Closed
Bug 787637
Opened 13 years ago
Closed 13 years ago
crash in js::NukeCrossCompartmentWrapper
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
VERIFIED
FIXED
mozilla18
People
(Reporter: scoobidiver, Assigned: bholley)
References
Details
(Keywords: crash, regression, topcrash, Whiteboard: [js:t])
Crash Data
It's #20 top browser crasher in 16.0b1, #26 in 17.0a2, and #34 in 18.0a1.
It first appeared in 17.0a1/20120818 and 16.0a2/20120822. The regression windows are:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=a79132ac2f05&tochange=812ea773f166
http://hg.mozilla.org/releases/mozilla-aurora/pushloghtml?fromchange=d7b344615437&tochange=5e6da3c55e7c
It's a regression from bug 781476.
Signature js::NukeCrossCompartmentWrapper(JSObject*) More Reports Search
UUID dd961717-aafe-41b8-a2ac-a6e252120831
Date Processed 2012-08-31 12:06:21
Uptime 106
Last Crash 23.5 hours before submission
Install Age 1.8 minutes since version was first installed.
Install Time 2012-08-31 12:04:19
Product Firefox
Version 18.0a1
Build ID 20120830030531
Release Channel nightly
OS Windows NT
OS Version 6.1.7601 Service Pack 1
Build Architecture x86
Build Architecture Info GenuineIntel family 6 model 23 stepping 6
Crash Reason EXCEPTION_ACCESS_VIOLATION_READ
Crash Address 0x4
App Notes
AdapterVendorID: 0x1002, AdapterDeviceID: 0x68b8, AdapterSubsysID: 25431002, AdapterDriverVersion: 8.850.0.0
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+
EMCheckCompatibility False
Adapter Vendor ID 0x1002
Adapter Device ID 0x68b8
Total Virtual Memory 4294836224
Available Virtual Memory 3618304000
System Memory Use Percentage 12
Available Page File 39380279296
Available Physical Memory 18852683776
Frame Module Signature Source
0 mozjs.dll js::NukeCrossCompartmentWrapper js/src/jswrapper.cpp:978
1 mozjs.dll js::RemapWrapper js/src/jswrapper.cpp:1058
2 mozjs.dll js::RecomputeWrappers js/src/jswrapper.cpp:1148
3 xul.dll nsPrincipal::SetDomain caps/src/nsPrincipal.cpp:998
4 xul.dll nsHTMLDocument::SetDomain content/html/document/src/nsHTMLDocument.cpp:1012
5 xul.dll nsIDOMHTMLDocument_SetDomain obj-firefox/js/xpconnect/src/dom_quickstubs.cpp:13793
6 mozjs.dll js::Shape::set js/src/jsscopeinlines.h:334
7 mozjs.dll js_NativeSet js/src/jsobj.cpp:4509
8 mozjs.dll js::SetPropertyOperation js/src/jsinterpinlines.h:331
9 mozjs.dll js::Interpret js/src/jsinterp.cpp:2315
10 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:355
11 mozjs.dll js::Invoke js/src/jsinterp.cpp:388
12 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5854
13 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1430
14 xul.dll nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:580
15 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:85
16 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:112
17 xul.dll nsEventListenerManager::HandleEventInternal content/events/src/nsEventListenerManager.cpp:875
18 xul.dll nsEventTargetChainItem::HandleEventTargetChain content/events/src/nsEventDispatcher.cpp:317
19 xul.dll nsEventDispatcher::Dispatch content/events/src/nsEventDispatcher.cpp:640
20 xul.dll DocumentViewerImpl::LoadComplete layout/base/nsDocumentViewer.cpp:1025
21 xul.dll nsDocShell::EndPageLoad docshell/base/nsDocShell.cpp:6414
...
More reports at:
https://crash-stats.mozilla.com/report/list?signature=js%3A%3ANukeCrossCompartmentWrapper%28JSObject*%29
https://crash-stats.mozilla.com/report/list?signature=js%3A%3ANukeCrossCompartmentWrapper
Comment 1•13 years ago
|
||
Beta volume is still pretty low, but as it increased we can get addon and module correlations, as well as URLs. Right now here is what the addon correlation looks like:
js::NukeCrossCompartmentWrapper(JSObject*)|EXCEPTION_ACCESS_VIOLATION_READ (78 crashes)
35% (27/78) vs. 5% (766/16616) plugin@yontoo.com
10% (8/78) vs. 1% (164/16616) OneClickDownloader@OneClickDownloader.com
10% (8/78) vs. 3% (453/16616) {EEE6C361-6118-11DC-9C72-001320C79847}
83% (65/78) vs. 78% (12959/16616) testpilot@labs.mozilla.com (Mozilla Labs - Test Pilot, https://addons.mozilla.org/addon/13661)
6% (5/78) vs. 1% (212/16616) {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} (FlashGot, https://addons.mozilla.org/addon/220)
Updated•13 years ago
|
Comment 2•13 years ago
|
||
Latest correlations for one signature show:
32% (96/302) vs. 5% (2415/47409) plugin@yontoo.com
Trying that as a possible reproducible scenario.
QA Contact: mozillamarcia.knous
Comment 3•13 years ago
|
||
I'm seeing this crash, apparently while setting document.domain in some combination with document.write calls.
https://crash-stats.mozilla.com/report/index/bp-a26d87df-4f98-483c-819d-683d42120905
Assignee | ||
Comment 4•13 years ago
|
||
(In reply to Martijn Wargers [:mw22] (QA - IRC nick: mw22) from comment #3)
> I'm seeing this crash, apparently while setting document.domain in some
> combination with document.write calls.
That makes total sense given the code here. If you can narrow down STR, I'll gladly take a look.
Comment 5•13 years ago
|
||
I'll add it on my things to do, but don't hold your breath on it.
Updated•13 years ago
|
Whiteboard: [js:t]
Assignee | ||
Comment 6•13 years ago
|
||
I think this is bug 789713. Working up a patch now.
Updated•13 years ago
|
Assignee: general → bobbyholley+bmo
Reporter | ||
Comment 7•13 years ago
|
||
There are no crashes after 18.0a1/20120911 matching the fix of bug 789713.
Status: NEW → RESOLVED
Closed: 13 years ago
status-firefox18:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
Comment 8•13 years ago
|
||
(In reply to Scoobidiver from comment #7)
> There are no crashes after 18.0a1/20120911 matching the fix of bug 789713.
That's fantastic news, thanks Scoobidiver - we'll be able to verify in 16b4 as well in that case.
Reporter | ||
Comment 9•13 years ago
|
||
There are no crashes after 17.0a2/20120714 for the same reason.
I guess the same thing in 16.0b4.
You need to log in
before you can comment on or make changes to this bug.
Description
•