Closed
Bug 644637
Opened 14 years ago
Closed 14 years ago
new trunk topcrash [@ nsQueryInterfaceWithError::operator()(nsID const&, void**)] called from nsDownload::OnStateChange or [@ nsCOMPtr_base::assign_from_qi_with_error | nsDownload::OnStateChange] or [@ XPCWrappedNative::FlatJSObjectFinalized(JSContext*)]
Categories
(Core Graveyard :: File Handling, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla5
People
(Reporter: dbaron, Assigned: bzbarsky)
References
Details
(Keywords: crash, topcrash)
Crash Data
Attachments
(1 file)
|
1.24 KB,
patch
|
sdwilsh
:
review+
|
Details | Diff | Splinter Review |
A new trunk #1 topcrash appeared in yesterday afternoon's builds. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=200a746e0fac&tochange=4902d72f6072
the crashes are:
https://crash-stats.mozilla.com/report/list?product=Firefox&branch=2.2&query_search=signature&query_type=exact&query=&date=03%2F24%2F2011%2009%3A49%3A50&range_value=30&range_unit=days&hang_type=crash&process_type=browser&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=1&signature=nsQueryInterfaceWithError%3A%3Aoperator%28%29%28nsID%20const%26%2C%20void**%29
it appears to be a null dereference.
|
Reporter | |
Comment 1•14 years ago
|
||
|
Assignee | |
Comment 2•14 years ago
|
||
This is a regression from bug 595785, and I'm a doofus. Quoting from the context of that patch:
* The request that's being loaded. Not used after OnStopRequest, so a weak
* reference suffices. Initialized in OnStartRequest.
*/
nsIRequest* mRequest;
That part about "not used after OnStopRequest" is no longer true, of course.
Assignee: nobody → bzbarsky
|
|
Reporter | |
Updated•14 years ago
|
Summary: new trunk topcrash [@ nsQueryInterfaceWithError::operator()(nsID const&, void**)] called from nsDownload::OnStateChange → new trunk topcrash [@ nsQueryInterfaceWithError::operator()(nsID const&, void**)] called from nsDownload::OnStateChange or [@ nsCOMPtr_base::assign_from_qi_with_error | nsDownload::OnStateChange]
|
|
Assignee | |
Comment 3•14 years ago
|
||
Attachment #521537 -
Flags: review?(sdwilsh)
|
|
Assignee | |
Updated•14 years ago
|
Whiteboard: [need review]
|
||
Comment 4•14 years ago
|
||
> Created attachment 521537 [details] [diff] [review]
> Make sure mRequest lives long enough that we don't hand dead objects around.
from patch:
> Nulled out in OnStartRequest
Actually it's initialized in OnStartRequest and nulled out in OnStopRequest (or later)(In reply to comment #3)
|
|
Assignee | |
Comment 5•14 years ago
|
||
Er, yes. Typo fixed locally. Thanks for catching that!
|
||
Comment 6•14 years ago
|
||
Comment on attachment 521537 [details] [diff] [review]
Make sure mRequest lives long enough that we don't hand dead objects around.
r=sdwilsh
Attachment #521537 -
Flags: review?(sdwilsh) → review+
|
|
Assignee | |
Comment 7•14 years ago
|
||
Whiteboard: [need review] → fixed-in-cedar
|
||
Comment 8•14 years ago
|
||
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Whiteboard: fixed-in-cedar
Target Milestone: --- → mozilla2.2
|
|
Reporter | |
Updated•14 years ago
|
Summary: new trunk topcrash [@ nsQueryInterfaceWithError::operator()(nsID const&, void**)] called from nsDownload::OnStateChange or [@ nsCOMPtr_base::assign_from_qi_with_error | nsDownload::OnStateChange] → new trunk topcrash [@ nsQueryInterfaceWithError::operator()(nsID const&, void**)] called from nsDownload::OnStateChange or [@ nsCOMPtr_base::assign_from_qi_with_error | nsDownload::OnStateChange] or [@ XPCWrappedNative::FlatJSObjectFinalized(JSContext*)]
|
||
Updated•14 years ago
|
Crash Signature: [@ nsQueryInterfaceWithError::operator()(nsID const&, void**)]
[@ nsCOMPtr_base::assign_from_qi_with_error | nsDownload::OnStateChange]
[@ XPCWrappedNative::FlatJSObjectFinalized(JSContext*)]
|
|
||
Updated•9 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•