Closed
Bug 604760
Opened 14 years ago
Closed 14 years ago
Compartment Mismatch crash due to textarea node resize?
Categories
(Core :: XPConnect, defect)
Core
XPConnect
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | beta7+ |
People
(Reporter: ddahl, Assigned: mrbkap)
References
Details
Attachments
(1 file)
|
7.77 KB,
text/plain
|
Details |
in test: toolkit/components/console/hudservice/tests/browser/browser_webconsole_bug_588967_input_expansion.js with the "lazy console" patches applied, I get this assertion/hang/crash: TEST-PASS | chrome://mochitests/content/browser/toolkit/components/console/hudservice/tests/browser/browser_webconsole_bug_588967_input_expansion.js | multiline is enabled TEST-PASS | chrome://mochitests/content/browser/toolkit/components/console/hudservice/tests/browser/browser_webconsole_bug_588967_input_expansion.js | the input expanded TEST-PASS | chrome://mochitests/content/browser/toolkit/components/console/hudservice/tests/browser/browser_webconsole_bug_588967_input_expansion.js | the input's height is normal again WARNING: Positioned frame that does not handle positioned kids; looking further up the parent chain: file /home/ddahl/code/moz/mozilla-central/mozilla-central/layout/base/nsCSSFrameConstructor.cpp, line 5563 WARNING: Positioned frame that does not handle positioned kids; looking further up the parent chain: file /home/ddahl/code/moz/mozilla-central/mozilla-central/layout/base/nsCSSFrameConstructor.cpp, line 5563 WARNING: Positioned frame that does not handle positioned kids; looking further up the parent chain: file /home/ddahl/code/moz/mozilla-central/mozilla-central/layout/base/nsCSSFrameConstructor.cpp, line 5563 WARNING: Positioned frame that does not handle positioned kids; looking further up the parent chain: file /home/ddahl/code/moz/mozilla-central/mozilla-central/layout/base/nsCSSFrameConstructor.cpp, line 5563 *** Compartment mismatch 0x45584800 vs. 0x465f5800 Assertion failure: compartment mismatched, at /home/ddahl/code/moz/mozilla-central/mozilla-central/js/src/jscntxtinlines.h:513 TEST-UNEXPECTED-FAIL | chrome://mochitests/content/browser/toolkit/components/console/hudservice/tests/browser/browser_webconsole_bug_588967_input_expansion.js | Exited with code 1 during test run INFO | automation.py | Application ran for: 0:00:38.603234 INFO | automation.py | Reading PID log: /tmp/tmpEjbp_ipidlog PROCESS-CRASH | chrome://mochitests/content/browser/toolkit/components/console/hudservice/tests/browser/browser_webconsole_bug_588967_input_expansion.js | application crashed (minidump found) Neither MINIDUMP_STACKWALK nor MINIDUMP_STACKWALK_CGI is set, can't process dump. *** Compartment mismatch 0xb0990000 vs. 0xac78d000 Assertion failure: compartment mismatched, at /home/ddahl/code/moz/mozilla-central/mozilla-central/js/src/jscntxtinlines.h:513 Program ./dist/bin/firefox-bin (pid = 8395) received signal 6. Will attach the backtrace
|
Reporter | |
Comment 1•14 years ago
|
||
|
|
Reporter | |
Comment 2•14 years ago
|
||
call DumpJSStack output:
0 JSPropertyProvider(aInputValue = "foo", aScope = [object XrayWrapper [object Window @ 0xa9001b40 (native @ 0xad96ed78)]]) ["resource:///modules/HUDService.jsm":3939]
matches =
prop = undefined
matchProp = "foo"
properties = foo
completionPart = "foo"
beginning = [object Object]
obj = [object XrayWrapper [object Window @ 0xa9001b40 (native @ 0xad96ed78)]]
this = [object Object]
1 JSTF_complete(type = 2) ["resource:///modules/HUDService.jsm":4728]
completionStr = undefined
matchOffset = undefined
matchIndexToUse = undefined
matches = undefined
selEnd = 3
selStart = 3
inputValue = "foo"
inputNode = [object XULElement @ 0xa62929c0 (native @ 0xa6292740)]
this = [object Object]
2 anonymous(114) ["resource:///modules/HUDService.jsm":4585]
this = [object ChromeWindow @ 0xaf1a5a00 (native @ 0xb3bab158)]
|
||
Updated•14 years ago
|
Assignee: general → gal
|
|
||
Comment 3•14 years ago
|
||
Thanks for the stack and the report. How can I reproduce this?
|
|
||
Updated•14 years ago
|
QA Contact: general → xpconnect
|
|
||
Updated•14 years ago
|
blocking2.0: --- → ?
|
|
||
Updated•14 years ago
|
Assignee: gal → nobody
Component: JavaScript Engine → XPConnect
|
|
||
Updated•14 years ago
|
OS: Linux → All
Hardware: x86 → All
|
|
Reporter | |
Comment 4•14 years ago
|
||
I have a feeling the way we are setting up the sandbox is the issue here: http://mxr.mozilla.org/mozilla-central/source/toolkit/components/console/hudservice/HUDService.jsm#4142
|
|
Reporter | |
Comment 5•14 years ago
|
||
(In reply to comment #3) > Thanks for the stack and the report. How can I reproduce this? I was just about to add that you need the patches from bug 568629 and bug 587734 applied, then rebuild like so: make -C dom && make -C layout/build && make -C toolkit && make -C toolkit/library && make -C browser
|
||
Comment 6•14 years ago
|
||
Blocking beta8. Blake, let me know if you think this one needs to block beta7.
blocking2.0: ? → beta8+
|
||
Comment 7•14 years ago
|
||
Moving to b7, but if mrbkap answers comment 6 in the negative, we'll push it back to b8
blocking2.0: beta8+ → beta7+
|
||
Comment 8•14 years ago
|
||
Assigning to blake. Blake please address Comment 6.
Assignee: nobody → mrbkap
|
|
||
Comment 9•14 years ago
|
||
I think this was actually due to a bug in one of the patches in bug 568629, which I just uploaded a fixed version for.
|
|
Reporter | |
Comment 10•14 years ago
|
||
(In reply to comment #9) > I think this was actually due to a bug in one of the patches in bug 568629, > which I just uploaded a fixed version for. In fact, this bug may have been due to the way we were getting the console as a wrappedJSObject in the JSTerm constructor. see bug 604431 I have not seen this error since landing that patch. Sorry, I have been out of the loop on PTO.
|
|
||
Comment 11•14 years ago
|
||
Marking FIXED per previous comment(s).
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•