The default bug view has changed. See this FAQ.

Venkman crash in XrayWrapper<JSCrossCompartmentWrapper>::createHolder

RESOLVED FIXED

Status

()

Core
XPConnect
--
critical
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Ian Neal, Unassigned)

Tracking

({crash, regression})

Trunk
x86_64
Linux
crash, regression
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
Steps to reproduce:
1/ Start Browser
2/ Start JS Debugger

Expected Result:
1/ JS Debugger starts and lets you debug JS

Actual Result:
1/ Segfault and crash

Program received signal SIGSEGV, Segmentation fault.
xpc::XrayWrapper<JSCrossCompartmentWrapper>::createHolder (cx=0x7fffd7db5c00, 
    wrappedNative=0x7fffe2cf6340, parent=<value optimized out>)
    at /home/gizmo/comm-central/mozilla/js/src/xpconnect/wrappers/XrayWrapper.cpp:914
914	    XPCWrappedNative *wn = GetWrappedNative(inner);

Start of backtrace:
#0  xpc::XrayWrapper<JSCrossCompartmentWrapper>::createHolder (cx=
    0x7fffd7db5c00, wrappedNative=0x7fffe2cf6340, parent=<value optimized out>)
    at /home/gizmo/comm-central/mozilla/js/src/xpconnect/wrappers/XrayWrapper.cpp:914
#1  0x00007ffff677d113 in xpc::WrapperFactory::Rewrap (cx=0x7fffd7db5c00, obj=
    0x7fffe2cf6340, wrappedProto=0x7fffd80d5208, parent=0x7fffe3a61048, flags=
    0)
    at /home/gizmo/comm-central/mozilla/js/src/xpconnect/wrappers/WrapperFactory.cpp:307
#2  0x00007ffff7127056 in JSCompartment::wrap (this=0x7fffd7d0b000, cx=
    0x7fffd7db5c00, vp=0x7fffffffbe58)
    at /home/gizmo/comm-central/mozilla/js/src/jscompartment.cpp:328
#3  0x00007ffff7126a63 in JSCompartment::wrap (this=<value optimized out>, 
    cx=<value optimized out>, objp=0x7fffffffbe80)
    at /home/gizmo/comm-central/mozilla/js/src/jscompartment.cpp:358
#4  0x00007ffff70feaf6 in JS_WrapObject (cx=<value optimized out>, 
    objp=<value optimized out>)
    at /home/gizmo/comm-central/mozilla/js/src/jsapi.cpp:1313
#5  0x00007ffff6306393 in nsWindowSH::OuterObject (this=<value optimized out>, 
    wrapper=<value optimized out>, cx=<value optimized out>, 
    obj=<value optimized out>, _retval=0x7fffffffbea0)
    at /home/gizmo/comm-central/mozilla/dom/base/nsDOMClassInfo.cpp:7241

I'll try on a full debug build rather than optimized with debugger-info-modules
(Reporter)

Comment 1

6 years ago
With full debug build I get:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff510726a in xpc::CompartmentPrivate::LookupExpandoObjectPreserveColor
    (this=0x0, wn=0x2b23e00)
    at /home/gizmo/comm-central/mozilla/js/src/xpconnect/src/xpcprivate.h:4473
4473	        return expandoMap ? expandoMap->Get(wn) : nsnull;

but looking at the backtrace, just seems to be a couple of extra frames (frame #0 above seems similar to frame #2 below):
#0  0x00007ffff510726a in xpc::CompartmentPrivate::LookupExpandoObjectPreserveColor (this=0x0, wn=0x2b23e00)
    at /home/gizmo/comm-central/mozilla/js/src/xpconnect/src/xpcprivate.h:4473
#1  0x00007ffff51de9b1 in xpc::CompartmentPrivate::LookupExpandoObject (this=
    0x0, wn=0x2b23e00)
    at /home/gizmo/comm-central/mozilla/js/src/xpconnect/wrappers/../src/xpcprivate.h:4481
#2  0x00007ffff51e010d in xpc::XrayWrapper<JSCrossCompartmentWrapper>::createHolder (cx=0x2873110, wrappedNative=0x7fffc29a4c30, parent=0x7fffda244048)
    at /home/gizmo/comm-central/mozilla/js/src/xpconnect/wrappers/XrayWrapper.cpp:915
#3  0x00007ffff51e3606 in xpc::WrapperFactory::Rewrap (cx=0x2873110, obj=
    0x7fffc29a4c30, wrappedProto=0x7fff92fe8208, parent=0x7fffda244048, flags=
    0)
    at /home/gizmo/comm-central/mozilla/js/src/xpconnect/wrappers/WrapperFactory.cpp:307
#4  0x00007ffff61a230f in JSCompartment::wrap (this=0x2f33780, cx=0x2873110, 
    vp=0x7fffffff9ca8)
    at /home/gizmo/comm-central/mozilla/js/src/jscompartment.cpp:328
#5  0x00007ffff61a24fd in JSCompartment::wrap (this=0x2f33780, cx=0x2873110, 
    objp=0x7fffffff9d78)
    at /home/gizmo/comm-central/mozilla/js/src/jscompartment.cpp:358
Just ran into that. :-/
Crashes should have severity "critical".
Severity: major → critical
The patch in bug 657292 should fix this bug as well.
Depends on: 657292
Optimistically marking as fixed based on comment 3.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.