Closed
Bug 319934
Opened 19 years ago
Closed 17 years ago
Crash on quit just as an nsXMLHttpRequest is fired [@ nsContentUtils::GetDocShellFromCaller]
Categories
(Core :: XML, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha5
People
(Reporter: sfraser_bugs, Assigned: benjamin)
References
()
Details
(Keywords: crash, fixed1.8.1.5, topcrash)
Crash Data
Attachments
(1 file)
1.04 KB,
patch
|
dbaron
:
review+
dbaron
:
superreview+
dveditz
:
approval1.8.1.5+
|
Details | Diff | Splinter Review |
I just had a crash on quit while sitting on a wired.com page. The stack is interesting: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000 Thread 0 Crashed: 0 libgklayout.dylib 0x0a1c00ac nsContentUtils::GetDocShellFromCaller() + 48 (nsContentUtils.cpp:888) 1 libgklayout.dylib 0x0a1d48d8 nsDOMImplementation::CreateDocument(nsAString_internal const&, nsAString_internal const&, nsIDOMDocumentType*, nsIDOMDocument**) + 832 (nsDocument.cpp:594) 2 libxmlextras.dylib 0x2399df44 nsXMLHttpRequest::OnStartRequest(nsIRequest*, nsISupports*) + 688 (nsXMLHttpRequest.cpp:1227) 3 libnecko.dylib 0x082cb2f4 nsHttpChannel::CallOnStartRequest() + 748 (nsHttpChannel.cpp:760) 4 libnecko.dylib 0x082d8684 nsHttpChannel::OnStartRequest(nsIRequest*, nsISupports*) + 624 (nsHttpChannel.cpp:4010) 5 libnecko.dylib 0x082105f4 nsInputStreamPump::OnStateStart() + 280 (nsInputStreamPump.cpp:381) 6 libnecko.dylib 0x082103bc nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) + 200 (nsInputStreamPump.cpp:337) 7 libxpcom_core.dylib 0x01945dac nsInputStreamReadyEvent::EventHandler(PLEvent*) + 168 (nsStreamUtils.cpp:120) 8 libxpcom_core.dylib 0x0188c928 PL_HandleEvent + 116 (plevent.c:688) 9 libxpcom_core.dylib 0x0188c740 PL_ProcessPendingEvents + 260 (plevent.c:624) 10 libxpcom_core.dylib 0x0189001c nsEventQueueImpl::ProcessPendingEvents() + 144 (nsEventQueue.cpp:421) 11 libxpcom_core.dylib 0x01819fb0 NS_ShutdownXPCOM_P + 420 (nsXPComInit.cpp:827) 12 libxpcom.dylib 0x00d95240 NS_ShutdownXPCOM + 32 (nsXPComStub.cpp:140) 13 org.mozilla.camino 0x000e8bb0 NS_TermEmbedding + 204 (nsEmbedAPI.cpp:215) ... We're servicing PLEvents from NS_ShutdownXPCOM, and happen to catch a plevent that involves nsXMLHttpRequest::OnStartRequest.
Updated•19 years ago
|
Severity: normal → critical
Summary: Crash on quit just as an nsXMLHttpRequest is fired → Crash on quit just as an nsXMLHttpRequest is fired [@ nsContentUtils::GetDocShellFromCaller]
Comment 1•19 years ago
|
||
People are calling into the layout module after it's shut down... Should revisit this after bug 316414 is fixed and see whether we still have a problem. I suspect we will not.
Depends on: 316414
Updated•19 years ago
|
Assignee: nobody → general
Component: Layout → DOM
QA Contact: layout → ian
xmlhttprequest should probably be listening for some flavor of xpcomshutdown ... although that sounds strange. alternatively the input pump should listen and arrange to discard things when it's notified of shutdown.
Component: DOM → XML
Assignee | ||
Comment 3•19 years ago
|
||
Or going offline should fire stoprequest notifications on open HTTP channels...
Comment 4•19 years ago
|
||
Well, if we fix bug 316414 this event processing thing will happen while we still have references to the various services in nsContentUtils... So we'll be fine.
Comment 5•19 years ago
|
||
(In reply to comment #3) > Or going offline should fire stoprequest notifications on open HTTP channels... and we do...
Comment 6•19 years ago
|
||
er, "it does". at least since bug 202638 was fixed, which was on 2004-08-04.
Keywords: topcrash
Comment 7•18 years ago
|
||
A page containing the script below crashes Firefox 1.5.0.6 on Mac OS X 10.2.8 every once in a while when the window is closed. The crash seems to occur only on that platform; since this bug was reported for Mac OS X 10.2, it's seems likely that it's the same bug. This is forcing us to explicitly launch Safari instead. Is anyone working on this bug? <script language="javascript"> function doExit () { if (self.XMLHttpRequest) req = new XMLHttpRequest(); else req = new ActiveXObject("Microsoft.XMLHTTP"); req.open("GET","/hastalavista"); req.send (null); alert ("YOU ARE LEAVING\nTHE AMERICAN SECTOR"); } window.onbeforeunload = doExit; </script>
Comment 8•18 years ago
|
||
A correction to comment #7 -- the crash occurs not only under OS X 10.2.8, also under OS X 10.4.7.
Comment 9•18 years ago
|
||
> Is anyone working on this bug? See comment 1. If people want to try to spot-hack this, you could make nsXMLHttpRequest observe some sort of shutdown notification that comes _before_ XPCOM_SHUTDOWN. If we have one... But what I really wonder is whether this is a problem on trunk. I would bet it's not.
Comment 10•17 years ago
|
||
bug 380468 implies that it is still present on trunk.
Assignee | ||
Updated•17 years ago
|
Assignee: general → benjamin
Flags: blocking1.9?
Priority: -- → P2
Target Milestone: --- → mozilla1.9alpha5
Assignee | ||
Comment 11•17 years ago
|
||
Attachment #264999 -
Flags: superreview?(dbaron)
Attachment #264999 -
Flags: review?(dbaron)
Comment on attachment 264999 [details] [diff] [review] Hold the layout module alive while there are xmlhttprequest objects, rev. 1 r+sr=dbaron
Attachment #264999 -
Flags: superreview?(dbaron)
Attachment #264999 -
Flags: superreview+
Attachment #264999 -
Flags: review?(dbaron)
Attachment #264999 -
Flags: review+
Assignee | ||
Comment 13•17 years ago
|
||
Fixed on trunk. Might be worth putting this on the 1.8.1 branch as well.
Status: NEW → RESOLVED
Closed: 17 years ago
Flags: blocking1.8.1.5?
Resolution: --- → FIXED
Assignee | ||
Updated•17 years ago
|
Attachment #264999 -
Flags: approval1.8.1.5?
Updated•17 years ago
|
Flags: in-testsuite?
Comment 14•17 years ago
|
||
Don't think this is a branch "blocker" but we'll look at the approval request.
Flags: blocking1.8.1.5?
Comment 15•17 years ago
|
||
Comment on attachment 264999 [details] [diff] [review] Hold the layout module alive while there are xmlhttprequest objects, rev. 1 approved for 1.8.1.5, a=dveditz for release-drivers
Attachment #264999 -
Flags: approval1.8.1.5? → approval1.8.1.5+
Updated•13 years ago
|
Crash Signature: [@ nsContentUtils::GetDocShellFromCaller]
You need to log in
before you can comment on or make changes to this bug.
Description
•