Closed Bug 879482 Opened 10 years ago Closed 10 years ago

crash in mozilla::dom::UploadLastDir::StoreLastUsedDirectory


(Core :: XPConnect, defect)

24 Branch
Not set



Tracking Status
firefox23 --- unaffected
firefox24 + fixed
fennec 24+ ---


(Reporter: scoobidiver, Assigned: wesj)



(Keywords: crash, regression, topcrash, Whiteboard: [native-crash])

Crash Data


(1 file)

It first showed up in 24.0a1/20130531. The regression range might be (low volume):
It's likely a regression from bug 874689.

The only comment talks about uploading.

Signature 	mozilla::dom::UploadLastDir::StoreLastUsedDirectory(nsIDocument*, nsIDOMFile*) More Reports Search
UUID	6fd3a185-55eb-42ab-b920-0567d2130603
Date Processed	2013-06-03 14:26:06
Uptime	15
Last Crash	18.5 hours before submission
Install Age	15 seconds since version was first installed.
Install Time	2013-06-03 14:25:22
Product	FennecAndroid
Version	24.0a1
Build ID	20130603031140
Release Channel	nightly
OS	Android
OS Version	0.0.0 Linux 3.0.64-CM-gc421809 #1 SMP PREEMPT Sat May 18 04:44:22 PDT 2013 armv7l samsung/t03gxx/t03g:4.1.1/JRO03C/N7100XXALJ3:user/release-keys
Build Architecture	arm
Build Architecture Info	ARMv0
Crash Reason	SIGSEGV
Crash Address	0x0
User Comments	Trying to upload
App Notes 	
AdapterDescription: 'ARM -- Mali-400 MP -- OpenGL ES 2.0 -- Model: GT-N7100, Product: t03gxx, Manufacturer: samsung, Hardware: smdk4x12'
GL Layers! EGL? EGL+ GL Context? GL Context+ GL Layers+ 
samsung GT-N7100
Processor Notes 	sp-processor06_phx1_mozilla_com_6723:2012; exploitability tool: ERROR: unable to analyze dump
EMCheckCompatibility	True
Adapter Vendor ID	ARM
Adapter Device ID	Mali-400 MP
Device	samsung GT-N7100
Android API Version	17 (REL)
Android CPU ABI	armeabi-v7a

Frame 	Module 	Signature 	Source
0 	mozilla::dom::UploadLastDir::StoreLastUsedDirectory 	HTMLInputElement.cpp:559
1 	nsThreadManager::GetIsMainThread 	nsThreadManager.cpp:278
2 	js::CheckedUnwrap 	js/src/jswrapper.cpp:84
3 	XPCCallContext::Init 	XPCCallContext.cpp:148
4 	nsThreadManager::GetIsMainThread 	nsThreadManager.cpp:278
5 	NS_IsMainThread 	nsThreadUtils.cpp:137
6 	nsXPConnect::XPConnect 	xpcprivate.h:485
7 	XPCCallContext::~XPCCallContext 	xpcprivate.h:657
8 	nsXPCWrappedJSClass::BuildPropertyEnumerator 	XPCWrappedJSClass.cpp:426
9 	nsXPCWrappedJS::CallMethod 	XPCWrappedJS.cpp:573
10 	nsXPCWrappedJS::QueryInterface 	XPCWrappedJS.cpp:128
11 	PrepareAndDispatch 	xptcstubs_arm.cpp:105
12 	XPCCallContext::~XPCCallContext 	xpcprivate.h:657
13 	XPC_WN_OnlyIWrite_AddPropertyStub 	XPCWrappedNativeJSOps.cpp:481
14 	arena_malloc 	jemalloc.c:4167
15 	__wrap_malloc 	jemalloc.c:4247
16 	moz_xmalloc 	mozalloc.cpp:54
17 	nsTArray_base<nsTArrayInfallibleAllocator>::EnsureCapacity 	nsTArray.h:192
18 	inDOMViewNode** nsTArray_Impl<inDOMViewNode*, nsTArrayInfallibleAllocator>::Repl 	nsTArray.h:562
19 	nsCOMArray_base::InsertObjectAt 	nsCOMArray.cpp:120
20 	mozilla::dom::HTMLInputElement::nsFilePickerShownCallback::Done 	HTMLInputElement.cpp:341
21 	mozilla::dom::HTMLInputElement::MozSetFileNameArray 	HTMLInputElement.cpp:1753
22 	NS_InvokeByIndex 	xptcinvoke_arm.cpp:164
23 	nsScriptSecurityManager::CheckPropertyAccessImpl 	nsScriptSecurityManager.cpp:816
24 	nsThreadManager::GetIsMainThread 	nsThreadManager.cpp:278
25 	XPCWrappedNative::CallMethod 	XPCWrappedNative.cpp:2938 

More reports at:*%2C+nsIDOMFile*%29
Is the AsyncPromptService using XPConnect off-main-thread?
It's #10 top crasher in 24.0a1.
tracking-fennec: --- → ?
Flags: needinfo?(wjohnston)
Keywords: topcrash
Wes, passing this to you as bug 874689 is the suspected bug here.
Assignee: nobody → wjohnston
Attached patch PatchSplinter Review
I think this is only happening on multiple file picker inputs (Android doesn't support picking multiple files, so they sadly only let you pick one).
Attachment #761800 - Flags: review?
Flags: needinfo?(wjohnston)
Attachment #761800 - Flags: review? → review?(mark.finkle)
tracking-fennec: ? → 24+
Attachment #761800 - Flags: review?(mark.finkle) → review+
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
You need to log in before you can comment on or make changes to this bug.