Closed
Bug 723894
Opened 12 years ago
Closed 12 years ago
Firefox 13.0a1 Crash @ JSAutoEnterCompartment::enter
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
FIXED
mozilla13
Tracking | Status | |
---|---|---|
firefox11 | --- | unaffected |
firefox12 | + | verified |
People
(Reporter: emk, Assigned: emk)
References
Details
(Keywords: crash, regression, reproducible, Whiteboard: [qa+])
Crash Data
Attachments
(1 file, 1 obsolete file)
2.10 KB,
patch
|
mrbkap
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
https://crash-stats.mozilla.com/report/index/bp-6caad3d3-e728-4b93-b549-82fa52120203 Steps to reproduce: new MouseEvent("click", null);
Assignee | ||
Comment 1•12 years ago
|
||
JSVAL_IS_OBJECT(v) is not equivalent to v.isObject(), but is equivalent to v.isObjectOrNull().
Assignee | ||
Updated•12 years ago
|
Updated•12 years ago
|
Severity: normal → critical
Crash Signature: [@ JSAutoEnterCompartment::enter(JSContext*, JSObject*)]
[@ JSAutoEnterCompartment::enter]
Summary: Firefox 13.0a1 Crash Report [@ JSAutoEnterCompartment::enter(JSContext*, JSObject*) ] → Firefox 13.0a1 Crash @ JSAutoEnterCompartment::enter
Version: unspecified → 12 Branch
Comment 2•12 years ago
|
||
Comment on attachment 594131 [details] [diff] [review] patch Review of attachment 594131 [details] [diff] [review]: ----------------------------------------------------------------- This looks pretty good -- can you add a crashtest for this as well as addressing the comment below? r- for now, but I'm sure r+ on the next patch. ::: js/xpconnect/src/dictionary_helper_gen.py @@ +381,5 @@ > " if (!aCx || !aVal) {\n" > " return NS_OK;\n" > " }\n" > + " NS_ENSURE_STATE(aVal->isObject());\n\n" > + " JSObject& obj = aVal->toObject();\n" I'd rather see this as |JSObject *obj = &aValue->toObject();| that way you can reduce the changes later and to match other toObject() using code in the tree.
Attachment #594131 -
Flags: review?(mrbkap) → review-
Assignee | ||
Comment 3•12 years ago
|
||
Resolved review comments.
Attachment #594131 -
Attachment is obsolete: true
Attachment #594432 -
Flags: review?(mrbkap)
Comment 4•12 years ago
|
||
Comment on attachment 594432 [details] [diff] [review] patch v2 Perfect, thanks.
Attachment #594432 -
Flags: review?(mrbkap) → review+
Assignee | ||
Updated•12 years ago
|
Keywords: checkin-needed
Updated•12 years ago
|
Whiteboard: [autoland-try]
Updated•12 years ago
|
Whiteboard: [autoland-try] → [autoland-in-queue]
Comment 5•12 years ago
|
||
Autoland Patchset: Patches: 594432 Branch: mozilla-central => try Destination: http://hg.mozilla.org/try/rev/d1e88e9e3e63 Try run started, revision d1e88e9e3e63. To cancel or monitor the job, see: https://tbpl.mozilla.org/?tree=Try&rev=d1e88e9e3e63
Comment 6•12 years ago
|
||
Try run for d1e88e9e3e63 is complete. Detailed breakdown of the results available here: https://tbpl.mozilla.org/?tree=Try&rev=d1e88e9e3e63 Results (out of 208 total builds): success: 190 warnings: 18 Builds (or logs if builds failed) available at: http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/autolanduser@mozilla.com-d1e88e9e3e63
Updated•12 years ago
|
Whiteboard: [autoland-in-queue]
Comment 7•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/4dcd64ada95c
Keywords: checkin-needed
Target Milestone: --- → mozilla13
Comment 8•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/4dcd64ada95c
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Comment 9•12 years ago
|
||
Recent regression that will likely spike as our testing audience grows. If considered low risk, we'd definitely consider uplifting a fix if nominated.
Assignee | ||
Comment 10•12 years ago
|
||
Comment on attachment 594432 [details] [diff] [review] patch v2 [Approval Request Comment] Regression caused by (bug #): 709569 User impact if declined: DoS attack can be made because this is a reproducible crash. Testing completed (on m-c, etc.): Crashtest added on m-c. Risk to taking this patch (and alternatives if risky): Low, trivial one line fix. String changes made by this patch: No.
Attachment #594432 -
Flags: approval-mozilla-aurora?
Comment 11•12 years ago
|
||
Comment on attachment 594432 [details] [diff] [review] patch v2 [Triage Comment] Approved for Aurora 12.
Attachment #594432 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Assignee | ||
Updated•12 years ago
|
Keywords: checkin-needed
Whiteboard: [land to aurora]
Comment 13•12 years ago
|
||
Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20100101 Firefox/12.0 Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0 Verified in Firefox 12 beta3 on Windows XP, Mac OS 10.6, ubuntu 11.10. No crash when loading new MouseEvent("click", null); in Error Console. Could previously reproduce.
You need to log in
before you can comment on or make changes to this bug.
Description
•