Closed Bug 644637 Opened 9 years ago Closed 9 years ago

new trunk topcrash [@ nsQueryInterfaceWithError::operator()(nsID const&, void**)] called from nsDownload::OnStateChange or [@ nsCOMPtr_base::assign_from_qi_with_error | nsDownload::OnStateChange] or [@ XPCWrappedNative::FlatJSObjectFinalized(JSContext*)]

Categories

(Core Graveyard :: File Handling, defect)

x86
Windows 7
defect
Not set

Tracking

(Not tracked)

RESOLVED FIXED
mozilla5

People

(Reporter: dbaron, Assigned: bzbarsky)

References

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(1 file)

This is a regression from bug 595785, and I'm a doofus.  Quoting from the context of that patch:

    * The request that's being loaded. Not used after OnStopRequest, so a weak
    * reference suffices. Initialized in OnStartRequest.
    */
   nsIRequest*  mRequest;

That part about "not used after OnStopRequest" is no longer true, of course.
Assignee: nobody → bzbarsky
Summary: new trunk topcrash [@ nsQueryInterfaceWithError::operator()(nsID const&, void**)] called from nsDownload::OnStateChange → new trunk topcrash [@ nsQueryInterfaceWithError::operator()(nsID const&, void**)] called from nsDownload::OnStateChange or [@ nsCOMPtr_base::assign_from_qi_with_error | nsDownload::OnStateChange]
Whiteboard: [need review]
> Created attachment 521537 [details] [diff] [review]
> Make sure mRequest lives long enough that we don't hand dead objects around.

from patch:
> Nulled out in OnStartRequest 

Actually it's initialized in OnStartRequest and nulled out in OnStopRequest (or later)(In reply to comment #3)
Er, yes.  Typo fixed locally.  Thanks for catching that!
Comment on attachment 521537 [details] [diff] [review]
Make sure mRequest lives long enough that we don't hand dead objects around.

r=sdwilsh
Attachment #521537 - Flags: review?(sdwilsh) → review+
http://hg.mozilla.org/projects/cedar/rev/3c5fdab31c67
Whiteboard: [need review] → fixed-in-cedar
http://hg.mozilla.org/mozilla-central/rev/3c5fdab31c67
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Whiteboard: fixed-in-cedar
Target Milestone: --- → mozilla2.2
Summary: new trunk topcrash [@ nsQueryInterfaceWithError::operator()(nsID const&, void**)] called from nsDownload::OnStateChange or [@ nsCOMPtr_base::assign_from_qi_with_error | nsDownload::OnStateChange] → new trunk topcrash [@ nsQueryInterfaceWithError::operator()(nsID const&, void**)] called from nsDownload::OnStateChange or [@ nsCOMPtr_base::assign_from_qi_with_error | nsDownload::OnStateChange] or [@ XPCWrappedNative::FlatJSObjectFinalized(JSContext*)]
Crash Signature: [@ nsQueryInterfaceWithError::operator()(nsID const&, void**)] [@ nsCOMPtr_base::assign_from_qi_with_error | nsDownload::OnStateChange] [@ XPCWrappedNative::FlatJSObjectFinalized(JSContext*)]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.