Closed Bug 622381 Opened 9 years ago Closed 9 years ago

Crash [@ mozilla::dom::PBrowserChild::SendPContentPermissionRequestConstructor]

Categories

(Core :: DOM: Core & HTML, defect)

ARM
Linux
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: jdm, Unassigned)

Details

Attachments

(1 file)

Signature	mozilla::dom::PBrowserChild::SendPContentPermissionRequestConstructor
UUID	66d778ca-4ed3-48d1-9b73-61ad12101230
Time 	2010-12-30 15:13:25.161640
Uptime	0
Install Age	362624 seconds (4.2 days) since version was first installed.
Product	Fennec
Version	4.0b3
Build ID	20101221205132
Branch	1.9
OS	Linux
OS Version	0.0.0 Linux 2.6.32.9-g700f0cf #1 PREEMPT Thu Oct 21 23:24:02 CDT 2010 armv7l
CPU	arm
CPU Info	
Crash Reason	SIGSEGV
Crash Address	0x0
User Comments	
Processor Notes 	
EMCheckCompatibility	False

Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	libxul.so 	mozilla::dom::PBrowserChild::SendPContentPermissionRequestConstructor 	PBrowserChild.cpp:631
1 	libxul.so 	nsGeolocation::RegisterRequestWithPrompt 	nsCOMPtr.h:492
2 	libxul.so 	nsGeolocation::WatchPosition 	dom/src/geolocation/nsGeolocation.cpp:1059
3 	libxul.so 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp:199
4 	libxul.so 	XPCWrappedNative::CallMethod 	js/src/xpconnect/src/xpcwrappednative.cpp:3064
5 	libxul.so 	XPC_WN_CallMethod 	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1588
6 	libxul.so 	CallCompiler::generateNativeStub 	js/src/methodjit/MonoIC.cpp:691
7 	libxul.so 	js::mjit::ic::NativeCall 	js/src/methodjit/MonoIC.cpp:898
8 	libxul.so 	libxul.so@0xae0396 	
9 	libxul.so 	js::mjit::ic::NativeCall 	js/src/methodjit/MonoIC.cpp:896
10 	libxul.so 	js::mjit::JaegerShot 	js/src/jsinterp.h:576
11 	libxul.so 	js::Invoke 	js/src/jsinterp.cpp:654
12 	libxul.so 	js::ExternalInvoke 	js/src/jsinterp.cpp:858
13 	libxul.so 	JS_CallFunctionValue 	js/src/jsinterp.h:962
14 	libxul.so 	nsXPCWrappedJSClass::CallMethod 	js/src/xpconnect/src/xpcwrappedjsclass.cpp:1694
15 	libxul.so 	nsXPCWrappedJS::CallMethod 	js/src/xpconnect/src/xpcwrappedjs.cpp:589
16 	libxul.so 	PrepareAndDispatch 	xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:134
17 	libxul.so 	libxul.so@0x956ed4 	
18 	libxul.so 	nsDOMEventListenerWrapper::HandleEvent 	content/events/src/nsDOMEventTargetHelper.cpp:66
19 		@0x4605305f 	
20 	libxul.so 	nsEventListenerManager::HandleEventSubType 	content/events/src/nsEventListenerManager.cpp:1114
21 	libxul.so 	nsEventListenerManager::HandleEventInternal 	content/events/src/nsEventListenerManager.cpp:1211
22 	libxul.so 	nsEventTargetChainItem::HandleEvent 	content/events/src/nsEventListenerManager.h:146
23 	libxul.so 	nsEventTargetChainItem::HandleEventTargetChain 	content/events/src/nsEventDispatcher.cpp:343
24 	libxul.so 	nsEventDispatcher::Dispatch 	content/events/src/nsEventDispatcher.cpp:630
25 	libxul.so 	nsEventDispatcher::DispatchDOMEvent 	content/events/src/nsEventDispatcher.cpp:691
26 	libxul.so 	nsDOMEventTargetHelper::DispatchDOMEvent 	content/events/src/nsDOMEventTargetHelper.cpp:230
27 	libxul.so 	nsXMLHttpRequest::ChangeState 	nsCOMPtr.h:492
28 	libxul.so 	nsXMLHttpRequest::RequestCompleted 	nsTSubstring.h:593
29 	libxul.so 	nsXMLHttpRequest::OnStopRequest 	content/base/src/nsXMLHttpRequest.cpp:2161
30 	libxul.so 	nsCrossSiteListenerProxy::OnStopRequest 	content/base/src/nsCrossSiteListenerProxy.cpp:335
31 	libxul.so 	nsHTTPCompressConv::OnStopRequest 	netwerk/streamconv/converters/nsHTTPCompressConv.cpp:128
32 	libxul.so 	mozilla::net::HttpChannelChild::OnStopRequest 	nsCOMPtr.h:663
33 	libxul.so 	mozilla::net::HttpChannelChild::RecvOnStopRequest 	netwerk/protocol/http/HttpChannelChild.cpp:364
34 	libxul.so 	mozilla::net::PHttpChannelChild::OnMessageReceived 	PHttpChannelChild.cpp:575
35 	libxul.so 	mozilla::dom::PContentChild::OnMessageReceived 	PContentChild.cpp:949
36 	libxul.so 	mozilla::ipc::AsyncChannel::OnDispatchMessage 	ipc/glue/AsyncChannel.cpp:262
37 	libxul.so 	mozilla::ipc::RPCChannel::OnMaybeDequeueOne 	ipc/glue/RPCChannel.cpp:440
38 	libxul.so 	RunnableMethod<mozilla::ipc::RPCChannel, bool , Tuple0>::Run 	ipc/chromium/src/base/task.h:308
39 	libxul.so 	mozilla::ipc::RPCChannel::DequeueTask::Run 	RPCChannel.h:475
40 	libxul.so 	MessageLoop::RunTask 	ipc/chromium/src/base/message_loop.cc:344
41 	libxul.so 	MessageLoop::DeferOrRunPendingTask 	ipc/chromium/src/base/message_loop.cc:354
42 	libxul.so 	MessageLoop::DoWork 	ipc/chromium/src/base/message_loop.cc:451
43 	libxul.so 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:115
44 	libxul.so 	mozilla::ipc::MessagePumpForChildProcess::Run 	ipc/glue/MessagePump.cpp:230
45 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:220
46 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:512
47 	libxul.so 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:198
48 	libxul.so 	XRE_RunAppShell 	toolkit/xre/nsEmbedFunctions.cpp:631
49 	libxul.so 	mozilla::ipc::MessagePumpForChildProcess::Run 	ipc/glue/MessagePump.cpp:222
50 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:220
51 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:512
52 	libxul.so 	XRE_InitChildProcess 	toolkit/xre/nsEmbedFunctions.cpp:510
53 	libmozutils.so 	ChildProcessInit 	other-licenses/android/APKOpen.cpp:691
54 	plugin-container 	main 	ipc/app/MozillaRuntimeMainAndroid.cpp:69
55 	libc.so 	libc.so@0xd412
1114 void
1115 nsGeolocation::RegisterRequestWithPrompt(nsGeolocationRequest* request)
...
1119     nsCOMPtr<nsPIDOMWindow> window = do_QueryReferent(mOwner);
...
1125     TabChild* child = GetTabChildFrom(window->GetDocShell());
...
1132     child->SendPContentPermissionRequestConstructor(request, type, IPC::URI(mURI));

Presumably we're getting a null docshell here, since GetTabChildFrom just does a static_cast on a do_GetInterface.
tracking-fennec: --- → ?
Actually, this certainly doesn't need to block given the extremely low frequency, but it shouldn't be hard to put together a preventative patch.
tracking-fennec: ? → ---
If we give RegisterRequestWithPrompt the opportunity to report failure, we can report the failure and not end up in a weird state.  I don't precisely know what it means when we're finishing up an XMLHttpRequest and don't have a docshell for the window, as the stack seems to show.  I think this patch maintains all current behaviour while simply avoiding the crash.
Attachment #501720 - Flags: review?(doug.turner)
Comment on attachment 501720 [details] [diff] [review]
Fail geolocation operations if we can't do cross-process operations.

the patch is fine on its own.  but I really want to understand why we are failing.  Could you file a follow up and cc' jduell
Attachment #501720 - Flags: review?(doug.turner) → review+
Comment on attachment 501720 [details] [diff] [review]
Fail geolocation operations if we can't do cross-process operations.

This is a low-volume crash that continues to show up occasionally on b4.  This band-aid should prevent it.
Attachment #501720 - Flags: approval2.0?
Attachment #501720 - Flags: approval2.0? → approval2.0+
http://hg.mozilla.org/mozilla-central/rev/d21aa818cd7b
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.