Closed
Bug 835120
Opened 11 years ago
Closed 6 years ago
crash in nsWindowSH::NewResolve
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
People
(Reporter: scoobidiver, Unassigned)
Details
(Keywords: crash)
Crash Data
It's #12 top browser crasher in 19.0b3 with many duplicates. If it's a regression, the regression window might be: http://hg.mozilla.org/releases/mozilla-beta/pushloghtml?fromchange=8b833c1150b5&tochange=8848df2565b6 The first frames of the stack trace are various: Frame Module Signature Source 0 xul.dll nsWindowSH::NewResolve dom/base/nsDOMClassInfo.cpp:7479 1 xul.dll XPC_WN_Helper_NewResolve js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1069 2 mozjs.dll JSObject::getGeneric js/src/jsobjinlines.h:173 3 mozjs.dll js::DirectProxyHandler::get js/src/jsproxy.cpp:587 4 mozjs.dll js::Wrapper::get js/src/jswrapper.cpp:270 5 mozjs.dll proxy_GetGeneric js/src/jsproxy.cpp:2651 Frame Module Signature Source 0 xul.dll nsWindowSH::NewResolve dom/base/nsDOMClassInfo.cpp:7479 1 xul.dll XPC_WN_Helper_NewResolve js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1069 2 mozjs.dll js_FindClassObject js/src/jsobj.cpp:3707 3 mozjs.dll js_GetClassPrototype js/src/jsobj.cpp:5103 4 mozjs.dll js::FindProto js/src/jsobjinlines.h:1442 5 mozjs.dll js::NewObjectWithClassProto js/src/jsobj.cpp:2251 6 mozjs.dll JS_NewObjectWithUniqueType js/src/jsfriendapi.cpp:119 Frame Module Signature Source 0 xul.dll nsWindowSH::NewResolve dom/base/nsDOMClassInfo.cpp:7479 1 xul.dll XPC_WN_Helper_NewResolve js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1069 2 mozjs.dll js::NameOperation js/src/jsinterpinlines.h:432 3 mozjs.dll js::Interpret js/src/jsinterp.cpp:2454 4 mozjs.dll js::RunScript js/src/jsinterp.cpp:318 5 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:381 Frame Module Signature Source 0 xul.dll nsWindowSH::NewResolve dom/base/nsDOMClassInfo.cpp:7126 1 mozjs.dll js::frontend::Parser::primaryExpr js/src/frontend/Parser.cpp:6943 2 xul.dll XPCWrappedNative::GetWrappedNativeOfJSObject js/xpconnect/src/XPCWrappedNative.cpp:1828 3 mozjs.dll js::ValueToId js/src/jsatominlines.h:65 4 gkmedias.dll silk_stereo_MS_to_LR media/libopus/silk/stereo_MS_to_LR.c:62 5 gkmedias.dll _moz_cairo_set_matrix gfx/cairo/cairo/src/cairo.c:1544 6 mozjs.dll js::GetPropertyOperation js/src/jsinterpinlines.h:286 7 mozjs.dll js::Interpret js/src/jsinterp.cpp:2217 8 xul.dll nsScriptSecurityManager::LookupPolicy caps/src/nsScriptSecurityManager.cpp:1106 More reports at: https://crash-stats.mozilla.com/report/list?signature=nsWindowSH%3A%3ANewResolve%28nsIXPConnectWrappedNative*%2C+JSContext*%2C+JSObject*%2C+int%2C+unsigned+int%2C+JSObject**%2C+bool*%29
|
||
Comment 1•11 years ago
|
||
Line 7479 is:
if (sDialogArguments_id == id && win->IsModalContentWindow()) {
|
||
Comment 2•11 years ago
|
||
The signature nsWindowSH::NewResolve has been around in our versions at low volume, but in 19.0b3 it's exploded quite a bit. Also, the amount of dupes isn't as high as I'd estimated from what comment #0 said. This is definitely something to look at.
|
|
||
Updated•11 years ago
|
Component: XPConnect → DOM
|
||
Comment 3•11 years ago
|
||
Here's a buglist of those issues that may be the culprit: https://bugzilla.mozilla.org/buglist.cgi?quicksearch=690970%2C761040%2C765192%2C766973%2C767158%2C785050%2C789975%2C792410%2C803568%2C804605%2C808035%2C811391%2C812647%2C813867%2C815666%2C821329%2C822906%2C825544%2C826471%2C827070%2C827176%2C827225%2C827304%2C828286%2C828480%2C829318%2C829435%2C829858%2C829912%2C830066%2C830214%2C830236%2C830399%2C830920%2C830943%2C830948%2C831095%2C831472%2C831780%2C833427%2C;list_id=5491285 Of these, 6 are in the DOM component: https://bugzilla.mozilla.org/buglist.cgi?quicksearch=826471%2C830399%2C830948%2C831095%2C831472%2C;list_id=5491289 and 2 are related to nsWindowSH: bug 826471 (Andrew's) and bug 830948 (Olli's) Andrew - what are your thoughts on next steps? The URLs don't appear to be helpful, so this will be difficult to repro in QA.
Assignee: nobody → continuation
|
|
||
Comment 4•11 years ago
|
||
Another idea would be to back out speculatively on Nightly/Aurora and watch for a crash volume change, but KaiRo suggests that the volume is likely too low to notice a difference.
|
|
||
Comment 5•11 years ago
|
||
To be clear, we're looking for a low risk backout before Tuesday if we can be confident about what caused this instability.
|
|
||
Comment 6•11 years ago
|
||
Yeah, this crash doesn't show up in the top 300 on Nightly or Aurora. Judging by the code, this should happen on pages that use showModalDialog to pop up a little modal dialog. Crashing on this particular line doesn't really make any sense, and sort of suggests something has gone wrong elsewhere. My patch is the most obviously related, as it does touch this same function, but barring a compiler error, when we run code I changed, we should never run the code that is crashing, so I can't see how it is related. I looked over the list of patches, but I don't see anything that looks like it could be an obvious culprit.
|
|
||
Updated•11 years ago
|
|
|
||
Updated•10 years ago
|
Assignee: continuation → nobody
|
||
Updated•9 years ago
|
Crash Signature: [@ nsWindowSH::NewResolve(nsIXPConnectWrappedNative*, JSContext*, JSObject*, int, unsigned int, JSObject**, bool*)] → [@ nsWindowSH::NewResolve(nsIXPConnectWrappedNative*, JSContext*, JSObject*, int, unsigned int, JSObject**, bool*)]
[@ nsWindowSH::NewResolve]
|
|
||
Comment 8•6 years ago
|
||
This signature disappeared at the end of April. Maybe some WebIDL conversion finally finished off this function.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
|
Assignee | |
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•