Closed
Bug 763912
Opened 12 years ago
Closed 5 years ago
crash in nsJSContext::ExecuteScript @ JS_ExecuteScript mainly with Free Download Manager
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WONTFIX
| Tracking | Status | |
|---|---|---|
| firefox18 | --- | affected |
| firefox19 | - | affected |
| firefox20 | --- | unaffected |
| firefox21 | --- | unaffected |
| fennec | - | --- |
People
(Reporter: nhirata, Unassigned)
Details
(Keywords: crash, Whiteboard: [js:t][startupcrash])
Crash Data
This bug was filed from the Socorro interface and is report bp-b7ea8f86-4a04-4432-96ec-1e8692120610 . ============================================================= Frame Module Signature Source 0 libxul.so JS_ExecuteScript js/src/jsapi.cpp:5298 1 libxul.so nsFrameScriptExecutor::LoadFrameScriptInternal content/base/src/nsFrameMessageManager.cpp:732 2 libxul.so nsInProcessTabChildGlobal::LoadFrameScript content/base/src/nsInProcessTabChildGlobal.cpp:326 3 libxul.so LoadScript content/base/src/nsFrameLoader.cpp:2035 4 libxul.so nsFrameMessageManager::LoadFrameScript content/base/src/nsFrameMessageManager.cpp:142 5 libxul.so nsFrameMessageManager::LoadFrameScript content/base/src/nsFrameMessageManager.cpp:151 6 libxul.so NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp:160 7 libxul.so XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:3107 8 libxul.so XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1500 9 libxul.so js::InvokeKernel js/src/jscntxtinlines.h:395 10 libxul.so js::Interpret js/src/jsinterp.cpp:2456 11 libxul.so js::RunScript js/src/jsinterp.cpp:267 12 libxul.so js::Invoke js/src/jsinterp.cpp:322 13 libxul.so JS_CallFunctionValue js/src/jsapi.cpp:5481 14 libxul.so nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1474 15 libxul.so nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:579 16 libxul.so PrepareAndDispatch xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:105 17 libxul.so libxul.so@0xa6edd7 18 libxul.so nsObserverList::NotifyObservers xpcom/ds/nsObserverList.cpp:99 19 libxul.so nsObserverService::NotifyObservers xpcom/ds/nsObserverService.cpp:149 20 libxul.so nsGlobalWindow::DispatchDOMWindowCreated dom/base/nsGlobalWindow.cpp:2139 21 libxul.so nsRunnableMethodImpl<void , true>::Run nsThreadUtils.h:313 22 libxul.so nsContentUtils::RemoveScriptBlocker content/base/src/nsContentUtils.cpp:4883 23 libxul.so DocumentViewerImpl::InitInternal nsContentUtils.h:2189 24 libxul.so DocumentViewerImpl::Init layout/base/nsDocumentViewer.cpp:676 25 libxul.so nsDocShell::SetupNewViewer docshell/base/nsDocShell.cpp:7801 26 libxul.so nsDocShell::Embed docshell/base/nsDocShell.cpp:5880 27 libxul.so nsDocShell::CreateAboutBlankContentViewer docshell/base/nsDocShell.cpp:6615 28 libxul.so nsDocShell::EnsureContentViewer docshell/base/nsDocShell.cpp:6508 29 libxul.so nsDocShell::GetInterface docshell/base/nsDocShell.cpp:941 30 libxul.so nsGetInterface::operator obj-firefox/xpcom/build/nsIInterfaceRequestorUtils.cpp:19 31 libxul.so nsCOMPtr_base::assign_from_helper obj-firefox/xpcom/build/nsCOMPtr.cpp:117 32 libxul.so nsGlobalWindow::GetDocument nsCOMPtr.h:598 33 libxul.so nsGlobalWindow::WrapObject dom/base/nsPIDOMWindow.h:325 34 libxul.so XPCConvert::NativeInterface2JSObject js/xpconnect/src/XPCConvert.cpp:875 35 libxul.so XPCConvert::NativeData2JS js/xpconnect/src/XPCConvert.cpp:323 36 libxul.so XPCWrappedNative::CallMethod js/xpconnect/src/xpcprivate.h:3247 37 libxul.so XPC_WN_GetterSetter js/xpconnect/src/xpcprivate.h:2754 38 libxul.so js::InvokeGetterOrSetter js/src/jscntxtinlines.h:395 39 libxul.so js_NativeGet js/src/jsscopeinlines.h:274 40 libxul.so js::NativeGet js/src/jsinterpinlines.h:135 41 libxul.so js::Interpret js/src/jsinterpinlines.h:374 42 libxul.so js::RunScript js/src/jsinterp.cpp:267 43 libxul.so js::Execute js/src/jsinterp.cpp:455 44 libxul.so JS_ExecuteScript js/src/jsapi.cpp:5320 45 libxul.so nsFrameScriptExecutor::LoadFrameScriptInternal content/base/src/nsFrameMessageManager.cpp:732 46 libxul.so nsInProcessTabChildGlobal::LoadFrameScript content/base/src/nsInProcessTabChildGlobal.cpp:326 47 libxul.so nsAsyncScriptLoad::Run content/base/src/nsInProcessTabChildGlobal.cpp:306 48 libxul.so nsContentUtils::RemoveScriptBlocker content/base/src/nsContentUtils.cpp:4883 49 libxul.so nsDocument::EndUpdate content/base/src/nsDocument.cpp:3994 50 libxul.so nsXULDocument::EndUpdate content/xul/document/src/nsXULDocument.cpp:3303 51 libxul.so mozAutoDocUpdate::~mozAutoDocUpdate content/base/src/mozAutoDocUpdate.h:35 52 libxul.so nsINode::ReplaceOrInsertBefore content/base/src/nsGenericElement.cpp:4352 53 libxul.so nsINode::ReplaceOrInsertBefore nsINode.h:1438 54 libxul.so nsIDOMNode_AppendChild nsINode.h:476 55 libxul.so js::InvokeKernel js/src/jscntxtinlines.h:395 56 libxul.so js::Interpret js/src/jsinterp.cpp:2456 57 libxul.so js::RunScript js/src/jsinterp.cpp:267 58 libxul.so js::Invoke js/src/jsinterp.cpp:322 59 libxul.so JS_CallFunctionValue js/src/jsapi.cpp:5481 60 libxul.so nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1474 61 libxul.so nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:579 62 libxul.so PrepareAndDispatch xpcom/reflect/xptcall/src/md/unix/xptcstubs_arm.cpp:105 63 libxul.so libxul.so@0xa6edd7 64 libxul.so nsObserverList::NotifyObservers xpcom/ds/nsObserverList.cpp:99 65 libxul.so nsObserverService::NotifyObservers xpcom/ds/nsObserverService.cpp:149 66 libxul.so nsAppShell::ProcessNextNativeEvent widget/android/nsAppShell.cpp:493 67 libxul.so nsBaseAppShell::DoProcessNextNativeEvent widget/xpwidgets/nsBaseAppShell.cpp:139 68 libxul.so nsBaseAppShell::OnProcessNextEvent widget/xpwidgets/nsBaseAppShell.cpp:280 69 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:586 70 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:213 71 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:82 72 libxul.so MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:208 73 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:201 74 libxul.so nsBaseAppShell::Run widget/xpwidgets/nsBaseAppShell.cpp:163 75 libxul.so nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:256 76 libxul.so XREMain::XRE_mainRun toolkit/xre/nsAppRunner.cpp:3781 77 libxul.so XREMain::XRE_main toolkit/xre/nsAppRunner.cpp:3858 78 libxul.so XRE_main toolkit/xre/nsAppRunner.cpp:3934 79 libxul.so GeckoStart toolkit/xre/nsAndroidStartup.cpp:73 80 libmozglue.so libmozglue.so@0x10899 81 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x28c3f6 82 libdvm.so libdvm.so@0x1ec72 83 dalvik-heap (deleted) dalvik-heap @0xe1d6de 84 libdvm.so libdvm.so@0x5906b 85 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0x11fa05 86 libmozglue.so libmozglue.so@0x10847 87 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0x1097ba 88 libc.so libc.so@0x14a13 89 libdvm.so libdvm.so@0x98f4d 90 libc.so libc.so@0x15877 91 libmozglue.so libmozglue.so@0x10847 92 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0x1097ba 93 libc.so libc.so@0x15877 94 libmozglue.so libmozglue.so@0x10847 95 data@app@org.mozilla.fennec-1.apk@classes.dex data@app@org.mozilla.fennec-1.apk@classes.dex@0x1097ba 96 libc.so libc.so@0x15ed9 97 libdvm.so libdvm.so@0x5b009 98 core.odex core.odex@0x1e46b6 99 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x347e 100 dalvik-mark-stack (deleted) dalvik-mark-stack @0x36009c2 133 libdvm.so libdvm.so@0x5fb3f 134 libdvm.so libdvm.so@0x6cabb 135 libdvm.so libdvm.so@0xb7c56 136 libdvm.so libdvm.so@0x5fb3f 137 libdvm.so libdvm.so@0xb2f8e 138 libdvm.so libdvm.so@0x5fbef 139 dalvik-mark-stack (deleted) dalvik-mark-stack @0x36009c2 140 libdvm.so libdvm.so@0x5fb3f 141 libc.so libc.so@0x12c1e 142 libc.so libc.so@0x12772 Only 1 URL listed : about:blank Note: not listing as a top crash because of the sheer amount of dups in the crash. See signature listings for more details : https://crash-stats.mozilla.com/report/list?range_value=3&range_unit=days&date=2012-06-12&signature=JS_ExecuteScript&version=FennecAndroid%3A16.0a1
|
||
Comment 1•12 years ago
|
||
The crash in question happens on a line added in bug 746036, so CC'ing dmandelin.
|
||
Updated•12 years ago
|
Assignee: nobody → general
Component: General → JavaScript Engine
Product: Fennec Native → Core
QA Contact: general → general
Whiteboard: [native-crash], startupcrash → [native-crash][startupcrash]
Version: Firefox 16 → Trunk
|
||
Comment 2•12 years ago
|
||
This is the #3 topcrash for Fennec 16, but does not appear in Fennec 14 or 15 crash stats.
tracking-fennec: --- → ?
|
|
||
Updated•12 years ago
|
status-firefox14:
--- → unaffected
status-firefox15:
--- → unaffected
status-firefox16:
--- → affected
|
Reporter | |
Comment 3•12 years ago
|
||
Placing in as topcrash based on comment 2 and https://crash-stats.mozilla.com/topcrasher/byversion/FennecAndroid/16.0a1/7/browser
Keywords: topcrash
|
|
||
Comment 4•12 years ago
|
||
(In reply to Naoki Hirata :nhirata from comment #3) > Placing in as topcrash with only 2 users that hit this crash?
|
||
Updated•12 years ago
|
Whiteboard: [native-crash][startupcrash] → [js:t][native-crash][startupcrash]
|
||
Updated•12 years ago
|
tracking-fennec: ? → +
|
|
||
Updated•12 years ago
|
OS: All → Windows 7
Summary: crash in [@ JS_ExecuteScript] → crash in nsJSContext::ExecuteScript @ JS_ExecuteScript
Whiteboard: [js:t][native-crash][startupcrash] → [js:t][startupcrash]
|
|
||
Updated•12 years ago
|
tracking-fennec: + → ?
status-firefox14:
unaffected → ---
status-firefox15:
unaffected → ---
status-firefox16:
affected → ---
|
||
Comment 5•12 years ago
|
||
I don't see this crash in any of the top crash lists. Not tracking.
tracking-fennec: ? → -
|
|
||
Comment 6•11 years ago
|
||
The stack trace now looks like: Frame Module Signature Source 0 mozjs.dll JS_ExecuteScript js/src/jsapi.cpp:5531 1 xul.dll nsJSContext::ExecuteScript dom/base/nsJSEnvironment.cpp:1661 2 xul.dll nsXULDocument::ExecuteScript content/xul/document/src/nsXULDocument.cpp:3552 3 xul.dll nsXULDocument::ExecuteScript content/xul/document/src/nsXULDocument.cpp:3572 4 xul.dll nsXULDocument::OnStreamComplete content/xul/document/src/nsXULDocument.cpp:3451 5 xul.dll nsStreamLoader::OnStopRequest netwerk/base/src/nsStreamLoader.cpp:101 6 xul.dll nsStreamListenerWrapper::OnStopRequest obj-firefox/dist/include/nsStreamListenerWrapper.h:25 7 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:70 8 xul.dll XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2400 9 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1488 10 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:369 11 mozjs.dll js::Interpret js/src/jsinterp.cpp:2338 12 mozjs.dll js::RunScript js/src/jsinterp.cpp:326 13 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:381 14 mozjs.dll js::Invoke js/src/jsinterp.cpp:414 15 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5771 16 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1432 More reports at: https://crash-stats.mozilla.com/report/list?signature=JS_ExecuteScript https://crash-stats.mozilla.com/report/list?signature=JS_ExecuteScript%28JSContext*%2C+JSObject*%2C+JSScript*%2C+JS%3A%3AValue*%29
Crash Signature: [@ JS_ExecuteScript] → [@ JS_ExecuteScript]
[@ JS_ExecuteScript(JSContext*, JSObject*, JSScript*, JS::Value*)]
status-firefox18:
--- → affected
status-firefox19:
--- → affected
|
|
||
Comment 7•11 years ago
|
||
It's #18 top browser crasher in 19.0b5.
status-firefox20:
--- → unaffected
status-firefox21:
--- → unaffected
tracking-firefox19:
--- → ?
Keywords: topcrash
|
|
||
Comment 8•11 years ago
|
||
It's correlated to Free Download Manager 1.5.7.6 and above:
* 18.0.2:
92% (196/212) vs. 0% (668/137733) fdm_ffext@freedownloadmanager.org
0% (1/212) vs. 0% (7/137733) 1.5.5
0% (0/212) vs. 0% (1/137733) 1.5.7.4
34% (72/212) vs. 0% (290/137733) 1.5.7.6
2% (4/212) vs. 0% (7/137733) 1.5.7.7
56% (119/212) vs. 0% (363/137733) 1.5.7.9
* 19.0 Beta:
88% (123/139) vs. 0% (409/87231) fdm_ffext@freedownloadmanager.org
0% (0/139) vs. 0% (1/87231) 1.5.5
0% (0/139) vs. 0% (3/87231) 1.5.7.4
32% (45/139) vs. 0% (128/87231) 1.5.7.6
0% (0/139) vs. 0% (5/87231) 1.5.7.7
56% (78/139) vs. 0% (272/87231) 1.5.7.9Summary: crash in nsJSContext::ExecuteScript @ JS_ExecuteScript → crash in nsJSContext::ExecuteScript @ JS_ExecuteScript mainly with Free Download Manager
|
||
Updated•11 years ago
|
|
|
||
Comment 9•11 years ago
|
||
CC'ing somebody from FDM (blind guess), and also leaving them a note at http://www.freedownloadmanager.org/support.htm
|
||
Comment 11•11 years ago
|
||
I don't think there is something to do with FDM here.
|
|
||
Comment 12•11 years ago
|
||
(In reply to Alervd from comment #11) > I don't think there is something to do with FDM here. It's a startup crash in 19.0 correlated to FDM: 95% (254/266) vs. 0% (906/192123) fdm_ffext@freedownloadmanager.org 30% (79/266) vs. 0% (398/192123) 1.5.7.6 66% (175/266) vs. 0% (498/192123) 1.5.7.9 I don't know how easy it's reproducible.
|
|
||
Comment 13•11 years ago
|
||
OK, why don't I see the code related to FDM in the stack trace then?
I'll try to explain. It seems - FDM extension's js code uses Firefox objects by some incorrect way. Maybe. But it's Firefox component which must correctly behave on incorrect things.
The only suspicion I have is on this code:
fdm_brcache.js.
function freeDldMgr_brCacheRegisterObserver ()
{
var observerService = Components.classes["@mozilla.org/observer-service;1"]
.getService(Components.interfaces.nsIObserverService);
observerService.addObserver(freeDldMgr_brCacheListener, "http-on-modify-request", false);
observerService.addObserver(freeDldMgr_brCacheListener, "http-on-examine-response", false);
observerService.addObserver(freeDldMgr_brCacheListener, "http-on-examine-cached-response", false);
//observerService.addObserver(freeDldMgr_brCacheListener, "http-on-examine-merged-response", false);
window.addEventListener("unload", freeDldMgr_brCache_unload, false);
}
THEN:
var freeDldMgr_brCacheListener = {
observe: function (subject, topic, data) {
if (false == (subject instanceof Components.interfaces.nsIHttpChannel))
return;
subject.QueryInterface(Components.interfaces.nsIHttpChannel);
var url = freeDldMgr_ExtractUrlFromHttpChannel (subject);
if (topic == "http-on-modify-request")
{
freeDldMgr_FDM1.onHttpActivity (url);
var wndSrc = freeDldMgr_findChannelWindow (subject);
if (wndSrc)
{
wndSrc = wndSrc.top;
if (wndSrc)
freeDldMgr_FDM1.OnNewHttpRequest (url, wndSrc.location.href);
}
return;
}
var newListener = new freeDldMgr_TracingListener();
newListener.Url = url;
newListener.bJustNotify = topic != "http-on-examine-cached-response";
if (newListener.bJustNotify)
freeDldMgr_FDM1.onHttpActivity (url);
var hdrs = freeDldMgr_ExtractHttpHeadersFromHttpChannel (subject);
if (!newListener.bJustNotify)
newListener.httpDlgUID = freeDldMgr_CacheMon.OnNewHttpDialog (url, hdrs.reqH, hdrs.respH);
subject.QueryInterface(Components.interfaces.nsITraceableChannel);
newListener.originalListener = subject.setNewListener(newListener);
},
etc...
AND THE MAIN THING IS HERE (MAYBE):
function freeDldMgr_TracingListener() {
}
freeDldMgr_TracingListener.prototype =
{
originalListener: null,
httpDlgUID : 0,
bJustNotify : false,
Url : "",
bDontCallOriginalListener : false,
onStartRequest: function(request, context) {
try{
this.originalListener.onStartRequest(request, context);
}catch(e){this.bDontCallOriginalListener = true;}
},
onDataAvailable: function(request, context, inputStream, offset, count)
{
if (!this.bJustNotify)
{
//fix for firebug error
if (typeof Cc == "undefined") {
var Cc = Components.classes;
}
if (typeof Ci == "undefined") {
var Ci = Components.interfaces;
}
if (typeof CCIN == "undefined") {
function CCIN(cName, ifaceName){
return Cc[cName].createInstance(Ci[ifaceName]);
}
}
if (typeof CCSV == "undefined") {
function CCSV(cName, ifaceName){
if (Cc[cName])
// if fbs fails to load, the error can be _CC[cName] has no properties
return Cc[cName].getService(Ci[ifaceName]);
else
dumpError("CCSV fails for cName:" + cName);
}
}
var binaryInputStream = CCIN("@mozilla.org/binaryinputstream;1",
"nsIBinaryInputStream");
var storageStream = CCIN("@mozilla.org/storagestream;1", "nsIStorageStream");
var binaryOutputStream = CCIN("@mozilla.org/binaryoutputstream;1","nsIBinaryOutputStream");
binaryInputStream.setInputStream(inputStream);
storageStream.init(8192, count, null);
binaryOutputStream.setOutputStream(storageStream.getOutputStream(0));
// Copy received data as they come.
var data = binaryInputStream.readByteArray (count);
freeDldMgr_CacheMon.OnDataReceived (this.httpDlgUID, count, data);
binaryOutputStream.writeByteArray(data, count);
if (!this.bDontCallOriginalListener)
this.originalListener.onDataAvailable (request, context,
storageStream.newInputStream(0), offset, count);
}
else // bJustNotify is true
{
try {
freeDldMgr_FDM1.onHttpActivity (this.Url);
if (!this.bDontCallOriginalListener)
this.originalListener.onDataAvailable (request, context, inputStream, offset, count);
}catch(e){this.bDontCallOriginalListener = true;}
}
},
onStopRequest: function(request, context, statusCode)
{
if (!this.bJustNotify)
freeDldMgr_CacheMon.OnDialogClosed (this.httpDlgUID);
this.originalListener.onStopRequest(request, context, statusCode);
},
QueryInterface: function (aIID) {
if (aIID.equals(Components.interfaces.nsIStreamListener) || aIID.equals(Components.interfaces.nsISupports))
{
return this;
}
throw Components.results.NS_NOINTERFACE;
}
};
P.S. Sorry, I don't know how to use formatting (if it's available here).|
|
||
Comment 14•11 years ago
|
||
Maybe somebody from Firefox dev team could check this code....
|
|
||
Comment 15•11 years ago
|
||
(In reply to Alervd from comment #14) > Maybe somebody from Firefox dev team could check this code.... Firefox 20 and above are unaffected so it's already fixed.
|
Assignee | |
Updated•10 years ago
|
Assignee: general → nobody
|
||
Comment 16•5 years ago
|
||
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
|
|
||
Comment 17•5 years ago
|
||
Closing because no crashes reported for 12 weeks.
You need to log in
before you can comment on or make changes to this bug.
Description
•