Closed Bug 681227 Opened 14 years ago Closed 12 years ago

ACCESS_VOILATION caused by simple add-on (possibly during JS-engine GC cycle)

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
6 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: al.rech, Unassigned)

Details

(Keywords: crash)

Crash Data

Hi! I'm working on a simple add-on that injects custom <script> into every tab on page load and iteracts with that script via DOM events. Addon works fine since 3.6 version through v5, but it causes EXCEPTION_ACCESS_VIOLATION_READ in brand new v6. Here is the crash report: https://crash-stats.mozilla.com/report/index/c3d95282-608b-4157-bd45-dc4442110822 According to stack trace it looks like there is a bug in javascript garbage collector code. It tries to read from already nulled pointer to some class. The bug is 100% reproducable with the addon on my FF6. I don't want to share the addon to a public now, but I'm ready to give it to someone from Firefox developers team to use it as test case. Please, send me a request to al.rech@gmail.com, and I'll send you back the source code.
0 mozjs.dll js::gc::GetGCThingTraceKind js/src/jsgcinlines.h:117 1 xul.dll CheckParticipatesInCycleCollection js/src/xpconnect/src/xpcjsruntime.cpp:471 2 xul.dll nsContentUtils::TraceWrapper 3 xul.dll nsDOMEventTargetWrapperCache::cycleCollection::Trace content/base/src/nsDOMEventTargetWrapperCache.cpp:53 4 xul.dll NoteJSHolder js/src/xpconnect/src/xpcjsruntime.cpp:488 5 mozjs.dll JS_DHashTableEnumerate js/src/jsdhash.cpp:745 6 xul.dll XPCJSRuntime::AddXPConnectRoots js/src/xpconnect/src/xpcjsruntime.cpp:590 7 xul.dll nsXPConnect::BeginCycleCollection js/src/xpconnect/src/nsXPConnect.cpp:515 8 xul.dll nsCycleCollector::BeginCollection xpcom/base/nsCycleCollector.cpp:2602 9 nspr4.dll _PR_WaitCondVar nsprpub/pr/src/threads/combined/prucv.c:204 10 nspr4.dll PR_WaitCondVar nsprpub/pr/src/threads/combined/prucv.c:547 11 xul.dll nsCycleCollectorRunner::Run xpcom/base/nsCycleCollector.cpp:3340 12 xul.dll nsTArray<RowInfo,nsTArrayDefaultAllocator>::AppendElements obj-firefox/dist/include/nsTArray.h:803 13 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:618 14 xul.dll nsThreadStartupEvent::Run xpcom/threads/nsThread.cpp:202 15 nspr4.dll _PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c:426 16 nspr4.dll pr_root nsprpub/pr/src/md/windows/w95thred.c:122 17 mozcrt19.dll _callthreadstartex obj-firefox/memory/jemalloc/crtsrc/threadex.c:348 18 mozcrt19.dll _threadstartex obj-firefox/memory/jemalloc/crtsrc/threadex.c:326 19 kernel32.dll BaseThreadInitThunk 20 ntdll.dll __RtlUserThreadStart 21 ntdll.dll _RtlUserThreadStart
Crash Signature: [@ js::gc::GetGCThingTraceKind(void const*) ]
Keywords: crash
Still crashes in latest v6.0.2 :(
v7.0 still demonstrates this bug. Hello! Does anybody have an interest to research the bug that makes FF to crash doing a pure javascript? ;)
Friends, I'm really sorry to bother, but v7.0.1 crashes too.
(In reply to Aleksey from comment #4) > Friends, I'm really sorry to bother, but v7.0.1 crashes too. still? what is a current crash ID? And what is the addon?
Flags: needinfo?(al.rech)
(In reply to Wayne Mery (:wsmwk) from comment #5) > still? > > what is a current crash ID? > And what is the addon? Sorry, have no idea. I've abandoned the addon a few years ago. Not sure if I'll be able to find it source code. I'll write back if I do...
Flags: needinfo?(al.rech)
Thanks
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.