Bad param "value" to nsXPConnect::JSToVariant()

VERIFIED FIXED

Status

()

Core
XPConnect
P2
normal
VERIFIED FIXED
11 years ago
10 years ago

People

(Reporter: Matthew Cline, Assigned: timeless)

Tracking

({assertion, testcase, top100})

Trunk
x86
Linux
assertion, testcase, top100
Points:
---
Bug Flags:
blocking1.9 +

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(3 attachments)

(Reporter)

Description

11 years ago
In a debug build from CVS source pulled around 2 AM PDT Jan 18, I get this assertion:

###!!! ASSERTION: bad param: 'value', file nsXPConnect.cpp, line 2194

When loading the deviantART front page, with this stack trace:

0  NS_DebugBreak_P (aSeverity=1, aStr=0xb687ed1b "bad param",
    aExpr=0xb6885130 "value",
    aFile=0xb687eca0 "../../../../../js/src/xpconnect/src/nsXPConnect.cpp",
    aLine=2192) at ../../../xpcom/base/nsDebugImpl.cpp:261
#1  0xb6820ca8 in nsXPConnect::JSToVariant (this=0x80d20a8, ctx=0x8ba8cd0,
    value=0, _retval=0xbfbae0f4)
    at ../../../../../js/src/xpconnect/src/nsXPConnect.cpp:2192
#2  0xb63a3f1e in nsJSContext::CallEventHandler (this=0x8b698a0,
    aTarget=0x8e48938, aScope=0xb13c6f40, aHandler=0xb4178900,
    aargv=0x88ed884, arv=0xbfbae0f4)
    at ../../../../dom/src/base/nsJSEnvironment.cpp:1991
#3  0xb63c56ca in nsGlobalWindow::RunTimeout (this=0x8e48938,
    aTimeout=0x8e404f0) at ../../../../dom/src/base/nsGlobalWindow.cpp:7425
#4  0xb63c5bf3 in nsGlobalWindow::TimerCallback (aTimer=0x8e498c0,
    aClosure=0x8e404f0) at ../../../../dom/src/base/nsGlobalWindow.cpp:7756
#5  0xb7e345a9 in nsTimerImpl::Fire (this=0x8e498c0)
    at ../../../xpcom/threads/nsTimerImpl.cpp:400
#6  0xb7e34813 in nsTimerEvent::Run (this=0xb0935df8)
    at ../../../xpcom/threads/nsTimerImpl.cpp:487
#7  0xb7e2f700 in nsThread::ProcessNextEvent (this=0x8087ef0, mayWait=1,
    result=0xbfbae230) at ../../../xpcom/threads/nsThread.cpp:510
#8  0xb7dd76fd in NS_ProcessNextEvent_P (thread=0x8087ef0, mayWait=1)
    at nsThreadUtils.cpp:227
#9  0xb5af53a6 in nsBaseAppShell::Run (this=0x84251b0)
    at ../../../../widget/src/xpwidgets/nsBaseAppShell.cpp:154
#10 0xb68b5f08 in nsAppStartup::Run (this=0x8442890)
    at ../../../../../toolkit/components/startup/src/nsAppStartup.cpp:181
#11 0xb7f5407a in XRE_main (argc=4, argv=0xbfbae814, aAppData=0x8051108)
    at ../../../toolkit/xre/nsAppRunner.cpp:3207
#12 0x08048c08 in main (argc=4, argv=0xc)
    at ../../../browser/app/nsBrowserApp.cpp:158

You have to be logged in to deviantART and have chosen to be a a beta-tester, which requires that you be a paid subscriber, so it might be hard to find someone who can duplicate it.  If necessary I can download a copy of the front page with all associated JS and CSS files and upload it as a tarball.
(Reporter)

Comment 1

11 years ago
Created attachment 298220 [details]
Reduced test case
Keywords: testcase
(Reporter)

Comment 2

11 years ago
The problem seems to happen when the callback set by setInterval() returns null.  The JS code causing the problem is:

function Lub()
{
    this.running = {};
    this.running['timer_init'] = [clearInterval, setInterval(
        function ()
        {
            return null;
        }
        ,25
    )];
}
Lub.prototype = {
}
da_minish_lub = new Lub();

Returning an arbitrary string rather than null makes the assertion go away.
Keywords: top100
(Reporter)

Comment 3

11 years ago
Created attachment 298221 [details]
C/C++ stack trace when executing the JS callback
Flags: blocking1.9?
(Assignee)

Comment 4

11 years ago
Created attachment 298226 [details] [diff] [review]
only pass non null items to JSToVariant

http://mxr.mozilla.org/seamonkey/source/js/src/jsgc.h#349 JS_STATIC_ASSERT(JSVAL_NULL == 0);
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #298226 - Flags: superreview?(jst)
Attachment #298226 - Flags: review?(mrbkap)

Updated

11 years ago
Flags: blocking1.9? → blocking1.9+
Priority: -- → P2

Updated

11 years ago
Attachment #298226 - Flags: superreview?(jst) → superreview+
Comment on attachment 298226 [details] [diff] [review]
only pass non null items to JSToVariant

Sorry for the delay.
Attachment #298226 - Flags: review?(mrbkap) → review+
(Assignee)

Updated

11 years ago
Attachment #298226 - Flags: approval1.9b3?
Attachment #298226 - Flags: approval1.9?

Comment 6

11 years ago
Comment on attachment 298226 [details] [diff] [review]
only pass non null items to JSToVariant

Can you land quickly for b3?
Attachment #298226 - Flags: approval1.9b3? → approval1.9b3+
(Assignee)

Comment 7

11 years ago
Comment on attachment 298226 [details] [diff] [review]
only pass non null items to JSToVariant

mozilla/dom/src/base/nsJSEnvironment.cpp 	1.387
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Attachment #298226 - Flags: approval1.9?
verified fixed with my linux (fedora 8) debug build and the testcase. No assertion loading this testcase

--> Verified fixed
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.