Closed
Bug 879856
Opened 12 years ago
Closed 12 years ago
[debug][spew] ###!!! ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0', file ../../dist/include/nsAutoPtr.h, line 1022
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(blocking-b2g:leo+, firefox24 unaffected, b2g18 fixed, b2g18-v1.0.0 wontfix, b2g18-v1.0.1 wontfix, b2g-v1.1hd affected)
| Tracking | Status | |
|---|---|---|
| firefox24 | --- | unaffected |
| b2g18 | --- | fixed |
| b2g18-v1.0.0 | --- | wontfix |
| b2g18-v1.0.1 | --- | wontfix |
| b2g-v1.1hd | --- | affected |
People
(Reporter: mikeh, Assigned: hsinyi)
References
Details
(Keywords: regression)
Attachments
(1 file, 1 obsolete file)
|
1.22 KB,
patch
|
Details | Diff | Splinter Review |
Observed on an Inari DEBUG build:
- gecko: b2g18:09dc1ae3b1b5
- gaia: v1.0.1:37b6527c3f73a497f75d057e90386f77ff5a552b
The following line appears in large clumps, periodically, in the logcat output:
06-05 13:03:53.030 111 225 I Gecko : [Parent 111] ###!!! ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0', file ../../dist/include/nsAutoPtr.h, line 1022
Even after taking the file to file this and bug 879854, logcat continues to show this in the output/.
|
Reporter | |
Updated•12 years ago
|
Summary: ###!!! ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0', file ../../dist/include/nsAutoPtr.h, line 1022 → [debug][spew] ###!!! ASSERTION: You can't dereference a NULL nsRefPtr with operator->().: 'mRawPtr != 0', file ../../dist/include/nsAutoPtr.h, line 1022
|
|
Reporter | |
Comment 1•12 years ago
|
||
(In reply to Mike Habicher [:mikeh] from comment #0)
>
> Even after taking the file to file this and bug 879854, logcat continues to
> show this in the output/.
Even after taking the TIME to file this bug....
|
|
Reporter | |
Comment 2•12 years ago
|
||
Added a MOZ_ASSERT() after the NS_PRECONDITION() macro to catch the backtrace in gdb:
list
1018
1019 T*
1020 operator->() const
1021 {
1022 NS_PRECONDITION(mRawPtr != 0, "You can't dereference a NULL nsRefPtr with operator->().");
1023 MOZ_ASSERT(mRawPtr != 0);
1024 return get();
1025 }
1026
1027 // This operator is needed for gcc <= 4.0.* and for Sun Studio; it
(gdb) bt
#0 0x4140789a in nsRefPtr<mozilla::dom::telephony::TelephonyCall>::operator-> (that=<value optimized out>, p=<value optimized out>, cb=...) at ../../dist/include/nsAutoPtr.h:1023
#1 mozilla::dom::telephony::CallEvent::cycleCollection::TraverseImpl (that=<value optimized out>, p=<value optimized out>, cb=...) at /home/mikeh/dev/mozilla/m-c/b2g18/dom/telephony/CallEvent.cpp:33
#2 0x419fa51a in nsCycleCollectionParticipant::Traverse (this=0x40455050, removeChildlessNodes=true) at ../../dist/include/nsCycleCollectionParticipant.h:254
#3 MayHaveChild (this=0x40455050, removeChildlessNodes=true) at /home/mikeh/dev/mozilla/m-c/b2g18/xpcom/base/nsCycleCollector.cpp:2062
#4 nsPurpleBuffer::RemoveSkippable (this=0x40455050, removeChildlessNodes=true) at /home/mikeh/dev/mozilla/m-c/b2g18/xpcom/base/nsCycleCollector.cpp:2081
#5 0x419fb468 in nsCycleCollector::ForgetSkippable (this=0x40455000, removeChildlessNodes=true) at /home/mikeh/dev/mozilla/m-c/b2g18/xpcom/base/nsCycleCollector.cpp:2106
#6 0x419fb4a6 in nsCycleCollector_forgetSkippable (aRemoveChildlessNodes=true) at /home/mikeh/dev/mozilla/m-c/b2g18/xpcom/base/nsCycleCollector.cpp:3228
#7 0x411cc384 in FireForgetSkippable (aSuspected=1017, aRemoveChildless=true) at /home/mikeh/dev/mozilla/m-c/b2g18/dom/base/nsJSEnvironment.cpp:3141
#8 0x411d18f8 in CCTimerFired (aTimer=<value optimized out>, aClosure=<value optimized out>) at /home/mikeh/dev/mozilla/m-c/b2g18/dom/base/nsJSEnvironment.cpp:3382
#9 0x419f0ea2 in nsTimerImpl::Fire (this=0x4923ad80) at /home/mikeh/dev/mozilla/m-c/b2g18/xpcom/threads/nsTimerImpl.cpp:473
#10 0x419f109a in nsTimerEvent::Run (this=0x4044c3e0) at /home/mikeh/dev/mozilla/m-c/b2g18/xpcom/threads/nsTimerImpl.cpp:556
#11 0x419ece3e in nsThread::ProcessNextEvent (this=0x404c78d0, mayWait=<value optimized out>, result=0xbecbf6ff) at /home/mikeh/dev/mozilla/m-c/b2g18/xpcom/threads/nsThread.cpp:620
#12 0x419b4410 in NS_ProcessNextEvent_P (thread=0x55, mayWait=false) at /home/mikeh/dev/mozilla/btg024/objdir-gecko-b2g18-debug/xpcom/build/nsThreadUtils.cpp:237
#13 0x41823122 in mozilla::ipc::MessagePump::Run (this=0x404c5490, aDelegate=0x404e90c0) at /home/mikeh/dev/mozilla/m-c/b2g18/ipc/glue/MessagePump.cpp:82
#14 0x41a2369e in MessageLoop::RunInternal (this=0x404e90c0) at /home/mikeh/dev/mozilla/m-c/b2g18/ipc/chromium/src/base/message_loop.cc:219
#15 0x41a236fe in MessageLoop::RunHandler (this=0x404e90c0) at /home/mikeh/dev/mozilla/m-c/b2g18/ipc/chromium/src/base/message_loop.cc:212
#16 MessageLoop::Run (this=0x404e90c0) at /home/mikeh/dev/mozilla/m-c/b2g18/ipc/chromium/src/base/message_loop.cc:186
#17 0x4175960e in nsBaseAppShell::Run (this=0x42b0e820) at /home/mikeh/dev/mozilla/m-c/b2g18/widget/xpwidgets/nsBaseAppShell.cpp:163
#18 0x41653646 in nsAppStartup::Run (this=0x42bb01f0) at /home/mikeh/dev/mozilla/m-c/b2g18/toolkit/components/startup/nsAppStartup.cpp:290
#19 0x40c4b5e6 in XREMain::XRE_mainRun (this=0xbecbf994) at /home/mikeh/dev/mozilla/m-c/b2g18/toolkit/xre/nsAppRunner.cpp:3794
#20 0x40c4dccc in XREMain::XRE_main (this=0xbecbf994, argc=<value optimized out>, argv=0xbecc1b94, aAppData=0x21170) at /home/mikeh/dev/mozilla/m-c/b2g18/toolkit/xre/nsAppRunner.cpp:3860
#21 0x40c4de7a in XRE_main (argc=1, argv=0xbecc1b94, aAppData=0x21170, aFlags=<value optimized out>) at /home/mikeh/dev/mozilla/m-c/b2g18/toolkit/xre/nsAppRunner.cpp:3935
#22 0x00009b12 in do_main (argc=1, argv=0xbecc1b94) at /home/mikeh/dev/mozilla/m-c/b2g18/b2g/app/nsBrowserApp.cpp:168
#23 main (argc=1, argv=0xbecc1b94) at /home/mikeh/dev/mozilla/m-c/b2g18/b2g/app/nsBrowserApp.cpp:261
This is a regression from bug 823958.
We need to null-check tmp->mCall here before traversing:
http://mxr.mozilla.org/mozilla-b2g18/source/dom/telephony/CallEvent.cpp#33
Blocks: 823958
|
|
Reporter | |
Updated•12 years ago
|
Keywords: regression
|
Assignee | |
Comment 4•12 years ago
|
||
(In reply to ben turner [:bent] from comment #3)
> This is a regression from bug 823958.
>
> We need to null-check tmp->mCall here before traversing:
>
> http://mxr.mozilla.org/mozilla-b2g18/source/dom/telephony/CallEvent.cpp#33
Sorry, my bad, and thanks for the catch.
|
|
Assignee | |
Comment 5•12 years ago
|
||
Comment #3 addressed. Thanks.
Attachment #759006 -
Flags: review?(bent.mozilla)
Comment on attachment 759006 [details] [diff] [review]
null-check tmp->mCall before traversing
Looks good!
Attachment #759006 -
Flags: review?(bent.mozilla) → review+
|
|
Assignee | |
Comment 7•12 years ago
|
||
This should be leo+ since it's a regression of a leo+ bug. And this issue happens on b2g-18 only (no m-c). Nominate it again.
|
||
Comment 8•12 years ago
|
||
Blocking so it can be uplifted to fix regression from leo+ bug.
blocking-b2g: leo? → leo+
tracking-b2g18:
? → ---
|
|
Assignee | |
Comment 9•12 years ago
|
||
|
|
Assignee | |
Comment 10•12 years ago
|
||
Comment on attachment 760716 [details] [diff] [review]
b2g18 patch, no need to land on m-c
This bug happens on b2g18 only, as no CallEvent.cpp exits in m-c anymore. We shall not follow the normal landing procedure here. Could you please help land this on b2g18 directly, RyanVM? Thank you.
Attachment #760716 -
Attachment description: b2g18 patch → b2g18 patch, no need to land on m-c
|
|
Assignee | |
Updated•12 years ago
|
Keywords: checkin-needed
|
|
Assignee | |
Updated•12 years ago
|
Attachment #759006 -
Attachment is obsolete: true
|
||
Comment 11•12 years ago
|
||
Assignee: nobody → htsai
Status: NEW → RESOLVED
Closed: 12 years ago
status-b2g18-v1.0.0:
--- → wontfix
status-b2g18-v1.0.1:
--- → wontfix
status-b2g-v1.1hd:
--- → affected
status-firefox24:
--- → unaffected
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → 1.1 QE3
|
||
Updated•12 years ago
|
Flags: in-moztrap-
You need to log in
before you can comment on or make changes to this bug.
Description
•