"ASSERTION: bad ptr!: '!IsWrapperExpired()'" with document.write, cycle collection

RESOLVED FIXED

Status

()

Core
XPConnect
RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: Jesse Ruderman, Assigned: mounir)

Tracking

(Blocks: 1 bug, {assertion, testcase})

Trunk
assertion, testcase
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(blocking2.0 final+)

Details

(Whiteboard: [hardblocker][fixed by bug 601803])

Attachments

(2 attachments)

(Reporter)

Description

7 years ago
Created attachment 489683 [details]
testcase (requires extension for triggering CC)

1. Install 'DOM Fuzz Lite' from
    https://www.squarefree.com/extensions/domFuzzLite.xpi
2. Load the testcase.

###!!! ASSERTION: bad ptr!: '!IsWrapperExpired()', 
file js/src/xpconnect/src/xpcprivate.h, line 2521
(Reporter)

Comment 1

7 years ago
Created attachment 489684 [details]
stack trace
(Reporter)

Updated

7 years ago
blocking2.0: --- → ?
Peter, care to have a look? I think we should at least understand this for Firefox 4.
Assignee: nobody → peterv
blocking2.0: ? → final+

Updated

7 years ago
Whiteboard: hardblocker

Updated

7 years ago
Whiteboard: hardblocker → [hardblocker]
(Assignee)

Comment 3

7 years ago
Stealing this bug.
Assignee: peterv → mounir.lamouri
(Assignee)

Comment 4

7 years ago
The assertion no longer happens. I will try to check which changeset fixed that.
Status: NEW → ASSIGNED
(Assignee)

Updated

7 years ago
OS: Mac OS X → All
Hardware: x86 → All
(Assignee)

Comment 5

7 years ago
Bug 601803 fixed this assert, rev: https://hg.mozilla.org/mozilla-central/rev/a4813c8be814

I guess Peter, Jst, Blake or Gal might have an idea of why.
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Whiteboard: [hardblocker] → [hardblocker][fixed by bug 601803]
(Reporter)

Updated

7 years ago
Depends on: 601803
Ah, that does make sense, that fix ensures that wrapper's are properly moved from window to window and get properly dealt with during GC etc. Thanks for digging in Mounir!
You need to log in before you can comment on or make changes to this bug.