crash in mozilla::dom::UploadLastDir::StoreLastUsedDirectory

RESOLVED FIXED in Firefox 24

Status

()

defect
--
critical
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: scoobidiver, Assigned: wesj)

Tracking

({crash, regression, topcrash})

24 Branch
mozilla24
ARM
Android
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox23 unaffected, firefox24+ fixed, fennec24+)

Details

(Whiteboard: [native-crash], crash signature)

Attachments

(1 attachment)

It first showed up in 24.0a1/20130531. The regression range might be (low volume):
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=f66d956d188e&tochange=3c6f2394995d
It's likely a regression from bug 874689.

The only comment talks about uploading.

Signature 	mozilla::dom::UploadLastDir::StoreLastUsedDirectory(nsIDocument*, nsIDOMFile*) More Reports Search
UUID	6fd3a185-55eb-42ab-b920-0567d2130603
Date Processed	2013-06-03 14:26:06
Uptime	15
Last Crash	18.5 hours before submission
Install Age	15 seconds since version was first installed.
Install Time	2013-06-03 14:25:22
Product	FennecAndroid
Version	24.0a1
Build ID	20130603031140
Release Channel	nightly
OS	Android
OS Version	0.0.0 Linux 3.0.64-CM-gc421809 #1 SMP PREEMPT Sat May 18 04:44:22 PDT 2013 armv7l samsung/t03gxx/t03g:4.1.1/JRO03C/N7100XXALJ3:user/release-keys
Build Architecture	arm
Build Architecture Info	ARMv0
Crash Reason	SIGSEGV
Crash Address	0x0
User Comments	Trying to upload
App Notes 	
AdapterDescription: 'ARM -- Mali-400 MP -- OpenGL ES 2.0 -- Model: GT-N7100, Product: t03gxx, Manufacturer: samsung, Hardware: smdk4x12'
GL Layers! EGL? EGL+ GL Context? GL Context+ GL Layers+ 
samsung GT-N7100
samsung/t03gxx/t03g:4.1.1/JRO03C/N7100XXALJ3:user/release-keys
Processor Notes 	sp-processor06_phx1_mozilla_com_6723:2012; exploitability tool: ERROR: unable to analyze dump
EMCheckCompatibility	True
Adapter Vendor ID	ARM
Adapter Device ID	Mali-400 MP
Device	samsung GT-N7100
Android API Version	17 (REL)
Android CPU ABI	armeabi-v7a

Frame 	Module 	Signature 	Source
0 	libxul.so 	mozilla::dom::UploadLastDir::StoreLastUsedDirectory 	HTMLInputElement.cpp:559
1 	libxul.so 	nsThreadManager::GetIsMainThread 	nsThreadManager.cpp:278
2 	libxul.so 	js::CheckedUnwrap 	js/src/jswrapper.cpp:84
3 	libxul.so 	XPCCallContext::Init 	XPCCallContext.cpp:148
4 	libxul.so 	nsThreadManager::GetIsMainThread 	nsThreadManager.cpp:278
5 	libxul.so 	NS_IsMainThread 	nsThreadUtils.cpp:137
6 	libxul.so 	nsXPConnect::XPConnect 	xpcprivate.h:485
7 	libxul.so 	XPCCallContext::~XPCCallContext 	xpcprivate.h:657
8 	libxul.so 	nsXPCWrappedJSClass::BuildPropertyEnumerator 	XPCWrappedJSClass.cpp:426
9 	libxul.so 	nsXPCWrappedJS::CallMethod 	XPCWrappedJS.cpp:573
10 	libxul.so 	nsXPCWrappedJS::QueryInterface 	XPCWrappedJS.cpp:128
11 	libxul.so 	PrepareAndDispatch 	xptcstubs_arm.cpp:105
12 	libxul.so 	XPCCallContext::~XPCCallContext 	xpcprivate.h:657
13 	libxul.so 	XPC_WN_OnlyIWrite_AddPropertyStub 	XPCWrappedNativeJSOps.cpp:481
14 	libmozglue.so 	arena_malloc 	jemalloc.c:4167
15 	libmozglue.so 	__wrap_malloc 	jemalloc.c:4247
16 	libmozalloc.so 	moz_xmalloc 	mozalloc.cpp:54
17 	libxul.so 	nsTArray_base<nsTArrayInfallibleAllocator>::EnsureCapacity 	nsTArray.h:192
18 	libxul.so 	inDOMViewNode** nsTArray_Impl<inDOMViewNode*, nsTArrayInfallibleAllocator>::Repl 	nsTArray.h:562
19 	libxul.so 	nsCOMArray_base::InsertObjectAt 	nsCOMArray.cpp:120
20 	libxul.so 	mozilla::dom::HTMLInputElement::nsFilePickerShownCallback::Done 	HTMLInputElement.cpp:341
21 	libxul.so 	mozilla::dom::HTMLInputElement::MozSetFileNameArray 	HTMLInputElement.cpp:1753
22 	libxul.so 	NS_InvokeByIndex 	xptcinvoke_arm.cpp:164
23 	libxul.so 	nsScriptSecurityManager::CheckPropertyAccessImpl 	nsScriptSecurityManager.cpp:816
24 	libxul.so 	nsThreadManager::GetIsMainThread 	nsThreadManager.cpp:278
25 	libxul.so 	XPCWrappedNative::CallMethod 	XPCWrappedNative.cpp:2938 
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Adom%3A%3AUploadLastDir%3A%3AStoreLastUsedDirectory%28nsIDocument*%2C+nsIDOMFile*%29
Is the AsyncPromptService using XPConnect off-main-thread?
It's #10 top crasher in 24.0a1.
tracking-fennec: --- → ?
Flags: needinfo?(wjohnston)
Keywords: topcrash
Wes, passing this to you as bug 874689 is the suspected bug here.
Assignee: nobody → wjohnston
Posted patch PatchSplinter Review
I think this is only happening on multiple file picker inputs (Android doesn't support picking multiple files, so they sadly only let you pick one).
Attachment #761800 - Flags: review?
Flags: needinfo?(wjohnston)
Attachment #761800 - Flags: review? → review?(mark.finkle)
tracking-fennec: ? → 24+
Attachment #761800 - Flags: review?(mark.finkle) → review+
https://hg.mozilla.org/mozilla-central/rev/da161284668e
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
You need to log in before you can comment on or make changes to this bug.