Closed
Bug 322131
Opened 19 years ago
Closed 16 years ago
Invalid heap pointer on shutdown after installing venkman [@ libc.so.6 - JS_FinalizeStringRT()]
Categories
(Core Graveyard :: Installer: XPInstall Engine, defect)
Core Graveyard
Installer: XPInstall Engine
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: bc, Unassigned)
References
Details
(Keywords: crash, topcrash)
Crash Data
Steps to reproduce:
1. Start debug build of Firefox trunk/winxp.
2. Install Venkman
3. Shutdown browser to complete Venkman installation.
4. See dialog about invalid heap.
###!!! ASSERTION: CheckForDeactivation called from wrong thread!: 'Error', file
c:/work/mozilla/builds/ff/trunk-test/mozilla/xpcom/threads/nsEventQueue.cpp, line 255
/*
* If this ASSERT fails, a bad pointer has been passed in. It may be
* totally bogus, or it may have been allocated from another heap.
* The pointer MUST come from the 'local' heap.
*/
_ASSERTE(_CrtIsValidHeapPointer(pUserData));
_free_dbg_lk(void * 0x03651420, int 0x00000001) line 1044 + 48 bytes
_free_dbg(void * 0x03651420, int 0x00000001) line 1001 + 13 bytes
free(void * 0x03651420) line 956 + 11 bytes
js_FinalizeStringRT(JSRuntime * 0x00fb0068, JSString * 0x02d8c538) line 2715 +
13 bytes
js_atom_uninterner(JSHashEntry * 0x03651550, int 0x00000a72, void * 0x0012fb00)
line 403 + 21 bytes
JS_HashTableEnumerateEntries(JSHashTable * 0x0104d538, int (JSHashEntry *, int,
void *)* 0x00438c20 js_atom_uninterner(JSHashEntry *, int, void *), void *
0x0012fb00) line 362 + 15 bytes
js_FinishAtomState(JSAtomState * 0x00fb0204) line 418 + 21 bytes
JS_Finish(JSRuntime * 0x00fb0068) line 737 + 15 bytes
nsJSRuntimeServiceImpl::~nsJSRuntimeServiceImpl() line 93 + 13 bytes
nsJSRuntimeServiceImpl::`scalar deleting destructor'(unsigned int 0x00000001) +
15 bytes
nsJSRuntimeServiceImpl::Release(nsJSRuntimeServiceImpl * const 0x01030000) line
103 + 141 bytes
nsJSRuntimeServiceImpl::FreeSingleton() line 126 + 26 bytes
xpcModuleDtor(nsIModule * 0x0102e430) line 135
nsGenericModule::Shutdown() line 339 + 10 bytes
nsGenericModule::~nsGenericModule() line 242
nsGenericModule::`scalar deleting destructor'(unsigned int 0x00000001) + 15
bytes
nsGenericModule::Release(nsGenericModule * const 0x0102e430) line 244 + 139
bytes
nsCOMPtr<nsIModule>::assign_assuming_AddRef(nsIModule * 0x00000000) line 569
nsCOMPtr<nsIModule>::assign_with_AddRef(nsISupports * 0x00000000) line 1225
nsCOMPtr<nsIModule>::operator=(nsIModule * 0x00000000) line 714
nsNativeModuleLoader::ReleaserFunc(nsIHashable * 0x0102e17c,
nsNativeModuleLoader::NativeLoadData & {...}, void * 0x00000000) line 211
nsBaseHashtable<nsHashableHashKey,nsNativeModuleLoader::NativeLoadData,nsNativeModuleLoader::NativeLoadData>::s_EnumStub(PLDHashTable
* 0x003fb720, PLDHashEntryHdr * 0x01d47ee8, unsigned int 0x00000015, void *
0x0012fc7c) line 346 + 28 bytes
PL_DHashTableEnumerate(PLDHashTable * 0x003fb720, int (PLDHashTable *,
PLDHashEntryHdr *, unsigned int, void *)* 0x002e2310
nsBaseHashtable<nsHashableHashKey,nsNativeModuleLoader::NativeLoadData,nsNativeModuleLoader::NativeLoadData>::s_EnumStub(PLDHashTable
*, PLDHashEntryHdr *, unsigned int, void *), void * 0x0012fc7c) line 621 + 34
bytes
nsBaseHashtable<nsHashableHashKey,nsNativeModuleLoader::NativeLoadData,nsNativeModuleLoader::NativeLoadData>::Enumerate(PLDHashOperator
(nsIHashable *, nsNativeModuleLoader::NativeLoadData &, void *)* 0x002e1e50
nsNativeModuleLoader::ReleaserFunc(nsIHashable *,
nsNativeModuleLoader::NativeLoadData &, void *), void * 0x00000000) line 221 +
18 bytes
nsNativeModuleLoader::UnloadLibraries() line 250
nsComponentManagerImpl::Shutdown() line 800
NS_ShutdownXPCOM_P(nsIServiceManager * 0x00000000) line 826 + 11 bytes
ScopedXPCOMStartup::~ScopedXPCOMStartup() line 553 + 12 bytes
XRE_main(int 0x00000003, char * * 0x003f79d8, const nsXREAppData * 0x0040301c
kAppData) line 2337
main(int 0x00000003, char * * 0x003f79d8) line 61 + 19 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 7c816d4f()
in js_FinalizeStringRT(JSRuntime * 0x00fb0068, JSString * 0x02d8c538) line 2715
+ 13 bytes
+ str->chars 0x03651420
"file:///C:/work/mozilla/builds/ff/trunk-test/mozilla/extensions/venkman/xpi/venkman-0.9.85.xpi"
valid 0x00000001
|
||
Comment 1•19 years ago
|
||
Bob, did the xpinstall thread finish running, or was the installation still in progress?
|
Reporter | |
Comment 2•19 years ago
|
||
I don't know if the thread actually completed, however the extension installation dialog showed completed and that I should restart Firefox to complete the installation. I closed the dialog, then closed the browser.
*** Bug 344553 has been marked as a duplicate of this bug. ***
Severity: normal → critical
Is this reliably reproducable using the steps either from this bug (bclary's) or from bug 344553 (ispiked's)?
FWIW, installing venkman on a Windows 1.8 branch (Firefox2) build with WAY_TOO_MUCH_GC worked fine. I do see this assertion from comment 0:
> ###!!! ASSERTION: CheckForDeactivation called from wrong thread!: 'Error', file
> c:/work/mozilla/builds/ff/trunk-test/mozilla/xpcom/threads/nsEventQueue.cpp,
> line 255
but I don't see the dialog about invalid heap, and the assertion isn't at the stack above and I don't think it's related.
|
||
Comment 6•18 years ago
|
||
*** Bug 360690 has been marked as a duplicate of this bug. ***
|
||
Comment 7•18 years ago
|
||
(In reply to comment #6)
> *** Bug 360690 has been marked as a duplicate of this bug. ***
>
... with similar stack on Linux after upgrading another extension (deviantSkin) and restarting from the Fx2 add-ons manager: talkback event TB25994865G
|
|
||
Comment 8•18 years ago
|
||
see also TB26130053X on shutdown, no extension pending for upgrade/install
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1) Gecko/20061116 BonEcho/2.0
Build ID: 2006111604
|
||
Comment 9•16 years ago
|
||
WFM for trunk?
a few ff 3.5.x crashes but none matching stacks
bp-58a733a4-ecb9-435a-b55f-2926d2090708
bp-073ac970-7866-4c95-986a-1ebae2090708
bp-a0e3c115-a8fb-470e-9411-eebc42090708
Assignee: xpi-engine → nobody
QA Contact: xpi-engine
|
|
Reporter | |
Comment 10•16 years ago
|
||
I no longer see this. => WFM. Thanks Wayne.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
|
Assignee | |
Updated•14 years ago
|
Crash Signature: [@ libc.so.6 - JS_FinalizeStringRT()]
|
|
Assignee | |
Updated•9 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•