Closed Bug 341535 Opened 19 years ago Closed 19 years ago

Crash: nsGlobalWindow::RunTimeout assumes aTimeout is not null

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: WeirdAl, Unassigned)

References

Details

(Keywords: crash, regression, testcase)

Attachments

(1 file, 1 obsolete file)

Patch that accepts nsnull arg, and checks each timeout if the language is enabled
3.42 KB, patch
mrbkap
: review+
shaver
: superreview+
Details | Diff | Splinter Review
Steps to reproduce: (1) SeaMonkey, open browser. (2) SeaMonkey, open Venkman. (3) Debug > Exclude Browser Files should be unchecked. (4) Debug > Error Trigger, Stop for Errors (5) Debug > Throw Trigger, Stop for Exceptions (6) Type a character in the browser URL bar. (7) Venkman will stop for an exception in popup.xml, hit Continue (F5). Expected results: SeaMonkey goes on. Actual results: crash > gklayout.dll!nsCOMPtr<nsIScriptTimeoutHandler>::operator->() Line 849 + 0x3 bytes C++ gklayout.dll!nsGlobalWindow::RunTimeout(nsTimeout * aTimeout=0x00000000) Line 6289 + 0xb bytes C++ gklayout.dll!nsGlobalWindow::SetScriptsEnabled(int aEnabled=1, int aFireTimeouts=1) Line 1850 C++ gklayout.dll!nsGlobalWindow::SetScriptsEnabled(int aEnabled=1, int aFireTimeouts=1) Line 1842 + 0x5c bytes C++ gklayout.dll!nsJSContext::SetScriptsEnabled(int aEnabled=1, int aFireTimeouts=1) Line 2878 C++ jsd3250.dll!jsdContext::SetScriptsEnabled(int _rval=1) Line 1654 C++ xpcom_core.dll!XPTC_InvokeByIndex(nsISupports * that=0x0000000f, unsigned int methodIndex=1, unsigned int paramCount=1230348, nsXPTCVariant * params=0x30028b96) Line 102 C++ xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=15) Line 2148 + 0x1e bytes C++ xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_SETTER) Line 2148 + 0x1e bytes C++ xpc3250.dll!XPCWrappedNative::SetAttribute(XPCCallContext & ccx={...}) Line 1978 + 0xe bytes C++ xpc3250.dll!XPC_WN_GetterSetter(JSContext * cx=0x021215b0, JSObject * obj=0x044e0980, unsigned int argc=1, long * argv=0x05050434, long * vp=0x0012c8e4) Line 1470 + 0x9 bytes C++ js3250.dll!js_Invoke(JSContext * cx=0x021215b0, unsigned int argc=1, unsigned int flags=2) Line 1328 + 0x20 bytes C js3250.dll!js_InternalInvoke(JSContext * cx=0x021215b0, JSObject * obj=0x044e0980, long fval=72221032, unsigned int flags=0, unsigned int argc=1, long * argv=0x0012d4d0, long * rval=0x0012d4d0) Line 1422 + 0x14 bytes C js3250.dll!js_InternalGetOrSet(JSContext * cx=0x021215b0, JSObject * obj=0x044e0980, long id=58844040, long fval=72221032, JSAccessMode mode=JSACC_WRITE, unsigned int argc=1, long * argv=0x0012d4d0, long * rval=0x0012d4d0) Line 1482 + 0x1f bytes C js3250.dll!js_SetProperty(JSContext * cx=0x021215b0, JSObject * obj=0x044e0980, long id=58844040, long * vp=0x0012d4d0) Line 3378 + 0x32 bytes C js3250.dll!js_Interpret(JSContext * cx=0x021215b0, unsigned char * pc=0x0381d3ed, long * result=0x0012d614) Line 3769 + 0x616 bytes C js3250.dll!js_Invoke(JSContext * cx=0x021215b0, unsigned int argc=3, unsigned int flags=2) Line 1347 + 0x13 bytes C xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper=0x045d7a30, unsigned short methodIndex=3, const nsXPTMethodInfo * info=0x037adb38, nsXPTCMiniVariant * nativeParams=0x0012d970) Line 1380 + 0x14 bytes C++ xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=3, const nsXPTMethodInfo * info=0x037adb38, nsXPTCMiniVariant * params=0x0012d970) Line 466 C++ xpcom_core.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x045d7a30, unsigned int methodIndex=3, unsigned int * args=0x0012da38, unsigned int * stackBytesToPop=0x0012da28) Line 117 + 0x1e bytes C++ xpcom_core.dll!SharedStub() Line 147 C++ jsd3250.dll!jsds_ExecutionHookProc(JSDContext * jsdc=0x045d7a30, JSDThreadState * jsdthreadstate=0x04fb2f88, unsigned int type=4, void * callerdata=0x0012da9c, long * rval=0x0012da90) Line 682 C++ jsd3250.dll!jsds_ExecutionHookProc(JSDContext * jsdc=0x00983e20, JSDThreadState * jsdthreadstate=0x04ebd068, unsigned int type=4, void * callerdata=0x00000000, long * rval=0x0012e48c) Line 682 C++ jsd3250.dll!jsd_CallExecutionHook(JSDContext * jsdc=0x00983e20, JSContext * cx=0x021215b0, unsigned int type=4, unsigned int (JSDContext *, JSDThreadState *, unsigned int, void *, long *)* hook=0x00e61600, void * hookData=0x00000000, long * rval=0x0012e48c) Line 177 + 0x17 bytes C jsd3250.dll!jsd_ThrowHandler(JSContext * cx=0x021215b0, JSScript * script=0x03113980, unsigned char * pc=0x031139ee, long * rval=0x0012e48c, void * closure=0x00983e20) Line 149 + 0x1b bytes C js3250.dll!js_Interpret(JSContext * cx=0x021215b0, unsigned char * pc=0x031139ee, long * result=0x0012e5d0) Line 6116 + 0x26 bytes C js3250.dll!js_Invoke(JSContext * cx=0x021215b0, unsigned int argc=2, unsigned int flags=2) Line 1347 + 0x13 bytes C xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper=0x0343cef0, unsigned short methodIndex=4, const nsXPTMethodInfo * info=0x0351de00, nsXPTCMiniVariant * nativeParams=0x0012e92c) Line 1380 + 0x14 bytes C++ xpc3250.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex=4, const nsXPTMethodInfo * info=0x0351de00, nsXPTCMiniVariant * params=0x0012e92c) Line 466 C++ xpcom_core.dll!PrepareAndDispatch(nsXPTCStubBase * self=0x0343cef0, unsigned int methodIndex=4, unsigned int * args=0x0012e9f4, unsigned int * stackBytesToPop=0x0012e9e4) Line 117 + 0x1e bytes C++ xpcom_core.dll!SharedStub() Line 147 C++ appcomps.dll!nsGlobalHistory::OnStartLookup(const unsigned short * searchString=0x03934bc8, nsIAutoCompleteResults * previousSearchResult=0x00000000, nsIAutoCompleteListener * listener=0x04f4ef50) Line 4226 C++ appcomps.dll!nsGlobalHistory::OnStartLookup(const unsigned short * searchString=0x04980c20, nsIAutoCompleteResults * previousSearchResult=0x00000000, nsIAutoCompleteListener * listener=0x0343cef0) Line 4226 C++ xpcom_core.dll!XPTC_InvokeByIndex(nsISupports * that=0x0012ec20, unsigned int methodIndex=1240580, unsigned int paramCount=13243979, nsXPTCVariant * params=0x034f9740) Line 102 C++ xpc3250.dll!AutoJSSuspendRequest::SuspendRequest() Line 3151 + 0xd bytes C++ xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2148 + 0x1e bytes C++ xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x021215b0, JSObject * obj=0x03518580, unsigned int argc=3, long * argv=0x050500d8, long * vp=0x0012ef40) Line 1446 + 0xb bytes C++ js3250.dll!js_Invoke(JSContext * cx=0x021215b0, unsigned int argc=3, unsigned int flags=0) Line 1328 + 0x20 bytes C js3250.dll!js_Interpret(JSContext * cx=0x021215b0, unsigned char * pc=0x0336d781, long * result=0x0012faa8) Line 4017 + 0xf bytes C js3250.dll!js_Invoke(JSContext * cx=0x021215b0, unsigned int argc=3, unsigned int flags=2) Line 1347 + 0x13 bytes C js3250.dll!js_InternalInvoke(JSContext * cx=0x021215b0, JSObject * obj=0x0210c470, long fval=54184200, unsigned int flags=0, unsigned int argc=3, long * argv=0x050a0ec0, long * rval=0x0012fbec) Line 1422 + 0x14 bytes C js3250.dll!JS_CallFunctionValue(JSContext * cx=0x021215b0, JSObject * obj=0x0210c470, long fval=54184200, unsigned int argc=3, long * argv=0x050a0ec0, long * rval=0x0012fbec) Line 4347 + 0x1f bytes C gklayout.dll!nsJSContext::CallEventHandler(nsISupports * aTarget=0x021d6768, void * aScope=0x0210c470, void * aHandler=0x033ac908, nsIArray * aargv=0x050a8f9c, nsIVariant * * arv=0x0012fca4) Line 1585 + 0x21 bytes C++ gklayout.dll!nsGlobalWindow::RunTimeout(nsTimeout * aTimeout=0x04cd72d8) Line 6443 + 0xab bytes C++ gklayout.dll!nsGlobalWindow::TimerCallback(nsITimer * aTimer=0x0335e6e0, void * aClosure=0x04cd72d8) Line 6764 C++ xpcom_core.dll!nsTimerImpl::Fire() Line 400 + 0x13 bytes C++ xpcom_core.dll!nsTimerEvent::Run() Line 486 C++ xpcom_core.dll!nsThread::ProcessNextEvent(int mayWait=1, int * result=0x0012fe04) Line 483 C++ xpcom_core.dll!NS_ProcessNextEvent_P(nsIThread * thread=0x00398d88, int mayWait=1) Line 225 + 0x16 bytes C++ gkwidget.dll!nsBaseAppShell::Run() Line 153 + 0xc bytes C++ appcomps.dll!nsAppStartup::Run() Line 219 C++ seamonkey.exe!main1(int argc=1, char * * argv=0x00394ca8, nsISupports * nativeApp=0x009c72a0) Line 1238 + 0x22 bytes C++ seamonkey.exe!main(int argc=1, char * * argv=0x00394ca8) Line 1740 + 0x25 bytes C++ seamonkey.exe!__tmainCRTStartup() Line 586 + 0x19 bytes C seamonkey.exe!mainCRTStartup() Line 403 C kernel32.dll!7c816d4f() [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll] kernel32.dll!7c8399f3()
Blocks: dom-agnostic
Keywords: regression
I guess this bug is new, but Bug 320982 is perhaps related.
Attached patch i wonder if this would work (obsolete) — Splinter Review
Attachment #225595 - Flags: review?(mhammond)
yes i know one of the lines could be rewrapped, i'm trying to avoid taking blame for lines by recycling existing ones. this is again a one off patch, i won't care about whether this code crashes or works for a few months.
Why do you need a kungFuDeathGrip around the original scx (and PRUint32 is misspelled)? Mark, is it possible for scripting in one language to be disabled, but enabled in another language? Or is disabling scripting across-the-board? If it's per language, then the GetScriptsEnabled call seems misplaced to me, and we need to do that check for every timeout.
the kungfudeathgrip is because of: - // Make sure that the script context doesn't go away as a result of - // running timeouts as for the typo. someone can fix it before they checkin (along w/ the whitespace). again, as the typo indicates, i'm just writing changes, i have no build envs, no easy access to cvs for building and this stuff won't affect me for months.
The semantics for languages being disabled is pretty vague - currently all languages are enabled/disabled as a group - but each script context does have its own flag. The attached patch ignores the param, and fetches the script context for each timeout and checks it is enabled before firing it. Note that "scx" is already a strong ref, so a kungFuDeathGrip doesn't seem necessary.
Attachment #225595 - Attachment is obsolete: true
Attachment #225640 - Flags: review?(mrbkap)
Attachment #225595 - Flags: review?(mhammond)
Comment on attachment 225640 [details] [diff] [review] Patch that accepts nsnull arg, and checks each timeout if the language is enabled >Index: nsGlobalWindow.cpp >+ } >+ // This timeout is good to run Nit: Add a newline after the curly.
Attachment #225640 - Flags: review?(mrbkap) → review+
Comment on attachment 225640 [details] [diff] [review] Patch that accepts nsnull arg, and checks each timeout if the language is enabled sr=shaver
Attachment #225640 - Flags: superreview+
Checking in nsGlobalWindow.cpp; new revision: 1.855; previous revision: 1.854
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: