Last Comment Bug 734019 - The big picture hangs , and finally Browser crashes with null signature
: The big picture hangs , and finally Browser crashes with null signature
Status: RESOLVED WORKSFORME
: addon-compat, regression
Product: Core
Classification: Components
Component: DOM (show other bugs)
: 11 Branch
: x86_64 All
: -- normal with 2 votes (vote)
: ---
Assigned To: :Ms2ger (⌚ UTC+1/+2)
:
: Andrew Overholt [:overholt]
Mentors:
http://www.boston.com/bigpicture/2012...
: 734746 735847 (view as bug list)
Depends on: 745453
Blocks: 707576 734746
  Show dependency treegraph
 
Reported: 2012-03-08 01:09 PST by Dirkjan Ochtman (:djc)
Modified: 2012-06-01 16:22 PDT (History)
20 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
+
wontfix
-
affected
+
fixed
+
unaffected


Attachments
Saved page (188.89 KB, text/html)
2012-03-16 13:19 PDT, Alice0775 White
no flags Details
Beta backout (177.09 KB, patch)
2012-04-10 10:22 PDT, :Ms2ger (⌚ UTC+1/+2)
bugs: review+
akeybl: approval‑mozilla‑beta+
Details | Diff | Splinter Review
Aurora backout (176.86 KB, patch)
2012-04-10 10:23 PDT, :Ms2ger (⌚ UTC+1/+2)
bugs: review+
akeybl: approval‑mozilla‑aurora+
Details | Diff | Splinter Review

Description Dirkjan Ochtman (:djc) 2012-03-08 01:09:12 PST
The URL makes Aurora reliably hang (12.0a2 from 2012-03-04 on Windows 7).
Comment 1 Loic 2012-03-15 00:13:47 PDT
*** Bug 735847 has been marked as a duplicate of this bug. ***
Comment 3 Thomas Ahlblom 2012-03-15 00:54:54 PDT
There are a number of open bugs with slowness/hangs/crashes on http://www.boston.com/bigpicture/, like bug 734746, bug 735437, bug 735440, bug 735441, bug 735446 and bug 735811. Additionally bug 734129 is a crash that has been fixed in FX13.
Comment 4 Alice0775 White 2012-03-15 10:11:36 PDT
I can reproduce on Firefox11.0-14.0a1.

"Warning: Unresponsive script" dialog Pops up and UI is locked.
And finally Browser crashes with null signature.

Step To Reproduce:
1. Start Firefox with clean profile
2. Open http://www.boston.com/bigpicture/2012/03/
3. Click  link "Japan tsunami pictures: before and after"

Actual Results:
"Warning: Unresponsive script" dialog Pops up and UI is locked.
And finally Browser crashes with null signature.

bp-ddaa53c7-7d54-4690-922b-9c3a02120315
bp-edebf2d2-8a94-42b4-9f27-b04152120315


Regression window

No hung up, no "Warning: Unresponsive script" dialog.
And works properly:
http://hg.mozilla.org/mozilla-central/rev/a5e63e00db27
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0a1) Gecko/20111218 Firefox/11.0a1 ID:20111218031140

"Warning: Unresponsive script" dialog Pops up and UI is locked
And finally Browser crashes with null signature:
http://hg.mozilla.org/mozilla-central/rev/543af61eee05
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0a1) Gecko/20111218 Firefox/11.0a1 ID:20111218021643

Script: http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost&charset=utf-8&services=facebook%2Cdigg%2Cstumbleupon%2Ctwitter%2Creddit%2Cdelicious%2Cmixx%2Cmyspace%2Cnewsvine%2Cblogger%2Ctypepad%2Cwordpress%2Ctechnorati%2Clinkedin%2Cslashdot%2Cgoogle_bmarks%2Cyahoo_bmarks%2Cwindows_live%2Cfriendfeed%2Cpropeller%2Cblogmarks%2Cfurl%2Cblinklist%2Cfriendster&style=default&publisher=9afb63cc-565b-4af5-8f8b-95034feb717c:1

  function SHARETHIS_unlink(c) {
    var a;
    switch (SHARETHIS_typeof(c)) {
    case "object":
      a = {};
      for (var e in c) {
>>      a[e] = SHARETHIS_unlink(c[e])
      }
      break;
    case "hash":



Pushlog:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=a5e63e00db27&tochange=543af61eee05

Last good :c3525cd1ce44
First bad :f9f6f9ed788a

Triggered by
f9f6f9ed788a	Ms2ger — Bug 707576 - Remove nsIDOMNSElement; r=smaug
Comment 5 Boris Zbarsky [:bz] (still a bit busy) 2012-03-15 12:25:36 PDT
This is a pretty commonly visited site....
Comment 6 Alex Keybl [:akeybl] 2012-03-16 12:42:43 PDT
Tracking for 11 through 14. We may consider this as a ride-along if we chemspill for FF11.

ms2ger - please prepare a backout patch of bug 707576 for Aurora 13 and Beta 12 so that we can test the backout ahead of a possible chemspill.
Comment 7 Loic 2012-03-16 13:00:34 PDT
I tried today and I'm not able to reproduce the chromehangs (with not responding/unresponsive script warnings), it appears the website has modified its code. Anyway maybe the patch of bug 707576 should be re-examined and tested.
Comment 8 :Ms2ger (⌚ UTC+1/+2) 2012-03-16 13:10:46 PDT
Can't reproduce here. I get two slow script warnings, but no real hang and no crash.
Comment 9 Boris Zbarsky [:bz] (still a bit busy) 2012-03-16 13:13:25 PDT
Do you get the slow script warnings with nighties from before the range in comment 4?
Comment 10 Alice0775 White 2012-03-16 13:19:41 PDT
Created attachment 606705 [details]
Saved page
Comment 11 Alice0775 White 2012-03-16 13:35:42 PDT
I cannot reproduce on the URL comment2 in Firefoc11-14.0a1 anymore.(Though I can reproduce with attachment 606705 [details])
Comment 12 Boris Zbarsky [:bz] (still a bit busy) 2012-03-16 18:43:57 PDT
So I _think_ what happens here is that the big inline script has SHARETHIS_merge caled on two objects, one of which has an "element" property (an HTMLSpanElement) and one of which does not.  In particular, f ends up as undefined, while g is an HTMLSpanElement, so SHARETHIS_unlink is called on the HTMLSpanElement.

And if you look at SHARETHIS_unlink, calling it on any element of a data structure with loops (e.g. a DOM) will put it in an infinite loop.

So presumably we used to not end up landing in there at all....
Comment 13 Boris Zbarsky [:bz] (still a bit busy) 2012-03-26 11:43:20 PDT
I think we should strongly consider backing out bug 707576 (assuming that addresses the issue) on aurora and beta if we don't have another fix plan soonish...
Comment 14 Olli Pettay [:smaug] 2012-03-26 13:36:45 PDT
Ms2ger, could you prepare a backout patch?
Comment 15 Olli Pettay [:smaug] 2012-03-31 13:51:10 PDT
Ms2ger, ping.
Comment 16 :Ms2ger (⌚ UTC+1/+2) 2012-04-04 07:37:18 PDT
https://hg.mozilla.org/try/rev/873519bccfed appears to work (for aurora)
Comment 17 :Ms2ger (⌚ UTC+1/+2) 2012-04-10 10:22:16 PDT
Created attachment 613656 [details] [diff] [review]
Beta backout
Comment 18 :Ms2ger (⌚ UTC+1/+2) 2012-04-10 10:23:53 PDT
Created attachment 613658 [details] [diff] [review]
Aurora backout
Comment 19 :Ms2ger (⌚ UTC+1/+2) 2012-04-10 10:42:40 PDT
Comment on attachment 613656 [details] [diff] [review]
Beta backout

[Approval Request Comment]
Regression caused by (bug #): bug 707576
User impact if declined: The big picture hangs
Testing completed (on m-c, etc.): Passes try
Risk to taking this patch (and alternatives if risky): Reverts to the previous state
String changes made by this patch: None
Comment 20 :Ms2ger (⌚ UTC+1/+2) 2012-04-10 10:42:50 PDT
Comment on attachment 613658 [details] [diff] [review]
Aurora backout

[Approval Request Comment]
Regression caused by (bug #): bug 707576
User impact if declined: The big picture hangs
Testing completed (on m-c, etc.): Passes try
Risk to taking this patch (and alternatives if risky): Reverts to the previous state
String changes made by this patch: None
Comment 21 Alex Keybl [:akeybl] 2012-04-10 11:59:24 PDT
Comment on attachment 613656 [details] [diff] [review]
Beta backout

[Triage Comment]
Approving this backout for Beta 13 since it caused a web regression. Please land asap.
Comment 23 Nomis101 2012-04-11 11:33:49 PDT
It seems this backout has broken building of the Eudora importer in Thunderbird Beta Mac builds:
http://tinderbox.mozilla.org/showlog.cgi?log=Thunderbird-Beta/1334097653.1334101565.32224.gz&fulltext=1
Comment 24 :Ms2ger (⌚ UTC+1/+2) 2012-04-11 11:35:34 PDT
Yes, it would, given that the original landing did as well. The long-term fix is bug 684466.
Comment 25 Justin Wood (:Callek) 2012-04-11 22:54:40 PDT
FYI this backout broke comm-based builds [see-also c#23/24], I just found out with a SeaMonkey beta build run [after not double checking that comm-beta itself was green].

It is rare that a change breaks us, but if possible can we *try* to give an explicit heads up in the future?

This fix should be relatively simple its just not a fix I can do tonight [and rekick release automation in time for the hg outage tomorrow]

If no-one beats me to it, I'll try and whip together a patch to fix comm tomorrow sometime after the hg outage.
Comment 26 Nomis101 2012-04-12 02:56:30 PDT
This is relatively simple to fix, you only need to back out this from comm-beta:
http://hg.mozilla.org/releases/comm-beta/rev/2086df5c1eab
I've done this yesterday on my hard drive and now it builds again. :-)
Comment 27 Boris Zbarsky [:bz] (still a bit busy) 2012-04-12 10:11:12 PDT
Justin, sorry about that.  I didn't realize this patch affected comm-central when I pushed; otherwise I would have pinged you guys...
Comment 28 David :Bienvenu 2012-04-12 10:49:22 PDT
I can fix this...
Comment 30 Benjamin Smedberg [:bsmedberg] 2012-04-17 05:45:27 PDT
This backout involved a rather significant IDL change after beta, which means that binary addons which compiled against beta1 (which is what we recommend) are now crashing or displaying other odd behavior (see bug 745453). Adding the addon-compat keyword, but is there a way we could have accomplished the core of this backout without the IDL changes? Is this something we can undo?
Comment 31 Boris Zbarsky [:bz] (still a bit busy) 2012-04-17 08:58:42 PDT
The point of the patch being backed out was to merge one interface into another.  The backout, if done, kinda has too unmerge the interfaces, and that does involve iid changes...

The only other option is to find which part of the interface merge, exactly, broke the site and try to fix that part assuming _that's_ possible without IDL changes.

Of course we can undo the backout; that will re-break the site in question (which is pretty popular).
Comment 32 Boris Zbarsky [:bz] (still a bit busy) 2012-04-17 08:59:12 PDT
And I'm really sorry the backout didn't happen much sooner.  :(
Comment 33 Alex Keybl [:akeybl] 2012-04-17 10:07:11 PDT
(In reply to Boris Zbarsky (:bz) from comment #32)
> And I'm really sorry the backout didn't happen much sooner.  :(

Let's backout the backout on mozilla-beta if it resolves bug 745453. Losing Mac users is a much bigger risk than the web regression with big picture. Searching through input, there's maybe one mention of big picture w/r/t FF11.
Comment 35 Alex Keybl [:akeybl] 2012-04-23 10:44:59 PDT
I'd like to get some QA around this issue prior to relnoting for FF12, since I have a sneaking suspicion that boston.com has employed a workaround.
Comment 36 Alex Keybl [:akeybl] 2012-04-23 11:44:17 PDT
(In reply to Alex Keybl [:akeybl] from comment #35)
> I'd like to get some QA around this issue prior to relnoting for FF12, since
> I have a sneaking suspicion that boston.com has employed a workaround.

QA has not been able to reproduce the issue across multiple OSs and versions. I don't think we need to track this for release any longer.
Comment 37 Boris Zbarsky [:bz] (still a bit busy) 2012-05-31 21:44:53 PDT
*** Bug 734746 has been marked as a duplicate of this bug. ***
Comment 38 Boris Zbarsky [:bz] (still a bit busy) 2012-05-31 21:45:21 PDT
Not exactly reproducible anymore....
Comment 39 Lukas Blakk [:lsblakk] use ?needinfo 2012-06-01 16:22:20 PDT
[Triage Comment]
Updating status for 14, looks like this was never landed to central (when central was 14) so it shouldn't be affected here.

Note You need to log in before you can comment on or make changes to this bug.