Closed
Bug 820373
Opened 13 years ago
Closed 13 years ago
crash in mozilla::dom::TextEncoderBinding::encode @ mozilla::dom::MaybeWrapValue
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla20
People
(Reporter: scoobidiver, Assigned: emk)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
770 bytes,
patch
|
bzbarsky
:
review+
akeybl
:
approval-mozilla-aurora+
akeybl
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
It's #52 top browser crasher in 19.0a2.
It first showed up in 19.0a1/20121115 and it's discontinuous across builds.
Signature mozilla::dom::MaybeWrapValue(JSContext*, JSObject*, JS::Value*) More Reports Search
UUID 633c0cb5-daac-4121-9573-8e2002121211
Date Processed 2012-12-11 10:52:58
Uptime 27737
Last Crash 7.7 hours before submission
Install Age 8.9 hours since version was first installed.
Install Time 2012-12-11 01:57:02
Product Firefox
Version 20.0a1
Build ID 20121210030747
Release Channel nightly
OS Windows NT
OS Version 6.1.7601 Service Pack 1
Build Architecture x86
Build Architecture Info GenuineIntel family 6 model 42 stepping 7
Crash Reason EXCEPTION_ACCESS_VIOLATION_READ
Crash Address 0x0
App Notes
AdapterVendorID: 0x1002, AdapterDeviceID: 0x9460, AdapterSubsysID: 05021002, AdapterDriverVersion: 8.961.0.0
Has dual GPUs. GPU #2: AdapterVendorID2: 0x8086, AdapterDeviceID2: 0x0122, AdapterSubsysID2: 0000000c, AdapterDriverVersion2: 9.17.10.2867D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ WebGL? EGL? EGL+ GL Context? GL Context+ WebGL+
EMCheckCompatibility True
Adapter Vendor ID 0x1002
Adapter Device ID 0x9460
Total Virtual Memory 4294836224
Available Virtual Memory 530448384
System Memory Use Percentage 75
Available Page File 19421843456
Available Physical Memory 4215230464
Frame Module Signature Source
0 xul.dll mozilla::dom::MaybeWrapValue obj-firefox/dist/include/mozilla/dom/BindingUtils.h:379
1 xul.dll mozilla::dom::TextEncoderBinding::encode obj-firefox/dom/bindings/TextEncoderBinding.cpp:201
2 xul.dll mozilla::dom::TextEncoderBinding::genericMethod obj-firefox/dom/bindings/TextEncoderBinding.cpp:233
3 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:389
4 mozjs.dll js::Interpret js/src/jsinterp.cpp:2341
5 mozjs.dll js::RunScript js/src/jsinterp.cpp:338
6 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:404
7 mozjs.dll js::Invoke js/src/jsinterp.cpp:437
8 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5786
9 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1432
10 xul.dll nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:580
11 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:85
12 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:112
13 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:490
14 winmm.dll timeGetTime
15 xul.dll nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:565
16 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:627
17 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:82
18 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:208
19 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:182
20 xul.dll nsBaseAppShell::Run widget/xpwidgets/nsBaseAppShell.cpp:163
21 xul.dll nsAppShell::Run widget/windows/nsAppShell.cpp:232
22 xul.dll nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:291
23 xul.dll XREMain::XRE_mainRun toolkit/xre/nsAppRunner.cpp:3824
24 xul.dll XREMain::XRE_main toolkit/xre/nsAppRunner.cpp:3891
25 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:4089
More reports at:
https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Adom%3A%3AMaybeWrapValue%28JSContext*%2C+JSObject*%2C+JS%3A%3AValue*%29
|
||
Comment 1•13 years ago
|
||
This is a bug in the patch for bug 764234, as far as I can tell. Specifically, the IDL for TextEncoder.encode says it never returns null. But the implementation will return null without throwing if Uint8Array::Create fails. Which is bad for several reasons...
At least that's my best guess for what's going on there.
Blocks: 764234
status-firefox18:
--- → affected
|
Assignee | |
Comment 2•13 years ago
|
||
Hm, our only non-test usage is sessionStore (bug 794091) and it has been landed on 2012-11-14.
|
|
Assignee | |
Comment 3•13 years ago
|
||
|
|
Assignee | |
Comment 4•13 years ago
|
||
|
|
||
Comment 5•13 years ago
|
||
Comment on attachment 691269 [details] [diff] [review]
Add a null check to TextEncoder.encode()
r=me
Attachment #691269 -
Flags: review?(bzbarsky) → review+
|
|
Assignee | |
Updated•13 years ago
|
Keywords: checkin-needed
|
|
Assignee | |
Comment 6•13 years ago
|
||
Comment on attachment 691269 [details] [diff] [review]
Add a null check to TextEncoder.encode()
[Approval Request Comment]
Bug caused by (feature/regressing bug #): bug 764234
User impact if declined: Crash
Testing completed (on m-c, etc.): Not yet
Risk to taking this patch (and alternatives if risky): Very low
String or UUID changes made by this patch: None
Attachment #691269 -
Flags: approval-mozilla-beta?
Attachment #691269 -
Flags: approval-mozilla-aurora?
|
||
Comment 7•13 years ago
|
||
Comment on attachment 691269 [details] [diff] [review]
Add a null check to TextEncoder.encode()
FF18 crash regression fix with a null check. Approving for branches.
Attachment #691269 -
Flags: approval-mozilla-beta?
Attachment #691269 -
Flags: approval-mozilla-beta+
Attachment #691269 -
Flags: approval-mozilla-aurora?
Attachment #691269 -
Flags: approval-mozilla-aurora+
|
||
Comment 8•13 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/22f0a7ee5348
Should this have a test?
Flags: in-testsuite?
Keywords: checkin-needed
|
|
Assignee | |
Comment 9•13 years ago
|
||
I have no idea how to write a test blowing up Uint8Array::Create. Let's see whether the crashes ceased.
|
|
Assignee | |
Comment 10•13 years ago
|
||
Shouldn't close until we confirm this patch actually stop the crash.
Whiteboard: [leave open]
|
||
Comment 11•13 years ago
|
||
|
|
Assignee | |
Comment 12•13 years ago
|
||
No more new crashes on m-c. Landed on branches.
https://hg.mozilla.org/releases/mozilla-aurora/rev/28932b500692
https://hg.mozilla.org/releases/mozilla-beta/rev/b02a32dfc7a7
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Flags: in-testsuite? → in-testsuite-
Resolution: --- → FIXED
Whiteboard: [leave open]
|
|
||
Comment 13•13 years ago
|
||
status-b2g18:
--- → fixed
Target Milestone: --- → mozilla20
|
||
Comment 14•13 years ago
|
||
Marking FF 18 and 19 as verified based on the fact that there are no post-fix crashes in Socorro:
https://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=contains&query=mozilla%3A%3Adom%3A%3AMaybeWrapValue%28JSContext%2A%2C%20JSObject%2A%2C%20JS%3A%3AValue%2A%29&reason_type=contains&date=01%2F06%2F2013%2014%3A13%3A51&range_value=4&range_unit=weeks&hang_type=any&process_type=any&do_query=1&signature=mozilla%3A%3Adom%3A%3AMaybeWrapValue%28JSContext%2A%2C%20JSObject%2A%2C%20JS%3A%3AValue%2A%29#reports
|
|
||
Comment 15•12 years ago
|
||
There are no new crashes in Socorro with [@ mozilla::dom::MaybeWrapValue(JSContext*, JSObject*, JS::Value*)] signature. Marking FF 20 as verified.
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•