Closed Bug 418377 Opened 12 years ago Closed 12 years ago
crash [@ XPCWrapped
Native Scope::Find In JSObject Scope(XPCCall Context&, JSObject*, int)]
Firefox 3 beta 3 has a new topcrash. I don't see this appearing in nightly builds, but I also don't see any bugs fixed recently that could be related to this crash. See also: bp-2a60d819-ded9-11dc-9bb9-001a4bd43ed6 Crashing Thread Frame Signature Source 0 XPCWrappedNativeScope::FindInJSObjectScope(XPCCallContext&, JSObject*, int) mozilla/js/src/xpconnect/src/xpcwrappednativescope.cpp:798 1 GetContextFromObject mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp:517 2 nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS*, unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp:1706 3 nsXPCWrappedJS::CallMethod(unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp:556 4 PrepareAndDispatch mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:114 5 SharedStub mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:141 6 nsDNSAsyncRequest::OnLookupComplete(nsHostResolver*, nsHostRecord*, unsigned int) mozilla/netwerk/dns/src/nsDNSService2.cpp:242
As I said in bug 418378 comment 2, just because this isn't happening on trunk, that doesn't mean it shouldn't be looked at. Trunk users are different than end users. We need to look at this before beta 4.
Priority: -- → P1
Target Milestone: --- → mozilla1.9beta4
This has all the skidmarks of an invalid ccx.
Comment on attachment 304600 [details] [diff] [review] Proposed fix Yeah, right thing to do for sure. But do we know why this is happening?
So, looking at the rest of the threads (which I forgot to do earlier) shows 8 (!) threads all in GetContextForObject trying to get the safe JS context and creating it. I suppose this makes sense -- the safe JS context is per-thread. I wonder if the crashes happen when the safe JSContext creation fails (I don't know why it would, though).
Hmm, interesting. Either way, I'll be landing this for you, unless you beat me to it...
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Crash Signature: [@ XPCWrappedNativeScope::FindInJSObjectScope(XPCCallContext&, JSObject*, int)]
You need to log in before you can comment on or make changes to this bug.