Closed Bug 747847 Opened 8 years ago Closed 7 years ago

crash in nsJSContext::EvaluateString with Skype extension 5.11

Categories

(Firefox :: Extension Compatibility, defect, critical)

12 Branch
x86
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED FIXED
Tracking Status
firefox12 - ---

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash, qawanted, Whiteboard: [startupcrash])

Crash Data

It only affects 12.0 and happens on startup.

Signature 	nsJSContext::EvaluateString(nsAString_internal const&, JSObject*, nsIPrincipal*, nsIPrincipal*, char const*, unsigned int, unsigned int, nsAString_internal*, bool*) More Reports Search
UUID	6b0c78d7-7d07-4f9f-ad5d-666f12120422
Date Processed	2012-04-22 15:21:31
Uptime	1
Last Crash	7 seconds before submission
Install Age	10.8 minutes since version was first installed.
Install Time	2012-04-22 15:10:31
Product	Firefox
Version	12.0
Build ID	20120420145725
Release Channel	release
OS	Windows NT
OS Version	6.1.7601 Service Pack 1
Build Architecture	x86
Build Architecture Info	GenuineIntel family 6 model 37 stepping 5
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x70796b77
App Notes 	
AdapterVendorID: 0x1002, AdapterDeviceID: 0x95c5, AdapterSubsysID: 03421028, AdapterDriverVersion: 8.951.0.0
D2D? D2D+ DWrite? DWrite+ 
EMCheckCompatibility	False	
Total Virtual Memory	4294836224
Available Virtual Memory	3992694784
System Memory Use Percentage	43
Available Page File	12732174336
Available Physical Memory	4886888448

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsJSContext::EvaluateString 	dom/base/nsJSEnvironment.cpp:1437
1 	SkypeFfComponent.dll 	SkypeFfComponent.dll@0x546dc 	
2 	SkypeFfComponent.dll 	SkypeFfComponent.dll@0x7753e 	
3 	SkypeFfComponent.dll 	SkypeFfComponent.dll@0x81cc5 	
4 	SkypeFfComponent.dll 	SkypeFfComponent.dll@0x82093 	
5 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
6 	xul.dll 	XPC_WN_CallMethod 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1542
7 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:519
8 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2791
9 	mozglue.dll 	je_calloc 	memory/jemalloc/jemalloc.c:6481
10 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:466
11 	mozjs.dll 	js::ExecuteKernel 	js/src/jsinterp.cpp:677
12 	mozjs.dll 	js::Execute 	js/src/jsinterp.cpp:718
13 	mozjs.dll 	JS_ExecuteScript 	js/src/jsapi.cpp:5292
14 	xul.dll 	nsJSContext::ExecuteScript 	dom/base/nsJSEnvironment.cpp:1658
15 	xul.dll 	nsXULDocument::ExecuteScript 	content/xul/document/src/nsXULDocument.cpp:3614
16 	xul.dll 	nsXULDocument::ExecuteScript 	content/xul/document/src/nsXULDocument.cpp:3635
17 	xul.dll 	nsXULDocument::OnStreamComplete 	content/xul/document/src/nsXULDocument.cpp:3507
18 	xul.dll 	nsStreamLoader::OnStopRequest 	netwerk/base/src/nsStreamLoader.cpp:127
19 	xul.dll 	nsJARChannel::OnStopRequest 	modules/libjar/nsJARChannel.cpp:924
20 	xul.dll 	nsInputStreamPump::OnStateStop 	netwerk/base/src/nsInputStreamPump.cpp:583
21 	xul.dll 	nsInputStreamPump::OnInputStreamReady 	netwerk/base/src/nsInputStreamPump.cpp:405
22 	xul.dll 	nsInputStreamReadyEvent::Run 	xpcom/io/nsStreamUtils.cpp:114
23 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:657
...

It's correlated to Skype 5.11:
  nsJSContext::EvaluateString(nsAString_internal const&, JSObject*, nsIPrincipal*, nsIPrincipal*, char const*, unsigned int, unsigned int, nsAString_internal*, bool*)|EXCEPTION_ACCESS_VIOLATION_READ (91 crashes)
     77% (70/91) vs.   1% (326/40715) {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
          0% (0/91) vs.   0% (24/40715) 5.10.0.9560
         77% (70/91) vs.   1% (239/40715) 5.11.0.9874
          0% (0/91) vs.   0% (1/40715) 5.3.0.7550
          0% (0/91) vs.   0% (1/40715) 5.6.0.8153
          0% (0/91) vs.   0% (33/40715) 5.6.0.8442
          0% (0/91) vs.   0% (1/40715) 5.8.0.8855
          0% (0/91) vs.   0% (27/40715) 5.9.0.9216

More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsJSContext%3A%3AEvaluateString%28nsAString_internal+const%26%2C+JSObject*%2C+nsIPrincipal*%2C+nsIPrincipal*%2C+char+const*%2C+unsigned+int%2C+unsigned+int%2C+nsAString_internal*%2C+bool*%29
Keywords: qawanted
This jumped from a residual crash to a top-30 crash for 12.* between 2012-04-19 and 2012-04-21, the 20th has 10x the crash volume than the 19th, so either we regressed something in 12.0b6 or there was an add-on release on the 20th that triggered this.
It's #17 in 12.0b6 but not in the top 300 for 12.0b5 so it seems to be our regression between those two.
Looks like it's going pretty low in final again now, #83 in yesterday's data, which was the first full day of 12.0 being released.
We've tried to reproduce this but we haven't been able to reproduce it yet. We'll have another update tomorrow morning.
I dug out a few manual correlations that might help:

nsJSContext::EvaluateString(nsAString_internal const&, JSObject*, nsIPrincipal*, nsIPrincipal*, char const*, unsigned int, unsigned int, nsAString_internal*, bool*)|EXCEPTION_ACCESS_VIOLATION_READ (79 crashes)
     92% (73/79) vs.   1% (626/73266) {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
          0% (0/79) vs.   0% (60/73266) 5.10.0.9560
         91% (72/79) vs.   1% (445/73266) 5.11.0.9874
          0% (0/79) vs.   0% (4/73266) 5.3.0.7280
          0% (0/79) vs.   0% (1/73266) 5.3.0.7550
          0% (0/79) vs.   0% (2/73266) 5.6.0.8153
          0% (0/79) vs.   0% (2/73266) 5.6.0.8312
          0% (0/79) vs.   0% (46/73266) 5.6.0.8442
          0% (0/79) vs.   0% (2/73266) 5.7.0.8773
          0% (0/79) vs.   0% (11/73266) 5.8.0.8855
          1% (1/79) vs.   0% (53/73266) 5.9.0.9216
     30% (24/79) vs.   9% (6907/73266) {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} (Adblock Plus, https://addons.mozilla.org/addon/1865)
          0% (0/79) vs.   0% (46/73266) 1.3.10
          0% (0/79) vs.   0% (1/73266) 1.3.3
          0% (0/79) vs.   0% (2/73266) 1.3.5
          0% (0/79) vs.   0% (4/73266) 1.3.9
          0% (0/79) vs.   0% (5/73266) 2.0.1
          0% (0/79) vs.   0% (4/73266) 2.0.2
         30% (24/79) vs.   9% (6837/73266) 2.0.3
          0% (0/79) vs.   0% (8/73266) 2.0.4b.3445
     18% (14/79) vs.   3% (2326/73266) {37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
          0% (0/79) vs.   0% (1/73266) 2.4.0.40
          0% (0/79) vs.   0% (1/73266) 2.4.0.54
          0% (0/79) vs.   0% (3/73266) 2.5.2.14
          0% (0/79) vs.   0% (2/73266) 2.5.2.22
          0% (0/79) vs.   0% (26/73266) 2.5.2.32
          0% (0/79) vs.   0% (6/73266) 2.5.2.42
          0% (0/79) vs.   0% (2/73266) 2.5.2.48
          0% (0/79) vs.   0% (20/73266) 2.5.2.54
         18% (14/79) vs.   3% (2254/73266) 2.5.2.66
I have been trying to reproduce on XP and Skype Click to Call version 5.11.0.9874 (the one with the higher correlation) going through different scenarios like installing in Fx11betas, upgrading by installing Fx12betas, installing AdBlock Plus, AVG Security Toolbar. No success so far.
I tried as well to reproduce on Win XP, but no luck so far using 5.11.0.9874.
In the last week, this signature has 668 crashes.
Fairly low crasher, so untracking for FF12. I am, however, including Lilian Rincon who may be able to help track this crash down on the Skype side.
WONTFIX: even recent reports are Fx 12.0 only
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
I'd say it's fixed.
Resolution: WONTFIX → FIXED
You need to log in before you can comment on or make changes to this bug.