when switching between builds, I get a crash with trunk builds Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000 Thread 0 Crashed: 0 libgklayout.dylib 0x0ec01ea5 nsXULDocument::ExecuteScript(nsXULPrototypeScript*) + 177 (nsXULDocument.cpp:3228) 1 libgklayout.dylib 0x0ec0c355 nsXULDocument::OnStreamComplete(nsIStreamLoader*, nsISupports*, unsigned, unsigned, unsigned char const*) + 779 (nsXULDocument.cpp:3108) 2 libnecko.dylib 0x240800b8 nsStreamLoader::OnStopRequest(nsIRequest*, nsISupports*, unsigned) + 166 (nsStreamLoader.cpp:117) ...
Might this be related to bug 340796? I don't recall seeing this crash before that bug got fixed.
this is at least partly mark's fault :) http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/content/xul/document/src/nsXULDocument.cpp&rev=1.719&mark=3228#3221 mScriptGlobalObject is null, compare w/ nsDocument which at least considers null checking it.
This looks like bug 341592, pretty much.
FWIW, also seeing this in my trunk-Cocoafox build when switching to it.
I've hit similar crashes recently; in the first case simply by closing DOM Inspector and in the second case by switching preference panels. In both cases the document did not have a script global object because it was going away.
Created attachment 229441 [details] [diff] [review] Check pointers before dereferencing Regardless of why we are ending up in this state, the code needs to be more defensive - I think this patch does that.
Comment on attachment 229441 [details] [diff] [review] Check pointers before dereferencing Use NS_ENSURE_TRUE in both, and r+sr=bzbarsky
Checked in a new version of nsXULDocument that will prevent the crash. Presumably there is still a subtle issue that is causing the XULDocument to be referenced after shutdown, but at least that subtle issue will no longer crash. Checking in nsXULDocument.cpp; new revision: 1.724; previous revision: 1.723