Closed
Bug 785370
Opened 12 years ago
Closed 11 years ago
Tbird crash in XPCWrappedNative::cycleCollection::TraverseImpl with QuickText addon
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: wsmwk, Assigned: standard8)
References
()
Details
(Keywords: crash, regression, reproducible, Whiteboard: [Update Quicktext to 0.9.11.5 if you see this crash][startupcrash][tbird crash][addon][gs])
Crash Data
#1 crash for thunderbird trunk.
startup crash
according to crash-stats, crash started on 2012-08-09
This bug was filed from the Socorro interface and is
report bp-0e01f759-49ce-4974-8204-60b702120809 .
=============================================================
0 @0x103d4a50
1 xul.dll XPCWrappedNative::cycleCollection::TraverseImpl js/xpconnect/src/XPCWrappedNative.cpp:97
2 xul.dll GCGraphBuilder::Traverse xpcom/base/nsCycleCollector.cpp:1759
3 xul.dll nsCycleCollector::MarkRoots xpcom/base/nsCycleCollector.cpp:2082
4 xul.dll nsCycleCollectorRunner::Run xpcom/base/nsCycleCollector.cpp:3083
5 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:624
only *one* firefox crash in one month, and it is not startup
bp-bc56bfab-7377-4e9d-b3a0-fa6982120815 Fx16.0a2
Updated•12 years ago
|
Component: General → XPCOM
Product: Thunderbird → Core
https://crash-stats.mozilla.com/report/index/bp-64b098b9-37ee-4f2f-80aa-a00c22120903
Appears after you click send. The window for writing and in 15-20 seconds crashes. If you disable the add error disappears.
Comment 2•12 years ago
|
||
This is currently the top crasher for Thunderbird 17 - Benjamin any idea what could be going on here ?
Reporter | ||
Comment 3•12 years ago
|
||
(In reply to adminnu from comment #1)
> If you disable the add error disappears.
It looks like QuickText Version 0.9.11.1 stops working in TB17
bp-12d653d4-d556-431e-97d1-9d5d22121013 nails the cause at QuickText addon.
And all the crashes I examined have QuickText installed.
Whiteboard: [startupcrash] → [startupcrash][tbird topcrash][addon]
Comment 4•12 years ago
|
||
This bug has also been reported on Geckozone. Has anyone contacted QuickText's author?
Comment 5•12 years ago
|
||
The quicktext addon does not appear to use any binary components, and a pure-JS really shouldn't be able to make the cycle collector crash. mccr8, want to take a look?
Comment 6•12 years ago
|
||
That's odd. The line in question that is crashing for both of those is:
cb.NoteXPCOMChild(tmp->GetIdentityObject());
GetIdentityObject just grabs a field, and cb and tmp have been touched before this, so I'm not sure what could be wrong.
Assignee: nobody → continuation
Reporter | ||
Comment 7•12 years ago
|
||
http://extensions.hesslow.se/forum/thread/622/0.9.11.3+crashes+18.x+Thunderbird+in+nightly+build/ reports crashes using TB18 but no comments from the author yet
Assignee | ||
Comment 8•12 years ago
|
||
Can anyone reproduce with QuickText installed? A straw poll of the crashes indicates QuickText on the majority of them.
Updated•12 years ago
|
Whiteboard: [startupcrash][tbird topcrash][addon] → [startupcrash][tbird topcrash][addon][gs]
Comment 9•12 years ago
|
||
Steps to reproduce:
1. Launch Thunderbird 17 Beta
2. Install QuickText 0.9.11.3
3. Reply to an email.
4. Wait a few seconds until Thunderbird crashes.
Comment 10•12 years ago
|
||
You can get QuickText 0.9.11.3 from its homepage: http://extensions.hesslow.se/extension/4/Quicktext/
Updated•12 years ago
|
Component: XPCOM → XPConnect
Summary: crash in XPCWrappedNative::cycleCollection::TraverseImpl → Tbird crash in XPCWrappedNative::cycleCollection::TraverseImpl with QuickText addon
Reporter | ||
Comment 11•12 years ago
|
||
no sign yet of a new version, so I've posted more info at hesslow.se
Reporter | ||
Comment 12•12 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #6)
> That's odd. The line in question that is crashing for both of those is:
> cb.NoteXPCOMChild(tmp->GetIdentityObject());
>
> GetIdentityObject just grabs a field, and cb and tmp have been touched
> before this, so I'm not sure what could be wrong.
Given that this is #1 TB17 crash, this could use some immediate attention.
bp-ac826979-82f9-428a-8098-438832121109 @ hang | XPCWrappedNative::cycleCollection::TraverseImpl(XPCWrappedNative::cycleCollection*, void*, nsCycleCollectionTraversalCallback&)
tracking-firefox17:
--- → ?
tracking-firefox18:
--- → ?
Comment 13•12 years ago
|
||
Somebody who knows Thunderbird needs to figure out where this corrupted XPCWrappedNative is coming from. Probably the most useful thing to do is to get the tmp->GetScriptableInfo()->GetJSClass()->name of the native, if any.
I'll try poking around the addon code and see if anything jumps out at me.
Assignee: continuation → nobody
Comment 14•12 years ago
|
||
While it's an important TB topcrash, it's not a Firefox topcrasher or release-blocking priority, so we won't track this - especially for 17 which is about to ship.
Reporter | ||
Comment 15•12 years ago
|
||
TB17 officially released and this is #1 crash - 2k crashes in 4 hours.
The original support topic is a month old, so I'm not going to be pointing users to it and invite flames. The canonical support topic will be a more recent https://getsatisfaction.com/mozilla_messaging/topics/upgrade_to_ver17_results_in_crashes_on_new_email_creation_including_replies
Comment 16•12 years ago
|
||
Has somebody contacted QuickText's author? Can we get a reduced test case?
Reporter | ||
Comment 17•12 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #16)
> Has somebody contacted QuickText's author? Can we get a reduced test case?
comment 7 - not a peep from the author. I'm not a user of quicktext, so I have no vested interest in hounding the author, etc.
Do we really need a reduced testcase? My impression is it crashes outright when making a reply.
Comment 18•12 years ago
|
||
I was using QuickText 0.9.11.3 all the time, and now with Thunderbird 17 it causes a crash as soon as I open a mail. Disabling QuickText fixes the problem, re-enabling it brings back the crashes. The problem is new for Thunderbird 17.
Assignee | ||
Comment 20•12 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #13)
> Somebody who knows Thunderbird needs to figure out where this corrupted
> XPCWrappedNative is coming from. Probably the most useful thing to do is to
> get the tmp->GetScriptableInfo()->GetJSClass()->name of the native, if any.
tmp->GetScriptableInfo() returns 0x0, so we can't get the name.
tmp->mRefCnt.get() is 1, tmp->IsValid() is also 1.
I couldn't really see any other way to determine what the bad wrapper might be.
Comment 22•12 years ago
|
||
So, IsValid() is true, so mFlatJSObject should be non-null. You can try mFlatJSObject->dump() and hopefully that will print out some useful information about the reflector, which should give us some idea of what the XPCWN is.
Assignee | ||
Comment 23•12 years ago
|
||
Ok, here's what I get:
object 0x149023610
class 0x106b0cdd0 XPCWrappedNative_NoHelper
flags:
proto <XPC_WN_NoHelper_Proto_JSClass object at 0x1490270a0>
parent <BackstagePass object at 0x149022060>
private 0x12007c320
reserved slots:
0 (reserved) = null
properties:
((Shape *) 0x149021290) enumerate readonly permanent setterOp=0x102cf13f0 JSString* (0x14902c2c0) = jschar * (0x14902c2d0) = "getCardFromAttribute"
: slot 1 = <function getCardFromAttribute at 0x149038e20>
There's two calls to nsIAddrDatabase::getCardFromAttribute in the extension, so that would probably be right.
Comment 24•12 years ago
|
||
I have not had time to look at this. And if you guys are not able to figure out why Thunderbird is crashing because of my Javascript I'm not sure if I would be able to. And my extension is in Javascript so this should be a bug in Thunderbird and not my extension. If you are able to figure out a work around I can update the extension.
But I will not have time to look at this for at least 2 more weeks.
Comment 25•12 years ago
|
||
if you add a "return;" just at the beginning of the function "wzQuicktextVar()" in the file "wzQuicktextVar.js" then the addon works again, but it seems that the variables (TO, FROM etc) don't work anymore.
Can I upload the addon somewhere, so others can check the problem is indeed there?
Comment 26•12 years ago
|
||
I have been testing,comment out the line "this.mDatabases.push(dir.database);"in the function "wzQuicktextVar()" in the file "wzQuicktextVar.js",it works well!
Hope it helps
Comment 27•12 years ago
|
||
That helps.
Today I use getCardFromAttribute to get a nsIAbCard from an email address. Is there any better way of doing that?
Comment 28•12 years ago
|
||
Is cardForEmailAddress on nsIAbCollection a better way of doing this?
Comment 29•12 years ago
|
||
Found http://lxr.mozilla.org/comm-central/source/mailnews/db/gloda/modules/utils.js#91 and that doesn't crash so I'm just going to use that.
Comment 30•12 years ago
|
||
There is now a beta version up on http://extensions.hesslow.se/extension/4/Quicktext/ (there is a Beta section under the Download button in the upper right corner). I will email the hundred of people that have emailed me today and ask them to test it. And if they don't find any problems I will update it on AMO tomorrow.
And people here please test it and send me feedback
Comment 31•12 years ago
|
||
Put 0.9.11.4, falls far from happening. I will continue to test.
Comment 32•12 years ago
|
||
(In reply to Emil Hesslow from comment #30)
> There is now a beta version up on
> http://extensions.hesslow.se/extension/4/Quicktext/
> And people here please test it and send me feedback
Your 0.9.11.4 beta works perfect for me. Thanks for quick reaction although you only got limited time. Your Users will appreciate it.
Assignee | ||
Updated•12 years ago
|
Crash Signature: [@ XPCWrappedNative::cycleCollection::TraverseImpl(XPCWrappedNative::cycleCollection*, void*, nsCycleCollectionTraversalCallback&)] → [@ XPCWrappedNative::cycleCollection::TraverseImpl(XPCWrappedNative::cycleCollection*, void*, nsCycleCollectionTraversalCallback&)]
[@ ToParticipant ]
Assignee | ||
Updated•12 years ago
|
Crash Signature: [@ XPCWrappedNative::cycleCollection::TraverseImpl(XPCWrappedNative::cycleCollection*, void*, nsCycleCollectionTraversalCallback&)]
[@ ToParticipant ] → [@ XPCWrappedNative::cycleCollection::TraverseImpl(XPCWrappedNative::cycleCollection*, void*, nsCycleCollectionTraversalCallback&)]
[@ ToParticipant ]
[@ CallQueryInterface<nsISupports, nsXPCOMCycleCollectionParticipant> ]
Comment 34•12 years ago
|
||
Quicktext 0.9.11.4 works for me in Thunderbird 17, but it repeatedly crashed Firefox when I tried to download it at http://extensions.hesslow.se/extension/4/Quicktext/ in the new Firefox 17 by clicking on it. I only resolved this when I right-clicked and used "save link as".
Comment 35•12 years ago
|
||
0.9.11.5 is now live on AMO which fixes the crash
Assignee | ||
Comment 36•12 years ago
|
||
Thanks Emil.
I'm going to leave this bug open for now, as I'd to see if I can track down if there is an issue with the interfaces the previous version of the extension was using.
Assignee: nobody → mbanner
Whiteboard: [startupcrash][tbird topcrash][addon][gs] → [Update Quicktext to 0.9.11.5 if you see this crash][startupcrash][tbird topcrash][addon][gs]
Comment 39•12 years ago
|
||
(In reply to Emil Hesslow from comment #35)
> 0.9.11.5 is now live on AMO which fixes the crash
It seems so based on correlations:
XPCWrappedNative::cycleCollection::TraverseImpl(XPCWrappedNative::cycleCollection*, void*, nsCycleCollectionTraversalCallback&)|EXCEPTION_ACCESS_VIOLATION_EXEC (266 crashes)
85% (225/266) vs. 2% (311/14500) {8845e3b3-e8fb-40e2-95e9-ec40294818c4}
58% (153/266) vs. 1% (182/14500) 0.9.11.2
27% (72/266) vs. 1% (89/14500) 0.9.11.3
0% (0/266) vs. 0% (40/14500) 0.9.11.5
Comment 42•12 years ago
|
||
It's #30 top crasher in TB 17.0.2 so not a top crasher according to https://wiki.mozilla.org/CrashKill/Topcrash
Keywords: topcrash
Whiteboard: [Update Quicktext to 0.9.11.5 if you see this crash][startupcrash][tbird topcrash][addon][gs] → [Update Quicktext to 0.9.11.5 if you see this crash][startupcrash][tbird crash][addon][gs]
Assignee | ||
Comment 43•11 years ago
|
||
This seems to have gone away from the topcrash list. So I'm going to close it. If there's still same around with the same signature, they need investigating to check it is with the latest version of the add-on etc.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
Updated•9 years ago
|
Keywords: regressionwindow-wanted
You need to log in
before you can comment on or make changes to this bug.
Description
•