Closed Bug 827274 Opened 12 years ago Closed 12 years ago

crash in `anonymous namespace''::CTypesActivityCallback(JSContext*, js::CTypesActivityType) with wkhtmltopdf

Categories

(Core :: DOM: Workers, defect)

19 Branch
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla21
Tracking Status
firefox18 --- unaffected
firefox19 --- unaffected
firefox20 --- verified
firefox21 --- verified
b2g18 19+ fixed
b2g18-v1.0.0 --- unaffected

People

(Reporter: scoobidiver, Assigned: bent.mozilla)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files, 1 obsolete file)

It first showed up in 20.0a1/20130106 and 19.0a2/20120105. It implies wkhtmltox0.dll which belongs to http://code.google.com/p/wkhtmltopdf/ Signature `anonymous namespace''::CTypesActivityCallback(JSContext*, js::CTypesActivityType) More Reports Search UUID f0aa73b4-aeaf-4b2e-a2bc-903d52130107 Date Processed 2013-01-07 02:24:34 Uptime 521 Last Crash 9.1 minutes before submission Install Age 1.2 hours since version was first installed. Install Time 2013-01-07 01:10:09 Product Firefox Version 19.0a2 Build ID 20130106042019 Release Channel aurora OS Windows NT OS Version 5.1.2600 Service Pack 3 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 28 stepping 2 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x20 App Notes AdapterVendorID: 0x8086, AdapterDeviceID: 0x27ae, AdapterSubsysID: 361a103c, AdapterDriverVersion: 6.14.10.4926 D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- EMCheckCompatibility True Adapter Vendor ID 0x8086 Adapter Device ID 0x27ae Total Virtual Memory 2147352576 Available Virtual Memory 1787080704 System Memory Use Percentage 68 Available Page File 1832902656 Available Physical Memory 336084992 Frame Module Signature Source 0 xul.dll `anonymous namespace'::CTypesActivityCallback dom/workers/RuntimeService.cpp:385 1 mozjs.dll js::ctypes::FunctionType::Call js/src/ctypes/CTypes.cpp:5773 2 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:362 3 mozjs.dll js::Interpret js/src/jsinterp.cpp:2338 4 mozjs.dll js::NewObjectWithClassProto js/src/jsobj.cpp:2218 5 mozjs.dll js::Invoke js/src/jsinterp.cpp:414 6 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5771 7 nspr4.dll PR_GetCurrentThread nsprpub/pr/src/threads/prcthr.c:143 8 @0xc9fea3f 9 @0xffffff86 10 wkhtmltox0.dll wkhtmltox0.dll@0x16c2b4f 11 mozjs.dll ffi_closure_SYSV_inner js/src/ctypes/libffi/src/x86/ffi.c:384 12 wkhtmltox0.dll wkhtmltox0.dll@0x2873b More reports at: https://crash-stats.mozilla.com/report/list?signature=%60anonymous+namespace%27%27%3A%3ACTypesActivityCallback%28JSContext*%2C+js%3A%3ACTypesActivityType%29
I know what's going on here. Patch in a sec.
Assignee: nobody → bent.mozilla
Blocks: 813867
OS: Windows 7 → All
Hardware: x86 → All
Keywords: regression
Version: Trunk → 19 Branch
Attached patch Patch, v1 (obsolete) — Splinter Review
I forgot about ctypes callbacks (which call back into JS from C). The attached patch should do the trick.
Attachment #698688 - Flags: review?(khuey)
Attachment #698688 - Flags: review?(jorendorff)
Attachment #698688 - Flags: review?(jorendorff) → review+
Comment on attachment 698688 [details] [diff] [review] Patch, v1 [Triage Comment] Follow-up fix for code already landed on Aurora and already a+'ed for b2g18; a=me.
Attachment #698688 - Flags: approval-mozilla-b2g18+
Attachment #698688 - Flags: approval-mozilla-aurora+
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Status: REOPENED → ASSIGNED
Attached patch Patch, v1.1Splinter Review
Attachment #698688 - Attachment is obsolete: true
Attachment #699132 - Flags: review?(khuey)
Status: ASSIGNED → RESOLVED
Closed: 12 years ago12 years ago
Resolution: --- → FIXED
Comment on attachment 699132 [details] [diff] [review] Patch, v1.1 [Approval Request Comment] Bug caused by (feature/regressing bug #): 813867 User impact if declined: Some extensions cause crashes when using ctypes in workers. We could back 813867 out of beta I guess. Testing completed (on m-c, etc.): m-c, m-i Risk to taking this patch (and alternatives if risky): As with bug 813867 it's possible we could see deadlocks, though we haven't seen any so far. String or UUID changes made by this patch: None
Attachment #699132 - Flags: approval-mozilla-beta?
Attachment #699132 - Flags: approval-mozilla-aurora?
Target Milestone: mozilla20 → mozilla21
Attachment #698688 - Flags: approval-mozilla-aurora+
Comment on attachment 699132 [details] [diff] [review] Patch, v1.1 For beta, I think a backout makes more sense (unless we're relying on this desktop data, in which case please re-nominate for uplift).
Attachment #699132 - Flags: approval-mozilla-beta?
Attachment #699132 - Flags: approval-mozilla-beta-
Attachment #699132 - Flags: approval-mozilla-aurora?
Attachment #699132 - Flags: approval-mozilla-aurora+
Attached patch Patch for b2g18Splinter Review
[Approval Request Comment] Bug caused by (feature/regressing bug #): Bug 813867 User impact if declined: See bug 813867 comment 53. Testing completed: m-c now for a while, also m-a. Risk to taking this patch (and alternatives if risky): Now that this has baked on two other branches for a while we know it's pretty safe. String or UUID changes made by this patch: None
Attachment #703565 - Flags: approval-mozilla-b2g18?
Attachment #698688 - Flags: approval-mozilla-b2g18+
Given that this is non-blocking we'll hold off on approving for branch landing until after v1.0.0 -- see https://wiki.mozilla.org/Release_Management/B2G_Landing which explains further but the options are either to land to the date branch now so that it gets merged into 1.0.1 after 1/25 or to wait and get b2g18 approval after 1/25 for direct landing to that branch.
Attachment #703565 - Flags: approval-mozilla-b2g18? → approval-mozilla-b2g18+
I backed this out of b2g18 because it caused a perma-orange on linux pgo (only)... https://hg.mozilla.org/releases/mozilla-b2g18/rev/2035414073b7
Checking the crashstats I see no crashes on FF > 19b2 in the last 4 weeks. Verified fixed.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: