Closed Bug 369134 Opened 18 years ago Closed 18 years ago

EM-restart crash [@ JS_SetGCThingCallback]

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: vlad, Assigned: graydon)

References

Details

Attachments

(1 file)

wallpaper patch
617 bytes, patch
vlad
: review+
benjamin
: superreview+
Details | Diff | Splinter Review
I can reproduce this at will by: - installing an extension - hitting the restart Minefield button in the EM - hitting "OK" in the close tabs dialog I get a crash with this stack: js3250.dll!JS_SetGCThingCallback(JSContext * cx=0x00000000, void (void *, unsigned char, void *)* cb=0x033d364d, void * closure=0x04218378) Line 1987 + 0x3 bytes C xpc3250.dll!nsXPConnect::BeginCycleCollection() Line 453 + 0x1e bytes C++ xpcom_core.dll!nsCycleCollector::Collect() Line 1616 C++ xpcom_core.dll!nsCycleCollector::Shutdown() Line 1680 C++ xpcom_core.dll!nsCycleCollector_shutdown() Line 1746 C++ xpcom_core.dll!NS_ShutdownXPCOM_P(nsIServiceManager * servMgr=0x00000000) Line 7 C++ xul.dll!ScopedXPCOMStartup::~ScopedXPCOMStartup() Line 596 + 0xc bytes C++ xul.dll!XRE_main(int argc=1, char * * argv=0x011763e8, const nsXREAppData * aAppData=0x004036b4) Line 2556 C++ firefox.exe!main(int argc=1, char * * argv=0x011763e8) Line 61 + 0x13 bytes C++ firefox.exe!__tmainCRTStartup() Line 586 + 0x19 bytes C firefox.exe!mainCRTStartup() Line 403 C kernel32.dll!77913833() [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll] ntdll.dll!77bea9bd() (Talkback only shows JS_SetGCThingCallback.) Note that this doesn't seem to be a crash in the first shutdown, but only in the second, for the extension manager restart. Looking at this in the debugger, the call to XPCCallContext cx(NATIVE_CALLER); in nsXPConnect::BeginCycleCollector is bailing, and leaving the cx in a INIT_FAILED state.
Flags: blocking1.9+
Attached patch wallpaper patchSplinter Review
This should at least disable that particular scenario. Why it happens is, unfortunately, a bit of a mystery to me.
Attachment #253800 - Flags: review?(benjamin)
Comment on attachment 253800 [details] [diff] [review] wallpaper patch Go ahead and commit this for now, as a bandaid fix, since the crash is easily reproducible -- if bsmedberg disagrees with the patch we can always back it out/redo it.
Attachment #253800 - Flags: superreview?(benjamin)
Attachment #253800 - Flags: review?(benjamin)
Attachment #253800 - Flags: review+
Looks like this fixed the Luna Orange as a bonus.
Summary: crash in [JS_SetGCThingCallback] [JS_SetGCThingCallback] → EM-restart crash [@ JS_SetGCThingCallback]
Attachment #253800 - Flags: superreview?(benjamin) → superreview+
landed in nsXPConnect.cpp version 1.92.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: