crash [@ nsXULDocument::ExecuteScript] when switching between builds

RESOLVED FIXED

Status

()

Core
XUL
--
critical
RESOLVED FIXED
11 years ago
6 years ago

People

(Reporter: Josh Aas, Assigned: markh)

Tracking

({regression, topcrash})

Trunk
PowerPC
Mac OS X
regression, topcrash
Points:
---
Dependency tree / graph
Bug Flags:
blocking1.9a1 +

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(2 attachments)

(Reporter)

Description

11 years ago
when switching between builds, I get a crash with trunk builds

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000000

Thread 0 Crashed:
0   libgklayout.dylib   	0x0ec01ea5 nsXULDocument::ExecuteScript(nsXULPrototypeScript*) + 177 (nsXULDocument.cpp:3228)
1   libgklayout.dylib   	0x0ec0c355 nsXULDocument::OnStreamComplete(nsIStreamLoader*, nsISupports*, unsigned, unsigned, unsigned char const*) + 779 (nsXULDocument.cpp:3108)
2   libnecko.dylib      	0x240800b8 nsStreamLoader::OnStopRequest(nsIRequest*, nsISupports*, unsigned) + 166 (nsStreamLoader.cpp:117)
...
(Reporter)

Comment 1

11 years ago
Created attachment 226158 [details]
full stack trace
(Reporter)

Comment 2

11 years ago
Might this be related to bug 340796? I don't recall seeing this crash before that bug got fixed.
(Reporter)

Updated

11 years ago
Keywords: regression

Comment 3

11 years ago
this is at least partly mark's fault :)

http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/content/xul/document/src/nsXULDocument.cpp&rev=1.719&mark=3228#3221

mScriptGlobalObject is null, compare w/ nsDocument which at least considers null checking it.
Severity: major → critical
Component: General → XP Toolkit/Widgets: XUL
Depends on: 255942
QA Contact: general → xptoolkit.xul
Summary: crash @ nsXULDocument::ExecuteScript when switching between builds → crash [@ nsXULDocument::ExecuteScript] when switching between builds
This looks like bug 341592, pretty much.
Blocks: 255942
Depends on: 341592
No longer depends on: 255942

Comment 5

11 years ago
FWIW, also seeing this in my trunk-Cocoafox build when switching to it.

Updated

11 years ago
Keywords: topcrash

Comment 6

11 years ago
I've hit similar crashes recently; in the first case simply by closing DOM Inspector and in the second case by switching preference panels. In both cases the document did not have a script global object because it was going away.
(Assignee)

Comment 7

11 years ago
Created attachment 229441 [details] [diff] [review]
Check pointers before dereferencing

Regardless of why we are ending up in this state, the code needs to be more defensive - I think this patch does that.
Attachment #229441 - Flags: superreview?(bzbarsky)
Attachment #229441 - Flags: review?(bzbarsky)
Comment on attachment 229441 [details] [diff] [review]
Check pointers before dereferencing

Use NS_ENSURE_TRUE in both, and r+sr=bzbarsky
Attachment #229441 - Flags: superreview?(bzbarsky)
Attachment #229441 - Flags: superreview+
Attachment #229441 - Flags: review?(bzbarsky)
Attachment #229441 - Flags: review+
Assignee: nobody → mhammond
Flags: blocking1.9a1+
(Assignee)

Comment 9

11 years ago
Checked in a new version of nsXULDocument that will prevent the crash.  Presumably there is still a subtle issue that is causing the XULDocument to be referenced after shutdown, but at least that subtle issue will no longer crash.

Checking in nsXULDocument.cpp;
new revision: 1.724; previous revision: 1.723
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED

Updated

9 years ago
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: xptoolkit.xul → xptoolkit.widgets
Crash Signature: [@ nsXULDocument::ExecuteScript]
You need to log in before you can comment on or make changes to this bug.