Closed
Bug 468370
Opened 17 years ago
Closed 7 years ago
XPCWrappedNative::InitTearOff wasn't told that the SSM isn't thread safe
Categories
(Core :: XPConnect, defect)
Core
XPConnect
Tracking
()
RESOLVED
INACTIVE
People
(Reporter: timeless, Assigned: timeless)
References
Details
(Keywords: assertion, Whiteboard: [timeless: needs unrotted patch])
Attachments
(1 file, 2 obsolete files)
|
8.63 KB,
patch
|
jst
:
review+
|
Details | Diff | Splinter Review |
xpcom_core!Break(char * aMsg = 0x01f0b9a4 "###!!! ASSERTION: nsScriptSecurityManager not thread-safe: '_mOwningThread.GetThread() == PR_GetCurrentThread()', file c:/home/mozilla.org/mozilla-central/caps/src/nsScriptSecurityManager.cpp, line 480")+0x1a5
xpcom_core!NS_DebugBreak_P+0x2a4
caps!nsScriptSecurityManager::AddRef+0x69
xpcom_core!NS_TableDrivenQI+0x40
caps!nsScriptSecurityManager::QueryInterface+0x4a
xpcom_core!nsQueryInterface::operator()+0x2d
xpc3250!nsCOMPtr<nsIScriptSecurityManager>::assign_from_qi+0x19
xpc3250!nsCOMPtr<nsIScriptSecurityManager>::nsCOMPtr<nsIScriptSecurityManager>+0x34
xpc3250!nsXPCWrappedJSClass::DelegatedQueryInterface+0x366
xpc3250!nsXPCWrappedJS::QueryInterface+0x13b
xpcom_core!nsXPTCStubBase::QueryInterface+0x4b
xpcom_core!nsProxyObject::LockedFind+0xcd
xpcom_core!nsProxyObject::QueryInterface+0xb1
xpcom_core!nsQueryInterface::operator()+0x2d
caps!nsCOMPtr<nsISecurityCheckedComponent>::assign_from_qi+0x19
caps!nsCOMPtr<nsISecurityCheckedComponent>::nsCOMPtr<nsISecurityCheckedComponent>+0x34
caps!nsScriptSecurityManager::CanCreateWrapper+0x68
xpc3250!XPCWrappedNative::InitTearOff+0x2f5
xpc3250!XPCWrappedNative::FindTearOff+0x188
xpc3250!XPCCallContext::CanCallNow+0x57
xpc3250!XPCWrappedNative::CallMethod+0x51
xpc3250!XPC_WN_CallMethod+0x181
js3250!js_Invoke+0x877
js3250!js_Interpret+0xe203
js3250!js_Invoke+0x8f2
xpc3250!nsXPCWrappedJSClass::CallMethod+0xf32
xpc3250!nsXPCWrappedJS::CallMethod+0x41
xpcom_core!PrepareAndDispatch+0x323
xpcom_core!SharedStub+0x16
xpcom_core!NS_InvokeByIndex_P+0x27
xpc3250!XPCWrappedNative::CallMethod+0x1284
xpc3250!XPC_WN_CallMethod+0x181
js3250!js_Invoke+0x877
js3250!js_InternalInvoke+0x6d
js3250!js_TryMethod+0x121
js3250!js_DefaultValue+0x42
js3250!js_ValueToString+0x48
js3250!JS_ValueToString+0x4a
xpc3250!XPCConvert::JSData2Native+0xa94
xpc3250!nsXPCWrappedJSClass::CallMethod+0x1347
xpc3250!nsXPCWrappedJS::CallMethod+0x41
xpcom_core!PrepareAndDispatch+0x323
xpcom_core!SharedStub+0x16
xpcom_core!NS_InvokeByIndex_P+0x27
xpc3250!XPCWrappedNative::CallMethod+0x1284
xpc3250!XPC_WN_CallMethod+0x181
js3250!js_Invoke+0x877
js3250!js_Interpret+0xe203
js3250!js_Invoke+0x8f2
xpc3250!nsXPCWrappedJSClass::CallMethod+0xf32
xpc3250!nsXPCWrappedJS::CallMethod+0x41
xpcom_core!PrepareAndDispatch+0x323
xpcom_core!SharedStub+0x16
xpcom_core!nsThread::ProcessNextEvent+0x1fa
xpcom_core!NS_ProcessNextEvent_P+0x53
xpcom_core!nsThread::ThreadFunc+0xce
nspr4!_PR_NativeRunThread+0xdb
nspr4!pr_root+0x19
MSVCR80D!_beginthreadex+0x221
MSVCR80D!_beginthreadex+0x1c7
kernel32!BaseThreadStart+0x37
i'm using my proxy code
Attachment #351817 -
Flags: review?(jst)
|
||
Comment 1•17 years ago
|
||
Comment on attachment 351817 [details] [diff] [review]
be aware of threads
- In XPCContext::GetAppropriateSecurityManager():
+ if(NS_IsMainThread())
This needs to use XPCPerThreadData::IsMainThread(mJSContext) to not slow things down significantly.
+ nsIXPCSecurityManager *securityManager = nsnull;
+ PRUint16 flags = 0;
+ xpc->GetSecurityManagerForJSContext(mJSContext, &securityManager, &flags);
+ if(!securityManager)
+ return nsnull;
+ // XXX API Botch. We hand out a freed pointer.
+ securityManager->Release();
+ if (flags & aFlags)
+ return securityManager;
Maybe make securityManager an nsCOMPtr and return .forget() here?
r+sr=jst with that.
Attachment #351817 -
Flags: superreview+
Attachment #351817 -
Flags: review?(jst)
Attachment #351817 -
Flags: review+
|
||
Comment 2•17 years ago
|
||
timeless: you need a new patch addressing the review comments in comment 1.
Whiteboard: [timeless: need new patch]
jst: this is what it takes to make .forget() work.
i'm actually not opposed. I think for some reason i thought the method was an interface botch instead of just a private mess.
Attachment #351817 -
Attachment is obsolete: true
Attachment #355278 -
Flags: review?(jst)
|
|
||
Updated•17 years ago
|
Whiteboard: [timeless: need new patch]
|
|
||
Updated•17 years ago
|
Whiteboard: [needs review jst]
Target Milestone: --- → mozilla1.9.2a1
|
|
||
Updated•16 years ago
|
Target Milestone: mozilla1.9.2a1 → ---
Attachment #355278 -
Attachment is obsolete: true
Attachment #432079 -
Flags: review?(jst)
Attachment #355278 -
Flags: review?(jst)
|
|
||
Updated•16 years ago
|
Attachment #432079 -
Flags: review?(jst) → review+
|
|
||
Updated•16 years ago
|
Whiteboard: [needs review jst]
|
|
||
Comment 5•15 years ago
|
||
Given the lack of context around the bitrotted change in xpcwrappednative.cpp, I'm reluctant to unrot it myself.
Whiteboard: [timeless: needs unrotted patch]
|
||
Comment 6•7 years ago
|
||
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•