Last Comment Bug 342025 - crash [@ nsXULDocument::ExecuteScript] when switching between builds
: crash [@ nsXULDocument::ExecuteScript] when switching between builds
Status: RESOLVED FIXED
: regression, topcrash
Product: Core
Classification: Components
Component: XUL (show other bugs)
: Trunk
: PowerPC Mac OS X
: -- critical with 1 vote (vote)
: ---
Assigned To: Mark Hammond [:markh]
:
:
Mentors:
Depends on: 341592
Blocks: dom-agnostic
  Show dependency treegraph
 
Reported: 2006-06-19 09:05 PDT by Josh Aas
Modified: 2011-06-09 14:58 PDT (History)
8 users (show)
bzbarsky: blocking1.9a1+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
full stack trace (1.62 KB, text/plain)
2006-06-19 09:05 PDT, Josh Aas
no flags Details
Check pointers before dereferencing (1.73 KB, patch)
2006-07-16 23:46 PDT, Mark Hammond [:markh]
bzbarsky: review+
bzbarsky: superreview+
Details | Diff | Splinter Review

Description Josh Aas 2006-06-19 09:05:09 PDT
when switching between builds, I get a crash with trunk builds

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000000

Thread 0 Crashed:
0   libgklayout.dylib   	0x0ec01ea5 nsXULDocument::ExecuteScript(nsXULPrototypeScript*) + 177 (nsXULDocument.cpp:3228)
1   libgklayout.dylib   	0x0ec0c355 nsXULDocument::OnStreamComplete(nsIStreamLoader*, nsISupports*, unsigned, unsigned, unsigned char const*) + 779 (nsXULDocument.cpp:3108)
2   libnecko.dylib      	0x240800b8 nsStreamLoader::OnStopRequest(nsIRequest*, nsISupports*, unsigned) + 166 (nsStreamLoader.cpp:117)
...
Comment 1 Josh Aas 2006-06-19 09:05:40 PDT
Created attachment 226158 [details]
full stack trace
Comment 2 Josh Aas 2006-06-19 09:06:24 PDT
Might this be related to bug 340796? I don't recall seeing this crash before that bug got fixed.
Comment 3 timeless 2006-06-19 09:48:48 PDT
this is at least partly mark's fault :)

http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/content/xul/document/src/nsXULDocument.cpp&rev=1.719&mark=3228#3221

mScriptGlobalObject is null, compare w/ nsDocument which at least considers null checking it.
Comment 4 Boris Zbarsky [:bz] (still a bit busy) 2006-06-19 15:02:00 PDT
This looks like bug 341592, pretty much.
Comment 5 Håkan Waara 2006-06-20 01:20:22 PDT
FWIW, also seeing this in my trunk-Cocoafox build when switching to it.
Comment 6 neil@parkwaycc.co.uk 2006-07-03 16:24:03 PDT
I've hit similar crashes recently; in the first case simply by closing DOM Inspector and in the second case by switching preference panels. In both cases the document did not have a script global object because it was going away.
Comment 7 Mark Hammond [:markh] 2006-07-16 23:46:32 PDT
Created attachment 229441 [details] [diff] [review]
Check pointers before dereferencing

Regardless of why we are ending up in this state, the code needs to be more defensive - I think this patch does that.
Comment 8 Boris Zbarsky [:bz] (still a bit busy) 2006-07-17 13:45:10 PDT
Comment on attachment 229441 [details] [diff] [review]
Check pointers before dereferencing

Use NS_ENSURE_TRUE in both, and r+sr=bzbarsky
Comment 9 Mark Hammond [:markh] 2006-07-17 17:38:38 PDT
Checked in a new version of nsXULDocument that will prevent the crash.  Presumably there is still a subtle issue that is causing the XULDocument to be referenced after shutdown, but at least that subtle issue will no longer crash.

Checking in nsXULDocument.cpp;
new revision: 1.724; previous revision: 1.723

Note You need to log in before you can comment on or make changes to this bug.