year, or some combination of both.



Comment 3 chris hofmann 2005-11-11 16:55:32 PST
http://talkback-public.mozilla.org/reports/firefox/FF15rc1/FF15rc1-topcrashers.html

shows nsXPConnect::ReleaseJSContext ranking 34th in RC1  so it is up in ranking the early days RC2.
Comment 4 chris hofmann 2005-11-11 17:13:04 PST
ranking was 152 nsXPConnect::ReleaseJSContext 	0.08% 	in FF15b2 (Firefox15)
Comment 5 chris hofmann 2005-11-11 17:20:09 PST
and about the same in beta1 and alpha2
 -> FF15b1 (Firefox15) 
    rank 150 nsXPConnect::ReleaseJSContext 	0.06% 	
 
 -> FF11a2 (FirefoxTrunk)
    rank 206 nsXPConnect::ReleaseJSContext 	0.05% 	with 1 crash in Alpha 2
Comment 6 chris hofmann 2005-11-11 17:30:14 PST
people seem to be hitting it every few days on the trunk and it ranks 34th where incoming data rate is low.
http://talkback-public.mozilla.org/reports/firefox/FFTrunk/FFTrunk-topcrashers.html

from this it does look like the exposure to the crash is higher in RC2 than any previous release or the trunk; although its tough to tell when the incoming data rates and number of black boxes are low.

Are there any patches that are on the branch that are not on the trunk that have been taken since RC1 and might be related?
Comment 7 chris hofmann 2005-11-11 19:28:05 PST
areas to test to try and reproduce out of the talkback data

http://www.espn.go.com
http://www.foxsports.com

http://www.pcwelt.de/

http://www.ec.kingston.com/ecom/configurator/modelsinfo.asp?SysID=21208&mfr=Dell&model=PowerEdge+SC1425&Sys=21208-Dell-PowerEdge+SC1425&distributor=0&submit1=Search

http://google.com/ig
Froze, did not give Not Responding notification, unable to change tabs or open new tabs

http://www.Netscape.com

http://www.seznam.cz

http://twit.tv

http://nyspace.com and http://youtube.com
Uploading a video to myspace and updating profile.

http://myspace.com  - windows media caused it

Switching pages on myspace and it stalled.

Reloading a specific tab, then closing Firefox.

http://www.myspace.com - checking myspace mailbox

http://myspace.com i had just clicked a link to view someones pictures.

http://www.myspace.com -  I was just trying to close it anyway. I am not dure why it failed, but it was having prblems loading that page too.

http://www.myspace.com/atiim
http://www.myspace.com/evildustmite
http://www.myspace.com/panicatthedisco
Trying to open this page for a second time crashed the browser

http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=9036085&Mytoken=1140CA3E-54D9-5463-397BBBF171912A739506431
http://browseusers.myspace.com/Browse/Browse.aspx?z=1&Mytoken=955FB0B2-C094-8404-522777CD4DAF9DFE1662130

http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendID=7604148&Mytoken=20050706150139

http://europe.nokia.com/nokia/0,,64474,00.html
Just downloaded one INF file (http://europe.nokia.com/popupDisclaimer?productId=421&categoryId=55&disclaimerId=9&fileId=7487&languageId=1) and clicked to download another one

http://www.nikeid.com

I was closing a Yahoo Sports page that had been automatically pulled up by clicking on a link for Marvin Williams (forward on the Atlanta Hawks). I don't have the URL info, but the page had been up 100% and I was just closing it, with no "end now" prompts

http://www.classmates.com
Completing Personal Profile when program crashed.

http://www.emp3finder.com
Closed some tabs

http://www.google.com.mx

http://www.mikeslist.com/85.htm
Comment 8 chris hofmann 2005-11-11 20:04:04 PST
grinding down through these tests it seems like http://www.myspace.com/evildustmite is the best way to reproduce. 

first time I loaded it it had problems getting all the content loaded and try to shut down the window after it had been spinning for awhile, then crashed.

second time the page loaded fully, then hit back, then forward, then crashed.

the blackboxes should be ready to dig out of talkback in a few hours.  search for URL http://www.myspace.com/evildustmite
Comment 9 Boris Zbarsky [:bz] (still a bit busy) 2005-11-11 20:23:42 PST
> grinding down through these tests it seems like
> http://www.myspace.com/evildustmite is the best way to reproduce. 

I just tried this in a debug build (where layout deleted-frame-access crashes crash at access instead of corrupting memory), and crashed with the stack from bug 316025 twice in a row.

So Chris, you might have been right in your initial guess...  :)
Comment 10 chris hofmann 2005-11-11 20:52:25 PST
I hope so..;-)

I try a couple of older builds I had lying around and can't seem to reproduce

Beta 2  -  Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20050924 (No IDN) Firefox/1.4

and seamonkey Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050310

The other thing I notice in testing these builds is the dramtic performance difference in loading the page.   RC2 is much slower.  I hope we also see perforance come back if the fix for Bug 316025 stops the crash.
Comment 11 Boris Zbarsky [:bz] (still a bit busy) 2005-11-11 20:56:10 PST
> RC2 is much slower.

Hmm.  If that's still the case in tomorrow's builds, file a separate bug on it and cc me, please?
Comment 12 chris hofmann 2005-11-11 21:07:38 PST
the orginal blackbox that got us looking at http://www.myspace.com/evildustmite is

Incident ID: 11718193
Stack Signature	nsXPConnect::ReleaseJSContext ee994bb2
Product ID	Firefox15
Build ID	2005110712
Trigger Time	2005-11-11 07:50:04.0
Platform	Win32
Operating System	Windows NT 5.1 build 2600
Module	firefox.exe + (0000d8f7)
URL visited	http://www.myspace.com/evildustmite
User Comments	
Since Last Crash	136 sec
Total Uptime	2459 sec
Trigger Reason	Access violation
Source File, Line No.	c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/nsXPConnect.cpp, line 1176
Stack Trace 	
nsXPConnect::ReleaseJSContext  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/nsXPConnect.cpp, line 1176]
nsDocShell::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp, line 3505]
nsFrameLoader::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsFrameLoader.cpp, line 219]
nsGenericHTMLFrameElement::UnbindFromTree  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/html/content/src/nsGenericHTMLElement.cpp, line 3578]
nsGenericElement::UnbindFromTree  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 1972]
nsGenericElement::UnbindFromTree  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 1972]
nsGenericElement::UnbindFromTree  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 1972]
nsGenericElement::UnbindFromTree  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 1972]
nsGenericElement::UnbindFromTree  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 1972]
nsHTMLBodyElement::UnbindFromTree  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/html/content/src/nsHTMLBodyElement.cpp, line 425]
nsDocument::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsDocument.cpp, line 4907]
DocumentViewerImpl::Close  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/base/nsDocumentViewer.cpp, line 1285]
nsDocShell::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp, line 3494]
nsFrameLoader::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsFrameLoader.cpp, line 219]
nsSubDocumentFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/generic/nsFrameFrame.cpp, line 572]
nsFrameList::DestroyFrames  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/generic/nsFrameList.cpp, line 138]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsBoxFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsBoxFrame.cpp, line 1120]
nsPositionedInlineFrame::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/generic/nsInlineFrame.cpp, line 1079]
DocumentViewerImpl::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/base/nsDocumentViewer.cpp, line 1438]
nsDocShell::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp, line 3495]
nsXULWindow::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/xpfe/appshell/src/nsXULWindow.cpp, line 511]
nsWebShellWindow::Destroy  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/xpfe/appshell/src/nsWebShellWindow.cpp, line 850]
nsWebShellWindow::HandleEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/xpfe/appshell/src/nsWebShellWindow.cpp, line 408]
nsWindow::DispatchEvent  [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1252]
Comment 13 chris hofmann 2005-11-11 22:09:12 PST
Tested http://www.myspace.com/evildustmite on chase's window respin with today's fixes
Win32: http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2005-11-11-17-mozilla1.8/

can't seem to crash it now and page loading perf looks good too.

"You bet your sweet Aspercreme!"  ;-)
Comment 14 chris hofmann 2005-11-14 12:01:47 PST
marking fixed 1.8 to get on the testing radar for firefox 1.5.
Comment 15 Mike Schroepfer 2006-06-20 12:21:14 PDT
Chris - do you know if this is fixed or not on 1.8

Note You need to log in before you can comment on or make changes to this bug.