Closed Bug 533481 Opened 15 years ago Closed 15 years ago

Crash on Firefox 3.6b6pre debugging workers in Firebug 1.5b6 + Chromebug 1.5b6 [@ nsScriptSecurityManager::CheckObjectAccess]

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9.3a1
Tracking Flags:
Tracking Status
status1.9.2 --- final-fixed

People

(Reporter: Honza, Assigned: mrbkap)

References

Details

(Whiteboard: [firebug-p1][firebug-blocks])

Attachments

(1 file)

Proposed fix
1016 bytes, patch
bent.mozilla
: review+
jorendorff
: review+
Details | Diff | Splinter Review
I am experiencing crash of Firefox 3.6b6pre + Firebug 1.5b6 + Chromebug 1.5b6 Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2b6pre) Gecko/20091208 Namoroka/3.6b6pre (.NET CLR 3.5.30729) http://getfirebug.com/releases/firebug/1.5X/firebug-1.5X.0b6.xpi http://getfirebug.com/releases/chromebug/chromebug-1.5.0b6.xpi Crash reports: http://crash-stats.mozilla.com/report/index/ff9f7770-520a-409e-afd7-f66072091208 http://crash-stats.mozilla.com/report/index/1ed5aa39-d988-46dc-a5f6-6c2532091207 1) Install Firefox + Firebug + Chromebug 2) Run Firefox with -chromebug (so Chromebug is initialized) 3) Load http://demos.theactivegroup.com/?demo=basex&script=multipart The page in #3 is not fully loaded and Firefox crashes. You may need to restart and reload (perhaps the cache is involved) Honza
Whiteboard: [firebug-p1]
These two call stacks are different and they are both very strange.
Flags: blocking1.9.2?
The older report is made with a bit older Firefox 3.6 last week. Honza
Signature JS_ObjectIsFunction UUID 1ed5aa39-d988-46dc-a5f6-6c2532091207 Version 3.6b6pre Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x59c08504 0 js3250.dll JS_ObjectIsFunction js/src/jsapi.cpp:4342 1 xul.dll nsScriptSecurityManager::CheckPropertyAccessImpl caps/src/nsScriptSecurityManager.cpp:672 2 xul.dll XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2304 11 xul.dll nsHttpActivityEvent::Run netwerk/protocol/http/src/nsHttpActivityDistributor.cpp:70 16 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:120 This is the main thread. I don't like this crash, so i'm going to ignore it (file a new bug if you want to poke it). Signature nsScriptSecurityManager::CheckObjectAccess(JSContext*, JSObject*, int, JSAccessMode, int*) UUID ff9f7770-520a-409e-afd7-f66072091208 Time 2009-12-08 09:08:04.136008 Uptime 23 Last Crash 29 seconds before submission Product Firefox Version 3.6b6pre Build ID 20091208051012 OS Windows NT OS Version 6.0.6001 Service Pack 1 CPU x86 CPU Info GenuineIntel family 6 model 23 stepping 10 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x14 User Comments Processor Notes Crashing Thread Frame Module Signature [Expand] Source 0 xul.dll nsScriptSecurityManager::CheckObjectAccess caps/src/nsScriptSecurityManager.cpp:548 1 js3250.dll InitExnPrivate js/src/jsexn.cpp:284 2 xul.dll nsDOMStoragePersistentDB::GetUsage dom/src/storage/nsDOMStoragePersistentDB.cpp:588 3 js3250.dll js_ErrorToException js/src/jsexn.cpp:1203 4 js3250.dll ReportError js/src/jscntxt.cpp:1294 5 js3250.dll js_ReportErrorNumberVA js/src/jscntxt.cpp:1622 6 js3250.dll JS_ReportErrorFlagsAndNumber js/src/jsapi.cpp:5588 7 js3250.dll js_ReportIsNullOrUndefined js/src/jscntxt.cpp:1697 8 js3250.dll js3250.dll@0x8f644 9 js3250.dll js_Invoke js/src/jsinterp.cpp:1369 10 js3250.dll js_fun_apply js/src/jsfun.cpp:2046 11 js3250.dll js_Interpret js/src/jsops.cpp:2208 12 js3250.dll js_Invoke js/src/jsinterp.cpp:1369 13 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1424 14 js3250.dll JS_CallFunctionValue js/src/jsapi.cpp:5103 15 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:2134 16 xul.dll nsGlobalWindow::RunTimeout dom/base/nsGlobalWindow.cpp:8075 17 xul.dll nsGlobalWindow::TimerCallback dom/base/nsGlobalWindow.cpp:8409 18 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:427 19 nspr4.dll _PR_MD_UNLOCK nsprpub/pr/src/md/windows/w95cv.c:344 20 xul.dll nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:519 21 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:527 22 xul.dll NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:250 23 xul.dll nsDOMWorkerScriptLoader::DoRunLoop dom/src/threads/nsDOMWorkerScriptLoader.cpp:181 24 xul.dll nsDOMWorkerScriptLoader::LoadScripts dom/src/threads/nsDOMWorkerScriptLoader.cpp:137 25 xul.dll nsDOMWorkerFunctions::LoadScripts dom/src/threads/nsDOMWorker.cpp:265 26 xul.dll nsDOMWorkerScriptLoader::LoadScripts dom/src/threads/nsDOMWorkerScriptLoader.cpp:150 Please note that this is *NOT* the main thread, which I'm quoting below for completeness: Show/hide other threads Thread 0 Frame Module Signature [Expand] Source 0 xul.dll XPCConvert::NativeData2JS js/src/xpconnect/src/xpcconvert.cpp:415 1 xul.dll XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2809 2 xul.dll XPC_WN_GetterSetter js/src/xpconnect/src/xpcwrappednativejsops.cpp:1784 3 js3250.dll js_Invoke js/src/jsinterp.cpp:1361 4 js3250.dll js_InternalInvoke js/src/jsinterp.cpp:1424 5 js3250.dll js_GetPropertyHelper js/src/jsobj.cpp:4271 6 js3250.dll js_Interpret js/src/jsops.cpp:1520 7 js3250.dll js_Invoke js/src/jsinterp.cpp:1369 8 xul.dll nsXPCWrappedJSClass::CallMethod js/src/xpconnect/src/xpcwrappedjsclass.cpp:1696 9 xul.dll nsXPCWrappedJS::CallMethod js/src/xpconnect/src/xpcwrappedjs.cpp:570 10 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:114 11 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:141 12 xul.dll nsStreamListenerTee::OnStartRequest netwerk/base/src/nsStreamListenerTee.cpp:54 This is roughly a null pointer crash
Assignee: general → dveditz
Severity: normal → critical
Component: JavaScript Engine → Security: CAPS
QA Contact: general → caps
Summary: Crash on Firefox 3.6b6pre with Firebug 1.5b6 + Chromebug 1.5b6 → Crash on Firefox 3.6b6pre with Firebug 1.5b6 + Chromebug 1.5b6 [@ nsScriptSecurityManager::CheckObjectAccess]
I don't think we'll block for a Chromebug issue; if this affects Firebug, please renominate.
Flags: blocking1.9.2? → blocking1.9.2-
If this Chromebug issue, I agree.
This isn't just a chromebug issue. It affects anybody who tries to debug a web page (with Firebug) that has workers in it. This probably needs to block. I have a patch that fixes the crash, but doesn't let you actually debug the workers. That's another bug for another time, though.
Assignee: dveditz → mrbkap
Status: NEW → ASSIGNED
Component: Security: CAPS → JavaScript Debugging APIs
Flags: blocking1.9.2- → blocking1.9.2?
QA Contact: caps → jsd
Attached patch Proposed fixSplinter Review
One thing I haven't checked: when XPConnect makes a context that's not on the main thread, should we do the same thing there?
Attachment #417166 - Flags: review?(jorendorff)
Attachment #417166 - Flags: review?(bent.mozilla)
Comment on attachment 417166 [details] [diff] [review] Proposed fix r=me!
Attachment #417166 - Flags: review?(bent.mozilla) → review+
Comment on attachment 417166 [details] [diff] [review] Proposed fix Good idea.
Attachment #417166 - Flags: review?(jorendorff) → review+
http://hg.mozilla.org/mozilla-central/rev/9e0aa4f1927b
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a1
Eventually jsd needs to be threadsafe, i have patches for that. But consumers would also need to be properly implemented (historically they were very broken).
Component: JavaScript Debugging APIs → DOM
QA Contact: jsd → general
(In reply to comment #6) > I have a patch that fixes the crash, but doesn't let you actually debug the > workers. That's another bug for another time, though. Thanks for the patch! Can this also land on 1.9.2? Regarding fixing jsd to be threadsafe, is that bug filed? Timeless, I know you gave me a copy of your repo at one point, but ideally, I'd really like to get that into a patch in a bug somewhere so we could get a review started for it.
Whiteboard: [firebug-p1] → [firebug-p1][firebug-blocks]
Based on comment 6, this blocks.
Flags: blocking1.9.2? → blocking1.9.2+
is this crash likely to appear on all platforms without this patch? updating subject to better reflect this bug, and verified this working with Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.3a1pre) Gecko/20091215 Minefield/3.7a1pre ID:20091215030817.
Summary: Crash on Firefox 3.6b6pre with Firebug 1.5b6 + Chromebug 1.5b6 [@ nsScriptSecurityManager::CheckObjectAccess] → Crash on Firefox 3.6b6pre debugging workers in Firebug 1.5b6 + Chromebug 1.5b6 [@ nsScriptSecurityManager::CheckObjectAccess]
(In reply to comment #15) > is this crash likely to appear on all platforms without this patch? Yes.
OS: Windows Vista → All
Hardware: x86 → All
Depends on: 538440
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: