Crash [@JS_SetPrivate | ConstructSlimWrapper]

RESOLVED INCOMPLETE

Status

()

Core
XPConnect
--
critical
RESOLVED INCOMPLETE
8 years ago
7 years ago

People

(Reporter: khuey, Unassigned)

Tracking

({crash})

1.9.2 Branch
x86
Windows 7
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

I hit a crash a few minutes ago when closing Firefox 3.6 that did not trigger the crash reporter.  I have the stack trace below and I have both a minidump and a minidump w/heap from Visual Studio that I can make available upon request (the heap dump is extremely large though)

>	js3250.dll!JS_SetPrivate(JSContext * cx=0x00826800, JSObject * obj=0x00000000, void * data=0x489fcf00)  Line 2795 + 0x8 bytes	C++
 	xul.dll!ConstructSlimWrapper(XPCCallContext & ccx={...}, nsISupports * p=0x00000000, nsWrapperCache * cache=0x489fcf04, XPCWrappedNativeScope * xpcScope=0x0477b840, int * rval=0x0039a14c)  Line 3848 + 0x15 bytes	C++
 	xul.dll!XPCConvert::NativeInterface2JSObject(XPCLazyCallContext & lccx=, int * d=, nsIXPConnectJSObjectHolder * * dest=, nsISupports * src=, const nsID * iid=, XPCNativeInterface * * Interface=, nsWrapperCache * cache=, JSObject * scope=, int allowNativeWrapper=, int isGlobal=, unsigned int * pErr=)  Line 1152 + 0x10 bytes	C++
 	nspr4.dll!_PR_MD_UNLOCK(_MDLock * lock=0x6d802e38)  Line 347	C
 	xul.dll!PL_DHashTableOperate(PLDHashTable * table=0x00000000, const void * key=0x00000000, PLDHashOperator op=9200960)  Line 661 + 0xd bytes	C
 	js3250.dll!JS_DHashTableOperate(JSDHashTable * table=0x00000000, const void * key=0x00000000, JSDHashOperator op=68392768)  Line 679 + 0x9 bytes	C++
 	plds4.dll!PL_HashTableLookup(PLHashTable * ht=0x07137ef0, const void * key=0x6ce3c977)  Line 366	C
 	xul.dll!nsCOMPtr<nsIRDFResource>::nsCOMPtr<nsIRDFResource>(nsIRDFResource * aRawPtr=0x6ce3c936)  Line 557	C++
 	xul.dll!nsINode::SetFlags(unsigned long aFlagsToSet=1218432768)  Line 749 + 0x7 bytes	C++
 	xul.dll!nsGenericHTMLElement::DOMQueryInterface(nsIDOMHTMLElement * aElement=0x6ce762e9, const nsID & aIID={...}, void * * aInstancePtr=0x00000000)  Line 235 + 0x8 bytes	C++
 	xul.dll!nsHTMLCanvasElement::QueryInterface(const nsID & aIID={...}, void * * aInstancePtr=0x00000000)  Line 169 + 0x30 bytes	C++
 	xul.dll!nsNodeInfo::Release()  Line 141 + 0x3c bytes	C++
 	xul.dll!nsCOMPtr<nsICSSLoader>::~nsCOMPtr<nsICSSLoader>()  + 0xc bytes	C++
 	xul.dll!nsDocument::CreateElementNS(const nsAString_internal & aNamespaceURI={...}, const nsAString_internal & aQualifiedName={...}, nsIDOMElement * * aReturn=0x07137ef0)  Line 4152 + 0x1f bytes	C++
 	xul.dll!NS_InvokeByIndex_P(nsISupports * that=0x0039a5d8, unsigned int methodIndex=3777348, unsigned int paramCount=3777600, nsXPTCVariant * params=0x0039a368)  Line 103	C++
 	xul.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD)  Line 2809 + 0x1a bytes	C++
 	xul.dll!XPC_WN_CallMethod(JSContext * cx=0x00826800, JSObject * obj=0x0418a880, unsigned int argc=2, int * argv=0x362190d4, int * vp=0x0039a6fc)  Line 1740 + 0x12 bytes	C++
 	js3250.dll!js_Invoke(JSContext * cx=, unsigned int argc=, int * vp=, unsigned int flags=)  Line 1360 + 0x19 bytes	C++
 	js3250.dll!js_Interpret(JSContext * cx=0x00826800)  Line 2241	C++
 	js3250.dll!js_Invoke(JSContext * cx=0x00826800, unsigned int argc=3, int * vp=0x36219020, unsigned int flags=0)  Line 1368 + 0x6 bytes	C++
 	js3250.dll!js_InternalInvoke(JSContext * cx=0x00826800, JSObject * obj=0x0368ece0, int fval=1443327616, unsigned int flags=0, unsigned int argc=3, int * argv=0x5348e1b0, int * rval=0x0039aa98)  Line 1423 + 0x12 bytes	C++
 	js3250.dll!JS_CallFunctionValue(JSContext * cx=0x00826800, JSObject * obj=0x0368ece0, int fval=1443327616, unsigned int argc=3, int * argv=0x5348e1b0, int * rval=0x0039aa98)  Line 5113	C++
 	xul.dll!nsJSContext::CallEventHandler(nsISupports * aTarget=0x0083dc40, void * aScope=0x0368ece0, void * aHandler=0x56076e80, nsIArray * aargv=0x6877e2e4, nsIVariant * * arv=0x0039ab38)  Line 2135	C++
 	xul.dll!nsGlobalWindow::RunTimeout(nsTimeout * aTimeout=0x5e058400)  Line 8077	C++
 	xul.dll!nsGlobalWindow::TimerCallback(nsITimer * aTimer=0x4fe92be0, void * aClosure=0x5e058400)  Line 8412	C++
 	xul.dll!nsTimerImpl::Fire()  Line 427 + 0x7 bytes	C++
 	nspr4.dll!_PR_MD_UNLOCK(_MDLock * lock=0x52a1da40)  Line 347	C
 	xul.dll!nsThread::ProcessNextEvent(int mayWait=0, int * result=0x0039ac40)  Line 533	C++
 	xul.dll!NS_ProcessPendingEvents_P(nsIThread * thread=0x00000000, unsigned int timeout=20)  Line 200 + 0xc bytes	C++
 	xul.dll!nsAppShell::EventWindowProc(HWND__ * hwnd=0x76b46238, unsigned int uMsg=2951416, unsigned int wParam=49538, long lParam=0)  + 0x1a7d67 bytes	C++
 	user32.dll!76b46238() 	
 	[Frames below may be incorrect and/or missing, no symbols loaded for user32.dll]	
 	user32.dll!76b468ea() 	
 	user32.dll!76b46899() 	
 	user32.dll!76b47d31() 	
 	user32.dll!76b47dfa() 	
 	user32.dll!76b6272b() 	
 	user32.dll!76b6288a() 	
 	user32.dll!76b9f8d0() 	
 	user32.dll!76b9fbac() 	
 	user32.dll!76b9fcaf() 	
 	user32.dll!76b9fd2e() 	
 	user32.dll!76b9fe81() 	
 	user32.dll!76b9fec6() 	
 	regutils.dll!4b8ceedb() 	
 	regutils.dll!4b8cd208() 	
 	js3250.dll!js_TraceObject(JSTracer * trc=0x005f8e77, JSObject * obj=0x00000000)  Line 5681 + 0x4 bytes	C++
 	xul.dll!nsHTMLFragmentContentSink::AddLeaf(const nsIParserNode & aNode=)  Line 586 + 0x12 bytes	C++
 	rtutils.dll!73656974()

Comment 1

8 years ago
So, it's illegal to call JS_SetPrivate with a null object.

So the problem is with the caller. Somehow we (better you) need to figure out how ConstructSlimWrapper reached JS_SetPrivate with a null pointer
Assignee: general → nobody
Component: JavaScript Engine → XPConnect
QA Contact: general → xpconnect
Summary: Crash [@JS_SetPrivate] → Crash [@JS_SetPrivate | ConstructSlimWrapper]
The dump isn't terribly useful and I don't know this part of the code at all.  I also haven't been able to hit it again.

-> INCOMPLETE
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INCOMPLETE
(Assignee)

Updated

7 years ago
Crash Signature: [@JS_SetPrivate | ConstructSlimWrapper]
You need to log in before you can comment on or make changes to this bug.