Closed Bug 605760 Opened 9 years ago Closed 9 years ago

crash [@ xpc::AccessCheck::documentDomainMakesSameOrigin(JSContext*, JSObject*) ]

Categories

(Core :: XPConnect, defect, critical)

x86
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED FIXED
Tracking Status
blocking2.0 --- beta8+

People

(Reporter: scoobidiver, Assigned: mrbkap)

Details

(Keywords: crash, regression, Whiteboard: [compartments] fixed-in-tracemonkey)

Crash Data

Attachments

(1 file)

Build: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8pre) Gecko/20101019
Firefox/4.0b8pre

It is a new crash signature that was introduced by 4.0b8pre/20101018 build.
It is #27 top crasher in 4.0b8pre/20101019 build.

Signature	xpc::AccessCheck::documentDomainMakesSameOrigin(JSContext*, JSObject*)
UUID	b24b6a31-0029-4213-9860-1e5c72101019
Time 	2010-10-19 18:13:31.935049
Uptime	1585
Last Crash	7852 seconds (2.2 hours) before submission
Install Age	27383 seconds (7.6 hours) since version was first installed.
Product	Firefox
Version	4.0b8pre
Build ID	20101019041714
Branch	2.0
OS	Windows NT
OS Version	6.1.7600
CPU	x86
CPU Info	GenuineIntel family 6 model 23 stepping 6
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x0
App Notes 	AdapterVendorID: 8086, AdapterDeviceID: 2e22

Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	xpc::AccessCheck::documentDomainMakesSameOrigin 	js/src/xpconnect/wrappers/AccessCheck.cpp:260
1 	xul.dll 	xpc::Transparent 	
2 	xul.dll 	xpc::AccessCheck::isScriptAccessOnly 	js/src/xpconnect/wrappers/AccessCheck.cpp:374
3 	xul.dll 	XPCWrapper::Unwrap 	js/src/xpconnect/src/XPCWrapper.cpp:131
4 	xul.dll 	XPCWrappedNative::GetWrappedNativeOfJSObject 	js/src/xpconnect/src/xpcwrappednative.cpp:1760
5 	xul.dll 	XPC_WN_Helper_GetProperty 	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1017
6 	mozjs.dll 	js::JSProxyHandler::get 	js/src/jsproxy.cpp:118
7 	mozjs.dll 	js::JSProxy::get 	js/src/jsproxy.cpp:774
8 	mozjs.dll 	js::proxy_GetProperty 	js/src/jsproxy.cpp:867
9 	mozjs.dll 	JS_GetUCProperty 	js/src/jsapi.cpp:3772
10 	xul.dll 	GetProperty 	modules/plugin/base/src/nsJSNPRuntime.cpp:610
11 	xul.dll 	nsJSObjWrapper::NP_GetProperty 	modules/plugin/base/src/nsJSNPRuntime.cpp:846
12 	xul.dll 	mozilla::plugins::parent::_getproperty 	modules/plugin/base/src/nsNPAPIPlugin.cpp:1706
13 	xul.dll 	mozilla::plugins::PluginScriptableObjectParent::AnswerGetParentProperty 	dom/plugins/PluginScriptableObjectParent.cpp:966
14 	xul.dll 	mozilla::plugins::PPluginScriptableObjectParent::OnCallReceived 	obj-firefox/ipc/ipdl/PPluginScriptableObjectParent.cpp:1028
15 	xul.dll 	mozilla::plugins::PPluginModuleParent::OnCallReceived 	obj-firefox/ipc/ipdl/PPluginModuleParent.cpp:601
16 	xul.dll 	mozilla::ipc::RPCChannel::DispatchIncall 	ipc/glue/RPCChannel.cpp:517
17 	xul.dll 	mozilla::ipc::RPCChannel::Incall 	ipc/glue/RPCChannel.cpp:503
18 	xul.dll 	mozilla::ipc::RPCChannel::Call 	ipc/glue/RPCChannel.cpp:310
19 	xul.dll 	mozilla::plugins::PPluginInstanceParent::CallPBrowserStreamConstructor 	obj-firefox/ipc/ipdl/PPluginInstanceParent.cpp:729
20 	xul.dll 	mozilla::plugins::PluginInstanceParent::NPP_NewStream 	dom/plugins/PluginInstanceParent.cpp:946
21 	xul.dll 	mozilla::plugins::PluginModuleParent::NPP_NewStream 	dom/plugins/PluginModuleParent.cpp:429
22 	xul.dll 	nsNPAPIPluginStreamListener::OnStartBinding 	modules/plugin/base/src/nsNPAPIPluginStreamListener.cpp:319
23 	xul.dll 	nsPluginStreamListenerPeer::SetUpStreamListener 	modules/plugin/base/src/nsPluginStreamListenerPeer.cpp:1180
24 	xul.dll 	nsPluginStreamListenerPeer::OnStartRequest 	modules/plugin/base/src/nsPluginStreamListenerPeer.cpp:614
25 	xul.dll 	nsHTTPCompressConv::OnStartRequest 	netwerk/streamconv/converters/nsHTTPCompressConv.cpp:120
26 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
27 	xul.dll 	XPCWrappedNative::CallMethod 	js/src/xpconnect/src/xpcwrappednative.cpp:2285
28 	xul.dll 	XPC_WN_CallMethod 	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1631
29 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:4716
...

The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=bfe85b4ed5cd&tochange=cfd18201f49b

More reports at:
http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=&range_value=4&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=xpc%3A%3AAccessCheck%3A%3AdocumentDomainMakesSameOrigin%28JSContext*%2C%20JSObject*%29
blocking2.0: --- → ?
mrbkap, fallout from bug 593602 or bug 604368?
Assignee: nobody → mrbkap
blocking2.0: ? → beta8+
Attached patch FixSplinter Review
This isn't great, but it should do the safe thing and not crash.
Attachment #486535 - Flags: review?(jst)
Attachment #486535 - Flags: review?(jst) → review+
Whiteboard: [compartments]
http://hg.mozilla.org/tracemonkey/rev/bfe06159bb2f

I'll get this into m-c once tracemonkey goes green.
Whiteboard: [compartments] → [compartments] fixed-in-tracemonkey
http://hg.mozilla.org/mozilla-central/rev/69d43cbd595a
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Crash Signature: [@ xpc::AccessCheck::documentDomainMakesSameOrigin(JSContext*, JSObject*) ]
You need to log in before you can comment on or make changes to this bug.