Closed
Bug 799830
Opened 12 years ago
Closed 9 years ago
crash in js::PropertyCache::fullTest (Correlation to Norton Confidential Toolbar)
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: marcia, Unassigned)
References
Details
(Keywords: crash, reproducible)
Crash Data
This bug was filed from the Socorro interface and is report bp-45531e71-ae32-4d60-99de-371522121009 . ============================================================= Seen while looking at crash stats. This is not a huge volume crash, but has a 100% correlation to Norton Confidential Toolbar 2.3.1r14 and there are some early crashes in Firefox 16. It affects Mac and Linux. There have been previous bugs filed about Firefox 15.0.1 not supporting Norton Confidential. Reports are here: https://crash-stats.mozilla.com/report/list?signature=js::PropertyCache::fullTest Frame Module Signature Source 0 XUL js::PropertyCache::fullTest js/src/vm/String.h:828 1 XUL js::Interpret js/src/jspropertycacheinlines.h:58 2 XUL js::RunScript js/src/jsinterp.cpp:301 3 XUL js::InvokeKernel js/src/jsinterp.cpp:355 4 XUL js::Invoke js/src/jsinterp.h:119 5 XUL JS_CallFunctionName js/src/jsapi.cpp:5591 6 libnortonconfidential16.dylib libnortonconfidential16.dylib@0x263a3 7 libnortonconfidential16.dylib libnortonconfidential16.dylib@0xfd5c 8 XUL nsDocLoader::FireOnLocationChange uriloader/base/nsDocLoader.cpp:1391 9 XUL nsDocLoader::FireOnLocationChange uriloader/base/nsDocLoader.cpp:1398 10 XUL nsDocLoader::FireOnLocationChange uriloader/base/nsDocLoader.cpp:1398 11 XUL nsDocShell::SetCurrentURI docshell/base/nsDocShell.cpp:1887 12 XUL nsDocShell::OnNewURI docshell/base/nsDocShell.cpp:9698 13 XUL nsDocShell::InternalLoad docshell/base/nsDocShell.cpp:8598 14 XUL nsDocShell::LoadURI docshell/base/nsDocShell.cpp:1520 15 XUL nsLocation::SetURI dom/base/nsLocation.cpp:336 16 XUL nsLocation::SetHrefWithBase dom/base/nsLocation.cpp:618 17 XUL nsLocation::SetHrefWithContext dom/base/nsLocation.cpp:565 18 XUL nsLocation::SetHref dom/base/nsLocation.cpp:534 19 XUL XUL@0x125dd9f 20 XUL XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:3118 21 XUL XPC_WN_GetterSetter js/xpconnect/src/xpcprivate.h:2819 22 XUL js::InvokeKernel js/src/jscntxtinlines.h:382 23 XUL js::Invoke js/src/jsinterp.h:119 24 XUL js::InvokeGetterOrSetter js/src/jsinterp.cpp:460 25 XUL js::BaseProxyHandler::set js/src/jscntxtinlines.h:450 26 XUL xpc::XrayWrapper<js::SecurityWrapper<js::CrossCompartmentWrapper>,xpc::XPCWrappe js/xpconnect/wrappers/XrayWrapper.cpp:1507 27 XUL proxy_SetGeneric js/src/jsproxy.cpp:1119 28 XUL JSObject::nonNativeSetProperty js/src/jsobj.cpp:2723 29 XUL js::Interpret js/src/jsobjinlines.h:98 30 XUL js::RunScript js/src/jsinterp.cpp:301 31 XUL js::InvokeKernel js/src/jsinterp.cpp:355 32 XUL js_fun_call js/src/jsinterp.h:119 33 XUL js::InvokeKernel js/src/jscntxtinlines.h:382 34 XUL js::Interpret js/src/jsinterp.cpp:2442 35 XUL UncachedInlineCall js/src/methodjit/InvokeHelpers.cpp:327 36 XUL js::mjit::stubs::UncachedCallHelper js/src/methodjit/InvokeHelpers.cpp:410 37 XUL js::mjit::CallCompiler::update js/src/methodjit/MonoIC.cpp:934 38 XUL js::mjit::ic::Call js/src/methodjit/MonoIC.cpp:996 39 @0x98f374f 40 @0x98f2873 41 libmozglue.dylib double_conversion::BignumDtoa mfbt/double-conversion/bignum-dtoa.cc:493 42 Foundation Foundation@0xbf1fc 43 CoreFoundation CoreFoundation@0x33082 44 XUL nsDisplayBackground::nsDisplayBackground layout/base/nsDisplayList.cpp:966 45 @0x7a1fff4f 46 XUL XUL@0x167579f 47 XUL js::RunScript js/src/jsinterp.cpp:301 48 XUL js::InvokeKernel js/src/jsinterp.cpp:355 49 XUL js::mjit::stubs::SlowCall js/src/methodjit/InvokeHelpers.cpp:133 50 XUL SlowCallFromIC js/src/methodjit/MonoIC.cpp:379 51 @0xb2f5f81 52 @0xb2f556b 53 libmozglue.dylib double_conversion::BignumDtoa mfbt/double-conversion/bignum-dtoa.cc:493 54 @0x8000fffe 55 XUL nsHttpsHandler::QueryInterface netwerk/protocol/http/nsHttpHandler.cpp:1659 56 XUL nsComponentManagerImpl::GetServiceByContractID 57 XUL CallGetService obj-firefox/i386/xpcom/build/nsComponentManagerUtils.cpp:62 58 XUL nsIOService::GetProtocolHandler nsCOMPtr.h:408 59 XUL NS_SecurityCompareURIs 60 XUL NS_IsMainThread_P obj-firefox/i386/xpcom/build/nsThreadUtils.cpp:113
Comment 1•12 years ago
|
||
It's #2 top browser crasher on Mac in 16.0.
Crash Signature: [@ js::PropertyCache::fullTest] → [@ js::PropertyCache::fullTest ]
Updated•12 years ago
|
tracking-firefox16:
--- → ?
tracking-firefox17:
--- → ?
Comment 2•12 years ago
|
||
Marcia - can you try to reproduce with Norton Confidential Toolbar? Jorge has reached out to people at Norton to get their eyes on as well.
Keywords: qawanted,
steps-wanted
QA Contact: mozillamarcia.knous
Reporter | ||
Comment 3•12 years ago
|
||
I can reproduce this crash easily using Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:16.0) Gecko/20100101 Firefox/16.0 STR: 1. Install Norton Security Suite for Mac 2 Allow the installation of the Norton Identify Toolbar Version 2.3.1r14 3. Load your Gmail account 4. After selecting some messages to read and deleting some others, I generated a crash. https://crash-stats.mozilla.com/report/index/bp-9ea15f71-5f0e-471f-a60a-0b72b2121011
Comment 4•12 years ago
|
||
Benjamin can you help figure out next steps here now that we have STR?
Assignee: nobody → benjamin
Comment 5•12 years ago
|
||
fwiw, there's no sign of this crashing in 17.0b1 (yet) so if someone can try to reproduce on 17 and later that will help us determine if this is still needing to be tracked.
Keywords: qawanted
Comment 6•12 years ago
|
||
(In reply to Scoobidiver from comment #1) > It's #2 top browser crasher on Mac in 16.0. It's now #34 on Mac in 16.0.1.
Comment 7•12 years ago
|
||
From the stack it appears that libnortonconfidential16.dylib is calling directly into the JSAPI, which is incredibly fragile. I'd be willing to blame the crash on that fact alone...
Comment 8•12 years ago
|
||
Those exact signatures seem to not be present in 17 or higher.
Crash Signature: [@ js::PropertyCache::fullTest ] → [@ js::PropertyCache::fullTest ]
[@ js::PropertyCache::fullTest(JSContext*, unsigned char*, JSObject**, JSObject**, js::PropertyCacheEntry*) ]
Comment 9•12 years ago
|
||
According to email from Benjamin: "This appears to be entirely a bug in Norton using the JSAPI and is not something we can fix in-browser." Untracking for 17 as due to the low volume it's not something we'd spend a lot of resources reaching out to Norton on.
Assignee: benjamin → nobody
Comment 10•11 years ago
|
||
I can reproduce this on Linux, without the Norton toolbar. See crash report (and correlations): https://crash-stats.mozilla.com/report/index/bp-fa5b4754-603a-4fb8-b56f-ab2412130212 Usually, when this happens, I'm editing the wiki page for XPIDL. But, it doesn't happen every time. Roughly, here are STR: 1) Load https://developer.mozilla.org/en-US/docs/XPIDL 2) Click "Edit". 3) Make some edits and wait for crash. Usually, the crash happens in about 2 or 3 minutes, but it's not consistent. Sometimes I can edit the page for quite a while before it crashes, but it will eventually crash.
Updated•11 years ago
|
Assignee: nobody → general
Component: Extension Compatibility → JavaScript Engine
OS: Mac OS X → Linux
Product: Firefox → Core
Version: 16 Branch → Trunk
Comment 11•11 years ago
|
||
I could not reproduce the crash following the STR from Comment 3 on Mac 10.8 with Firefox 22 (the first version of Firefox the toolbar is compatible with)having the Norton Identity Toolbar for Firefox 2.5.2f4 installed. I also tried to reproduce the issue on Ubuntu 13.10 following the STR from Comment 10 or playing with other text editors but I didn't had any luck. I'm removing the qawanted keyword since QA can't reproduce this locally. Please re-add it if you have more details about how the crash can be reproduced.
Keywords: qawanted
Assignee | ||
Updated•10 years ago
|
Assignee: general → nobody
Comment 12•9 years ago
|
||
Per Comment 11
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•