Closed
Bug 612887
Opened 14 years ago
Closed 14 years ago
crash [@ nsSHistory::RemoveEntries(nsTArray<unsigned __int64, nsTArrayDefaultAllocator>&, int) ]
Categories
(Core :: DOM: Navigation, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | betaN+ |
People
(Reporter: scoobidiver, Assigned: smaug)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
2.09 KB,
patch
|
jst
:
review+
|
Details | Diff | Splinter Review |
This is a new crash signature that was introduced in 4.0b8pre/20101115 build.
It is #21 top crasher in 4.0b8pre/20101116 build.
Signature nsSHistory::RemoveEntries(nsTArray<unsigned __int64, nsTArrayDefaultAllocator>&, int)
UUID 572cb174-74d6-4b2a-b8b7-7162b2101117
Time 2010-11-17 07:19:40.796508
Uptime 110
Last Crash 112 seconds before submission
Install Age 19527 seconds (5.4 hours) since version was first installed.
Product Firefox
Version 4.0b8pre
Build ID 20101116042306
Branch 2.0
OS Windows NT
OS Version 6.1.7600
CPU x86
CPU Info AuthenticAMD family 16 model 4 stepping 2
Crash Reason EXCEPTION_ACCESS_VIOLATION_EXEC
Crash Address 0x6a3aae0
App Notes AdapterVendorID: 10de, AdapterDeviceID: 0393
Frame Module Signature [Expand] Source
0 @0x6a3aae0
1 xul.dll nsSHistory::RemoveEntries docshell/shistory/src/nsSHistory.cpp:1235
2 xul.dll nsDocShell::RemoveFromSessionHistory docshell/base/nsDocShell.cpp:3472
3 xul.dll nsFrameLoader::Destroy
4 xul.dll nsGenericHTMLFrameElement::UnbindFromTree content/html/content/src/nsGenericHTMLElement.cpp:3169
5 xul.dll nsINode::doRemoveChildAt content/base/src/nsGenericElement.cpp:3695
6 xul.dll nsGenericElement::RemoveChildAt content/base/src/nsGenericElement.cpp:3637
7 xul.dll nsINode::ReplaceOrInsertBefore
8 xul.dll nsIDOMNode_AppendChild obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:5463
9 xul.dll nsIDOMNode_AppendChild obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:5468
10 mozjs.dll JS_DHashClearEntryStub js/src/jsdhash.cpp:175
11 mozjs.dll js_StopResolving js/src/jscntxt.cpp:1307
12 mozjs.dll js_GetPropertyHelper js/src/jsobj.cpp:5068
13 mozjs.dll InlineGetProp js/src/methodjit/StubCalls.cpp:1985
14 @0x508997f
15 mozjs.dll JSCompartment::wrap js/src/jscompartment.cpp:147
16 mozjs.dll js::mjit::EnterMethodJIT js/src/methodjit/MethodJIT.cpp:739
17 mozjs.dll CheckStackAndEnterMethodJIT js/src/methodjit/MethodJIT.cpp:764
18 mozjs.dll js::mjit::JaegerShot js/src/methodjit/MethodJIT.cpp:781
19 mozjs.dll js::RunScript js/src/jsinterp.cpp:662
20 mozjs.dll js::Invoke js/src/jsinterp.cpp:768
21 mozjs.dll js::ExternalInvoke js/src/jsinterp.cpp:881
22 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:4908
23 xul.dll nsXPCWrappedJSClass::CallMethod js/src/xpconnect/src/xpcwrappedjsclass.cpp:1694
24 xul.dll nsXPCWrappedJS::CallMethod js/src/xpconnect/src/xpcwrappedjs.cpp:577
25 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:114
26 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:141
27 xul.dll nsEventListenerManager::HandleEventSubType content/events/src/nsEventListenerManager.cpp:1114
The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=674f2ed15cea&tochange=edf41ff32f08
More reports at:
http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=&range_value=4&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=nsSHistory%3A%3ARemoveEntries%28nsTArray%3Cunsigned%20__int64%2C%20nsTArrayDefaultAllocator%3E%26%2C%20int%29
|
Reporter | |
Updated•14 years ago
|
blocking2.0: --- → ?
|
||
Comment 1•14 years ago
|
||
Olli, can you investigate this?
Assignee: nobody → Olli.Pettay
blocking2.0: ? → betaN+
|
Assignee | |
Comment 2•14 years ago
|
||
I wish c-s.m.c stack traces would be a bit more useful...
|
|
Assignee | |
Comment 3•14 years ago
|
||
This is truly a guess fix, but IMO should be done anyway.
The stack traces don't give enough information about the crash :/
Attachment #491499 -
Flags: review?(jst)
|
|
||
Comment 4•14 years ago
|
||
Comment on attachment 491499 [details] [diff] [review]
guess fix [checked in]
Sounds good to me.
Attachment #491499 -
Flags: review?(jst) → review+
|
|
Assignee | |
Comment 5•14 years ago
|
||
I pushed http://hg.mozilla.org/mozilla-central/rev/7e22b1719901
but won't mark this fixed, since it is not sure that the patch fixes the problem.
Will look at c-s.m.c.
|
||
Updated•14 years ago
|
Attachment #491499 -
Attachment description: guess fix → guess fix [checked in]
|
|
Assignee | |
Comment 6•14 years ago
|
||
Marking this fixed since I don't see the crashes anymore in c-s.m.c.
Though, I think the fix was bug 612887.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 7•14 years ago
|
||
Er, bug 614499
|
|
||
Comment 8•14 years ago
|
||
Seems like the patch in bug 614499 took care of these. There were about 3 per day until the 26th, which should the the last nightly before that patch.
http://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A4.0b8pre&query_search=signature&query_type=contains&query=nsSHistory%3A%3ARemoveEntries&date=11%2F29%2F2010%2013%3A35%3A02&range_value=21&range_unit=days&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=nsSHistory%3A%3ARemoveEntries%28nsTArray%3Cunsigned%20__int64%2C%20nsTArrayDefaultAllocator%3E%26%2C%20int%29
|
||
Updated•13 years ago
|
Crash Signature: [@ nsSHistory::RemoveEntries(nsTArray<unsigned __int64, nsTArrayDefaultAllocator>&, int) ]
You need to log in
before you can comment on or make changes to this bug.
Description
•