Closed
Bug 787637
Opened 8 years ago
Closed 8 years ago
crash in js::NukeCrossCompartmentWrapper
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
mozilla18
People
(Reporter: scoobidiver, Assigned: bholley)
References
Details
(Keywords: crash, regression, topcrash, Whiteboard: [js:t])
Crash Data
It's #20 top browser crasher in 16.0b1, #26 in 17.0a2, and #34 in 18.0a1. It first appeared in 17.0a1/20120818 and 16.0a2/20120822. The regression windows are: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=a79132ac2f05&tochange=812ea773f166 http://hg.mozilla.org/releases/mozilla-aurora/pushloghtml?fromchange=d7b344615437&tochange=5e6da3c55e7c It's a regression from bug 781476. Signature js::NukeCrossCompartmentWrapper(JSObject*) More Reports Search UUID dd961717-aafe-41b8-a2ac-a6e252120831 Date Processed 2012-08-31 12:06:21 Uptime 106 Last Crash 23.5 hours before submission Install Age 1.8 minutes since version was first installed. Install Time 2012-08-31 12:04:19 Product Firefox Version 18.0a1 Build ID 20120830030531 Release Channel nightly OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 23 stepping 6 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x4 App Notes AdapterVendorID: 0x1002, AdapterDeviceID: 0x68b8, AdapterSubsysID: 25431002, AdapterDriverVersion: 8.850.0.0 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ EMCheckCompatibility False Adapter Vendor ID 0x1002 Adapter Device ID 0x68b8 Total Virtual Memory 4294836224 Available Virtual Memory 3618304000 System Memory Use Percentage 12 Available Page File 39380279296 Available Physical Memory 18852683776 Frame Module Signature Source 0 mozjs.dll js::NukeCrossCompartmentWrapper js/src/jswrapper.cpp:978 1 mozjs.dll js::RemapWrapper js/src/jswrapper.cpp:1058 2 mozjs.dll js::RecomputeWrappers js/src/jswrapper.cpp:1148 3 xul.dll nsPrincipal::SetDomain caps/src/nsPrincipal.cpp:998 4 xul.dll nsHTMLDocument::SetDomain content/html/document/src/nsHTMLDocument.cpp:1012 5 xul.dll nsIDOMHTMLDocument_SetDomain obj-firefox/js/xpconnect/src/dom_quickstubs.cpp:13793 6 mozjs.dll js::Shape::set js/src/jsscopeinlines.h:334 7 mozjs.dll js_NativeSet js/src/jsobj.cpp:4509 8 mozjs.dll js::SetPropertyOperation js/src/jsinterpinlines.h:331 9 mozjs.dll js::Interpret js/src/jsinterp.cpp:2315 10 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:355 11 mozjs.dll js::Invoke js/src/jsinterp.cpp:388 12 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5854 13 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1430 14 xul.dll nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:580 15 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:85 16 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:112 17 xul.dll nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:875 18 xul.dll nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:317 19 xul.dll nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:640 20 xul.dll DocumentViewerImpl::LoadComplete layout/base/nsDocumentViewer.cpp:1025 21 xul.dll nsDocShell::EndPageLoad docshell/base/nsDocShell.cpp:6414 ... More reports at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3ANukeCrossCompartmentWrapper%28JSObject*%29 https://crash-stats.mozilla.com/report/list?signature=js%3A%3ANukeCrossCompartmentWrapper
|
||
Comment 1•8 years ago
|
||
Beta volume is still pretty low, but as it increased we can get addon and module correlations, as well as URLs. Right now here is what the addon correlation looks like:
js::NukeCrossCompartmentWrapper(JSObject*)|EXCEPTION_ACCESS_VIOLATION_READ (78 crashes)
35% (27/78) vs. 5% (766/16616) plugin@yontoo.com
10% (8/78) vs. 1% (164/16616) OneClickDownloader@OneClickDownloader.com
10% (8/78) vs. 3% (453/16616) {EEE6C361-6118-11DC-9C72-001320C79847}
83% (65/78) vs. 78% (12959/16616) testpilot@labs.mozilla.com (Mozilla Labs - Test Pilot, https://addons.mozilla.org/addon/13661)
6% (5/78) vs. 1% (212/16616) {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} (FlashGot, https://addons.mozilla.org/addon/220)
|
||
Updated•8 years ago
|
|
|
||
Comment 2•8 years ago
|
||
Latest correlations for one signature show: 32% (96/302) vs. 5% (2415/47409) plugin@yontoo.com Trying that as a possible reproducible scenario.
QA Contact: mozillamarcia.knous
|
||
Comment 3•8 years ago
|
||
I'm seeing this crash, apparently while setting document.domain in some combination with document.write calls. https://crash-stats.mozilla.com/report/index/bp-a26d87df-4f98-483c-819d-683d42120905
|
Assignee | |
Comment 4•8 years ago
|
||
(In reply to Martijn Wargers [:mw22] (QA - IRC nick: mw22) from comment #3) > I'm seeing this crash, apparently while setting document.domain in some > combination with document.write calls. That makes total sense given the code here. If you can narrow down STR, I'll gladly take a look.
|
|
||
Comment 5•8 years ago
|
||
I'll add it on my things to do, but don't hold your breath on it.
|
||
Updated•8 years ago
|
Whiteboard: [js:t]
|
|
Assignee | |
Comment 6•8 years ago
|
||
I think this is bug 789713. Working up a patch now.
|
|
||
Updated•8 years ago
|
Assignee: general → bobbyholley+bmo
|
Reporter | |
Comment 7•8 years ago
|
||
There are no crashes after 18.0a1/20120911 matching the fix of bug 789713.
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox18:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
|
|
||
Comment 8•8 years ago
|
||
(In reply to Scoobidiver from comment #7) > There are no crashes after 18.0a1/20120911 matching the fix of bug 789713. That's fantastic news, thanks Scoobidiver - we'll be able to verify in 16b4 as well in that case.
|
|
Reporter | |
Comment 9•8 years ago
|
||
There are no crashes after 17.0a2/20120714 for the same reason. I guess the same thing in 16.0b4.
You need to log in
before you can comment on or make changes to this bug.
Description
•