Closed
Bug 319293
Opened 19 years ago
Closed 19 years ago
Crash [@ nsDOMClassInfo::MarkReachablePreservedWrappers]
Categories
(Core :: DOM: Core & HTML, defect, P1)
Tracking
()
VERIFIED
FIXED
mozilla1.9alpha1
People
(Reporter: aguertin+bugzilla, Assigned: dbaron)
References
Details
(4 keywords, Whiteboard: [patch])
Crash Data
Attachments
(2 files)
373 bytes,
image/svg+xml
|
Details | |
1.04 KB,
patch
|
mrbkap
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
I'm crashing on trunk trying to look at an svg file in DOM Inspector. FF1.5 works fine.
Talkbacks 12659844, TB12659807, TB12659594, TB12659568, TB12659561
Testcase (not minimized, but it's small anyway) coming up.
Reporter | ||
Comment 1•19 years ago
|
||
To crash:
Open DOM Inspector
Select the #document node
In the right pane, change view to Javascript Object
Expand Subject (or just wait?)
Comment 2•19 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051206 Firefox/1.6a1 ID:2005120605
Only trunk, don't see this in branch builds.
Comment 3•19 years ago
|
||
That's because bug 241518 hasn't landed on branch.
For what it's worth, this looks like bug 319333 which has a description of the code-level problem. This bug has better steps to reproduce, though.
Comment 4•19 years ago
|
||
*** Bug 319333 has been marked as a duplicate of this bug. ***
No longer depends on: 319333
Comment 5•19 years ago
|
||
#6 0xb6b1b9d9 in nsDOMClassInfo::MarkReachablePreservedWrappers
(aParticipant=0x0, cx=0x8b62718, arg=0x0) at
/moz/mozilla/dom/src/base/nsDOMClassInfo.cpp:5067
#7 0xb6b1c6d0 in nsEventReceiverSH::Mark (this=0x8c799d8, wrapper=0x8c79b40,
cx=0x8b62718, obj=0x8b6ea08, arg=0x0, _retval=0xbfa14a8c) at
/moz/mozilla/dom/src/base/nsDOMClassInfo.cpp:6691
#8 0xb6fce10c in XPC_WN_Helper_Mark (cx=0x8b62718, obj=0x8b6ea08, arg=0x0) at
/moz/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1029
#9 0xb7e714d9 in js_Mark (cx=0x8b62718, obj=0x8b6ea08, arg=0x0) at
/moz/mozilla/js/src/jsobj.c:4229
...
(gdb) frame 8
#8 0xb6fce10c in XPC_WN_Helper_Mark (cx=0x8b62718, obj=0x8b6ea08, arg=0x0) at
/moz/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1029
1029 wrapper->GetScriptableCallback()->Mark(wrapper, cx, obj, arg,
&ignored);
(gdb) p *wrapper
$1 = {<nsIXPConnectWrappedNative> = {<nsIXPConnectJSObjectHolder> =
{<nsISupports> = {_vptr.nsISupports = 0xb6ff14e8}, <No data fields>}, mIdentity
= 0x88f9470}, mRefCnt = {mValue = 1}, _mOwningThread = {mThread = 0x804a548},
{mMaybeScope = 0x8c79a50, mMaybeProto = 0x8c79a50}, mSet = 0x8c79a08,
mFlatJSObject = 0x8b6ea08, mScriptableInfo = 0x8c53450, mFirstChunk =
{mTearOffs = {{mInterface = 0x864e000, mNative = 0x88f948c, mJSObject = 0x0}},
mNextChunk = 0x8c81158}, mNativeWrapper = 0x0, mThread = 0x804a548, static
gMainThread = 0x804a548}
(gdb) p wrapper->mIdentity
$2 = (nsISupports *) 0x88f9470
(gdb) x *(void**) wrapper->mIdentity
0xb6d918a8 <_ZTV17nsDOMDocumentType+8>: 0xb68b6f46
bz noted that nsDOMDocumentType doesn't forward QI to nsGenericDOMDataNode,
that it doesn't implement nsIDOMEventReceiver either, and that
nsDOMDocumentType uses nsNodeSH, too.
Comment 6•19 years ago
|
||
*** Bug 320157 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 7•19 years ago
|
||
Still need to look into why the testcase leaks, though...
Attachment #205793 -
Flags: superreview?
Attachment #205793 -
Flags: review?(mrbkap)
Assignee | ||
Updated•19 years ago
|
Attachment #205793 -
Flags: superreview? → superreview?(jst)
Comment 8•19 years ago
|
||
Comment on attachment 205793 [details] [diff] [review]
patch
I probably should have caught this before :-(.
Attachment #205793 -
Flags: review?(mrbkap) → review+
Assignee | ||
Updated•19 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [patch]
Target Milestone: --- → mozilla1.9alpha
Comment 9•19 years ago
|
||
Comment on attachment 205793 [details] [diff] [review]
patch
sr=jst
Attachment #205793 -
Flags: superreview?(jst) → superreview+
Assignee | ||
Comment 10•19 years ago
|
||
Checked in to trunk.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 11•19 years ago
|
||
(In reply to comment #7)
> Still need to look into why the testcase leaks, though...
See bug 320211.
Comment 12•19 years ago
|
||
*** Bug 320317 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 13•18 years ago
|
||
Fixed on MOZILLA_1_8_BRANCH by checkin of bug 336791.
Keywords: fixed1.8.1
Comment 14•18 years ago
|
||
verified fixed 1.8 20061010 1.9 20061011 windows/linux
Status: RESOLVED → VERIFIED
Keywords: fixed1.8.1 → verified1.8.1
Updated•13 years ago
|
Crash Signature: [@ nsDOMClassInfo::MarkReachablePreservedWrappers]
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•