Closed
Bug 656354
Opened 14 years ago
Closed 14 years ago
Firefox 6.0a1 Crash Report [@ nsDocShell::SetDocCurrentStateObj(nsISHEntry*) ] [@ nsDocShell::SetDocCurrentStateObj ] (null pointer dereference)
Categories
(Core :: DOM: Navigation, defect)
Tracking
()
VERIFIED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox6 | - | --- |
People
(Reporter: marcia, Assigned: justin.lebar+bug)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
1.24 KB,
patch
|
sicking
:
review+
|
Details | Diff | Splinter Review |
Seen while reviewing trunk crash stats. Started showing up in Socorro using the 2011051000 build. 100 crashes yesterday.
Possible pushlog regression range: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=9e31df64bfd7&tochange=e0f6db50231f
Possibly Bug 551225 made some changes?
https://crash-stats.mozilla.com/report/index/b06f9a35-946e-41a4-a4f1-e26b52110511
Frame Module Signature [Expand] Source
0 xul.dll nsDocShell::SetDocCurrentStateObj docshell/base/nsDocShell.cpp:7750
1 xul.dll nsDocShell::InternalLoad
2 xul.dll NS_URIChainHasFlags obj-firefox/dist/include/nsNetUtil.h:1559
3 xul.dll LeaveFunction js/src/jsparse.cpp:2841
4 xul.dll xul.dll@0x468df
5 xul.dll xul.dll@0xc951f
6 xul.dll xul.dll@0x3da9df
7 xul.dll xul.dll@0xce76f
8 xul.dll NS_EscapeURL xpcom/io/nsEscape.cpp:476
9 xul.dll xul.dll@0x51a6f
10 mozcrt19.dll arena_dalloc_small obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:4045
11 xul.dll xul.dll@0x203a5f
12 xul.dll nsTHashtable<nsBaseHashtableET<nsCStringHashKey,nsFactoryEntry*> >::s_MatchEntry obj-firefox/dist/include/nsTHashtable.h:375
13 xul.dll nsComponentManagerImpl::GetServiceByContractID xpcom/components/nsComponentManager.cpp:1648
14 xul.dll nsDocShell::QueryInterface docshell/base/nsDocShell.cpp:864
15 xul.dll nsCOMPtr_base::assign_from_qi obj-firefox/xpcom/build/nsCOMPtr.cpp:98
16 xul.dll nsDocShell::LoadURI docshell/base/nsDocShell.cpp:1424
|
Assignee | |
Updated•14 years ago
|
Summary: Firefox 6.0a1 Crash Report [@ nsDocShell::SetDocCurrentStateObj(nsISHEntry*) ] → Firefox 6.0a1 Crash Report [@ nsDocShell::SetDocCurrentStateObj(nsISHEntry*) ] (null pointer dereference)
|
|
Assignee | |
Comment 1•14 years ago
|
||
> Possibly Bug 551225 made some changes?
Ouch. Yes, I think I messed this up.
|
|
Assignee | |
Updated•14 years ago
|
Assignee: nobody → justin.lebar+bug
|
|
Assignee | |
Comment 2•14 years ago
|
||
For reference, here's nsDocShell::SetDocCurrentStateObj before the patch in bug 551225. Note that shEntry may be null!
nsresult
nsDocShell::SetDocCurrentStateObj(nsISHEntry *shEntry)
{
nsresult rv;
nsCOMPtr<nsIDocument> document = do_GetInterface(GetAsSupports(this));
NS_ENSURE_TRUE(document, NS_ERROR_FAILURE);
nsAutoString stateData;
if (shEntry) {
rv = shEntry->GetStateData(stateData);
NS_ENSURE_SUCCESS(rv, rv);
// if shEntry is null, we just set the pending state object to the
// empty string.
}
document->SetCurrentStateObject(stateData);
return NS_OK;
}
|
Reporter | |
Updated•14 years ago
|
tracking-firefox6:
--- → ?
Keywords: regression
|
|
Assignee | |
Comment 3•14 years ago
|
||
Attachment #531673 -
Flags: review?(jonas)
|
|
Assignee | |
Comment 4•14 years ago
|
||
Not sure how the tracking-firefox6 flag got cleared, but setting it to "?" again.
|
||
Comment 5•14 years ago
|
||
I hit this often when using F1.
|
|
Reporter | |
Comment 6•14 years ago
|
||
Adding the Mac specific sig so it gets picked up in crash stats -
[@ nsDocShell::SetDocCurrentStateObj ]
Summary: Firefox 6.0a1 Crash Report [@ nsDocShell::SetDocCurrentStateObj(nsISHEntry*) ] (null pointer dereference) → Firefox 6.0a1 Crash Report [@ nsDocShell::SetDocCurrentStateObj(nsISHEntry*) ] [@ nsDocShell::SetDocCurrentStateObj ] (null pointer dereference)
|
||
Comment 8•14 years ago
|
||
As a note, this has been the #1 crash on trunk for multiple days in a row now.
|
|
Assignee | |
Comment 9•14 years ago
|
||
Jonas, review ping.
Attachment #531673 -
Flags: review?(jonas) → review+
|
|
Assignee | |
Comment 10•14 years ago
|
||
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 11•14 years ago
|
||
Checking crash stats, this looks good for Windows and Mac signatures as they seem to have fallen off since the 17th. There are a few Linux reports such as https://crash-stats.mozilla.com/report/index/b75ff76b-8c8f-45a8-b96d-e61e22110522 which have a build ID=20110520033417. That person is running with a number of extensions.
|
|
Assignee | |
Comment 12•14 years ago
|
||
Not totally sure how to read the crashstats page, but that person appears to be running a TM nightly, and the link in the backtrace [1] doesn't have the fix.
[1] https://crash-stats.mozilla.com/report/index/b75ff76b-8c8f-45a8-b96d-e61e22110522
|
|
Reporter | |
Comment 13•14 years ago
|
||
Sorry, I missed the nightly-tracemonkey part in the report and was just looking at the Build ID. I think we can verify this fixed based on crash-stats. Thanks for the quick turnaround on the fix.
(In reply to comment #12)
> Not totally sure how to read the crashstats page, but that person appears to
> be running a TM nightly, and the link in the backtrace [1] doesn't have the
> fix.
>
> [1]
> https://crash-stats.mozilla.com/report/index/b75ff76b-8c8f-45a8-b96d-
> e61e22110522
Status: RESOLVED → VERIFIED
|
||
Updated•14 years ago
|
Crash Signature: [@ nsDocShell::SetDocCurrentStateObj(nsISHEntry*) ]
[@ nsDocShell::SetDocCurrentStateObj ]
You need to log in
before you can comment on or make changes to this bug.
Description
•