Closed Bug 418377 Opened 12 years ago Closed 12 years ago

crash [@ XPCWrappedNativeScope::FindInJSObjectScope(XPCCallContext&, JSObject*, int)]

Categories

(Core :: XPConnect, defect, P1, critical)

defect

Tracking

()

RESOLVED FIXED
mozilla1.9beta4

People

(Reporter: samuel.sidler+old, Assigned: mrbkap)

References

()

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(1 file)

Firefox 3 beta 3 has a new topcrash. I don't see this appearing in nightly builds, but I also don't see any bugs fixed recently that could be related to this crash.

See also: bp-2a60d819-ded9-11dc-9bb9-001a4bd43ed6

Crashing Thread
Frame 	Signature 	Source
0 	XPCWrappedNativeScope::FindInJSObjectScope(XPCCallContext&, JSObject*, int) 	mozilla/js/src/xpconnect/src/xpcwrappednativescope.cpp:798
1 	GetContextFromObject 	mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp:517
2 	nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS*, unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) 	mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp:1706
3 	nsXPCWrappedJS::CallMethod(unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*) 	mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp:556
4 	PrepareAndDispatch 	mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:114
5 	SharedStub 	mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:141
6 	nsDNSAsyncRequest::OnLookupComplete(nsHostResolver*, nsHostRecord*, unsigned int) 	mozilla/netwerk/dns/src/nsDNSService2.cpp:242
Flags: blocking1.9?
As I said in bug 418378 comment 2, just because this isn't happening on trunk, that doesn't mean it shouldn't be looked at. Trunk users are different than end users. We need to look at this before beta 4.
Priority: -- → P1
Target Milestone: --- → mozilla1.9beta4
Attached patch Proposed fixSplinter Review
This has all the skidmarks of an invalid ccx.
Assignee: nobody → mrbkap
Status: NEW → ASSIGNED
Attachment #304600 - Flags: superreview?(jst)
Attachment #304600 - Flags: review?(jst)
Comment on attachment 304600 [details] [diff] [review]
Proposed fix

Yeah, right thing to do for sure. But do we know why this is happening?
Attachment #304600 - Flags: superreview?(jst)
Attachment #304600 - Flags: superreview+
Attachment #304600 - Flags: review?(jst)
Attachment #304600 - Flags: review+
Flags: blocking1.9? → blocking1.9+
So, looking at the rest of the threads (which I forgot to do earlier) shows 8 (!) threads all in GetContextForObject trying to get the safe JS context and creating it. I suppose this makes sense -- the safe JS context is per-thread. I wonder if the crashes happen when the safe JSContext creation fails (I don't know why it would, though).
Hmm, interesting. Either way, I'll be landing this for you, unless you beat me to it...
Landed.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Crash Signature: [@ XPCWrappedNativeScope::FindInJSObjectScope(XPCCallContext&, JSObject*, int)]
You need to log in before you can comment on or make changes to this bug.