Closed Bug 835120 Opened 8 years ago Closed 3 years ago

crash in nsWindowSH::NewResolve

Categories

(Core :: DOM: Core & HTML, defect)

19 Branch
x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME
Tracking Status
firefox18 --- affected
firefox19 - affected
firefox20 --- affected
firefox21 --- affected

People

(Reporter: scoobidiver, Unassigned)

Details

(Keywords: crash)

Crash Data

It's #12 top browser crasher in 19.0b3 with many duplicates. If it's a regression, the regression window might be:
http://hg.mozilla.org/releases/mozilla-beta/pushloghtml?fromchange=8b833c1150b5&tochange=8848df2565b6

The first frames of the stack trace are various:
Frame 	Module 	Signature 	Source
0 	xul.dll 	nsWindowSH::NewResolve 	dom/base/nsDOMClassInfo.cpp:7479
1 	xul.dll 	XPC_WN_Helper_NewResolve 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1069
2 	mozjs.dll 	JSObject::getGeneric 	js/src/jsobjinlines.h:173
3 	mozjs.dll 	js::DirectProxyHandler::get 	js/src/jsproxy.cpp:587
4 	mozjs.dll 	js::Wrapper::get 	js/src/jswrapper.cpp:270
5 	mozjs.dll 	proxy_GetGeneric 	js/src/jsproxy.cpp:2651

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsWindowSH::NewResolve 	dom/base/nsDOMClassInfo.cpp:7479
1 	xul.dll 	XPC_WN_Helper_NewResolve 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1069
2 	mozjs.dll 	js_FindClassObject 	js/src/jsobj.cpp:3707
3 	mozjs.dll 	js_GetClassPrototype 	js/src/jsobj.cpp:5103
4 	mozjs.dll 	js::FindProto 	js/src/jsobjinlines.h:1442
5 	mozjs.dll 	js::NewObjectWithClassProto 	js/src/jsobj.cpp:2251
6 	mozjs.dll 	JS_NewObjectWithUniqueType 	js/src/jsfriendapi.cpp:119

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsWindowSH::NewResolve 	dom/base/nsDOMClassInfo.cpp:7479
1 	xul.dll 	XPC_WN_Helper_NewResolve 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1069
2 	mozjs.dll 	js::NameOperation 	js/src/jsinterpinlines.h:432
3 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2454
4 	mozjs.dll 	js::RunScript 	js/src/jsinterp.cpp:318
5 	mozjs.dll 	js::InvokeKernel 	js/src/jsinterp.cpp:381

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsWindowSH::NewResolve 	dom/base/nsDOMClassInfo.cpp:7126
1 	mozjs.dll 	js::frontend::Parser::primaryExpr 	js/src/frontend/Parser.cpp:6943
2 	xul.dll 	XPCWrappedNative::GetWrappedNativeOfJSObject 	js/xpconnect/src/XPCWrappedNative.cpp:1828
3 	mozjs.dll 	js::ValueToId 	js/src/jsatominlines.h:65
4 	gkmedias.dll 	silk_stereo_MS_to_LR 	media/libopus/silk/stereo_MS_to_LR.c:62
5 	gkmedias.dll 	_moz_cairo_set_matrix 	gfx/cairo/cairo/src/cairo.c:1544
6 	mozjs.dll 	js::GetPropertyOperation 	js/src/jsinterpinlines.h:286
7 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:2217
8 	xul.dll 	nsScriptSecurityManager::LookupPolicy 	caps/src/nsScriptSecurityManager.cpp:1106

More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsWindowSH%3A%3ANewResolve%28nsIXPConnectWrappedNative*%2C+JSContext*%2C+JSObject*%2C+int%2C+unsigned+int%2C+JSObject**%2C+bool*%29
Line 7479 is:
  if (sDialogArguments_id == id && win->IsModalContentWindow()) {
The signature nsWindowSH::NewResolve has been around in our versions at low volume, but in 19.0b3 it's exploded quite a bit.
Also, the amount of dupes isn't as high as I'd estimated from what comment #0 said. This is definitely something to look at.
Component: XPConnect → DOM
Another idea would be to back out speculatively on Nightly/Aurora and watch for a crash volume change, but KaiRo suggests that the volume is likely too low to notice a difference.
To be clear, we're looking for a low risk backout before Tuesday if we can be confident about what caused this instability.
Yeah, this crash doesn't show up in the top 300 on Nightly or Aurora.

Judging by the code, this should happen on pages that use showModalDialog to pop up a little modal dialog.  Crashing on this particular line doesn't really make any sense, and sort of suggests something has gone wrong elsewhere.

My patch is the most obviously related, as it does touch this same function, but barring a compiler error, when we run code I changed, we should never run the code that is crashing, so I can't see how it is related.  I looked over the list of patches, but I don't see anything that looks like it could be an obvious culprit.
It's now only #621 browser crasher in 19.0b4.
Assignee: continuation → nobody
Crash Signature: [@ nsWindowSH::NewResolve(nsIXPConnectWrappedNative*, JSContext*, JSObject*, int, unsigned int, JSObject**, bool*)] → [@ nsWindowSH::NewResolve(nsIXPConnectWrappedNative*, JSContext*, JSObject*, int, unsigned int, JSObject**, bool*)] [@ nsWindowSH::NewResolve]
This signature disappeared at the end of April. Maybe some WebIDL conversion finally finished off this function.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.