When I start firefox from a recent trunk build it crashes on startup. A clean rebuild and new profile have not solved this. Each time the browser starts JS_EndRequest asserts on cx->requestDepth. It seems to me as if the problem is in nsXPCComponents_Utils::EvalInSandbox: 1. This function calls JS_NewContext to create a new context on the heap. 2. It then creates an AutoJSRequestWithNoCallContext object on the stack, passing this the previously creeated context. 3. At the end of this function the context is destroyed by calling JS_DestroyContextNoGC. 4. Finally the stack is cleaned up when the function exits which calls the destructor on the AutoJSRequestWithNoCallContext. The destructor does not have a valid context to work on as it was destroyed in step 3. It looks like this could be fixed by ensuring the AutoJSRequestWithNoCallContext object destructor fires before the JS_DestroyContextNoGC call.
Created attachment 212591 [details] [diff] [review] correction The original did not have identical functionality if data == NULL.
Created attachment 212592 [details] [diff] [review] diff -w
The patch in bug 328161 fixes this in a _much_ cleaner way.
Created attachment 212714 [details] [diff] [review] Clean fix, good for everywhere Okay, this gets the request stuff right and is good for the branch as well as the trunk (the other patch uses an added API that doesn't exist on the 1.8 branch). It also makes use of C++'s feature that destructors run in reverse order of creation.
Is there a testcase QA could use to verify when this has been fixed?
Fix checked into trunk. I'm still hoping that brendan will stamp the r+sr he gave me in person in the bug.
Comment on attachment 212714 [details] [diff] [review] Clean fix, good for everywhere Blake won't mark my stamp for me based on my saying so in his cube, wahhhh. /be
Comment on attachment 212714 [details] [diff] [review] Clean fix, good for everywhere This is needed for bug 265740.
Comment on attachment 212714 [details] [diff] [review] Clean fix, good for everywhere approved for 1.8.0 branch, a=dveditz
Most of this fix (sans the request stuff, see my comment in bug 265740) was checked into the 1.8 branches.
please provide testcase and/or testing guidance for this fix.