The default bug view has changed. See this FAQ.

[@ XPCJSStackFrame::CreateStack] should not use recursion

RESOLVED FIXED

Status

()

Core
XPConnect
--
critical
RESOLVED FIXED
7 years ago
6 years ago

People

(Reporter: timeless, Assigned: timeless)

Tracking

({crash})

Trunk
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: fixed-in-tracemonkey, crash signature)

Attachments

(1 attachment, 2 obsolete attachments)

(Assignee)

Description

7 years ago
this is bug 303821 again.

I'm tired of reading this code and think it's time to switch to iteration.
(Assignee)

Comment 1

7 years ago
Created attachment 420309 [details] [diff] [review]
switch away from recursion
Attachment #420309 - Flags: review?(mrbkap)
(Assignee)

Updated

7 years ago
Duplicate of this bug: 538050
Comment on attachment 420309 [details] [diff] [review]
switch away from recursion

>diff --git a/js/src/xpconnect/src/xpcstack.cpp b/js/src/xpconnect/src/xpcstack.cpp

So, we haven't yet gone to infallible new, so IMO you should deal with it.

> XPCJSStackFrame::CreateStack(JSContext* cx, JSStackFrame* fp,
>                              XPCJSStackFrame** stack)
> {
>-    XPCJSStackFrame* self = new XPCJSStackFrame();
>-    JSBool failed = JS_FALSE;
>-    if(self)
>+    XPCJSStackFrame* first = new XPCJSStackFrame();
>+    XPCJSStackFrame* self = first;

Any reason to not make self and first nsRefPtrs?

>+    while (fp && self)

Nit: no space before the `('.

>     {
>         NS_ADDREF(self);
> 
>-        if(fp->down)
>+        if (JS_IsNativeFrame(cx, fp))

Ditto. And there's one more spot below.

r- until the checks for OOM have been dealt with (feel free to correct me if I'm off base by asking for this).
Attachment #420309 - Flags: review?(mrbkap) → review-
(Assignee)

Comment 4

7 years ago
Created attachment 430869 [details] [diff] [review]
use refptr
Attachment #420309 - Attachment is obsolete: true
Attachment #430869 - Flags: review?(mrbkap)
Comment on attachment 430869 [details] [diff] [review]
use refptr

>+    nsRefPtr<XPCJSStackFrame> first = new XPCJSStackFrame();
>+    if(!first)
>+        return NS_ERROR_OUT_OF_MEMORY;

Heh, of course now that you've re-requested review, infallible new has landed and you can get rid of this. Sorry.

>+        if((fp = fp->down))
>+            XPCJSStackFrame* frame = new XPCJSStackFrame();
>+            self->mCaller = frame;
>+            self = frame;

This seems wrong. self->mCaller isn't a smart pointer (though perhaps it should be!) so this looks like it'll end up freeing self->mCaller too early.

This actually suggests that we just make |self| a raw pointer and let the refptr to |first| and its mCaller chain represent the strong pointers to the whole chain.

>+    NS_ADDREF(*stack = first);

This could just be |*stack = first.forget();|
Attachment #430869 - Flags: review?(mrbkap) → review-
(Assignee)

Comment 6

6 years ago
Created attachment 523244 [details] [diff] [review]
addresses comments

sorry for the delay. this has been maintained in my queue, and i had addressed most of those items except for the oom check and the forget bit. i've now added them as well.

please do whatever is necessary to get this landed. do not wait for me to address further review comments. this bug is really closer to a decade old than the year of lag on my part makes it look (i've actually written this patch before at other companies too possibly both around 2002 and 2004). it's actually somewhat important as you end up crashing in cases with deep stacks when something wants to report a problem with them.
Attachment #430869 - Attachment is obsolete: true
Attachment #523244 - Flags: review?(mrbkap)
Comment on attachment 523244 [details] [diff] [review]
addresses comments

Review of attachment 523244 [details] [diff] [review]:
-----------------------------------------------------------------

I fixed a merge conflict locally. I'll check this in as soon as tracemonkey reopens.
Attachment #523244 - Flags: review?(mrbkap) → review+
http://hg.mozilla.org/tracemonkey/rev/ece0feb51587
Whiteboard: fixed-in-tracemonkey
cdleary-bot mozilla-central merge info:
http://hg.mozilla.org/mozilla-central/rev/ece0feb51587
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Crash Signature: [@ XPCJSStackFrame::CreateStack]
You need to log in before you can comment on or make changes to this bug.