Closed
Bug 882164
Opened 11 years ago
Closed 11 years ago
startup crash in nsHTMLDocument::GetAll @ js::CompartmentChecker::fail with Client-Side Adaptations Tool or McAfee Site Advisor
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
VERIFIED
FIXED
mozilla24
| Tracking | Status | |
|---|---|---|
| firefox23 | --- | unaffected |
| firefox24 | + | verified |
| firefox-esr17 | --- | unaffected |
| b2g18 | --- | unaffected |
People
(Reporter: scoobidiver, Assigned: Ms2ger)
References
Details
(5 keywords, Whiteboard: [startupcrash])
Crash Data
Attachments
(1 file)
|
928 bytes,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
It seems to be a regression in 24.0a1/20130612 according to startup crashes in crash stats. There are many startup crashes with McAfee Site Advisor. STR: 1. Install https://www.dropbox.com/s/c36to2gyoo4ulbo/cs-adaptation@lifia.xpi 2. Restart -> Patatra The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=86413e921d5d&tochange=0414d6d0f60d It's likely a regression from bug 877277. Signature js::CompartmentChecker::fail(JSCompartment*, JSCompartment*) More Reports Search UUID e82462cb-4075-4748-a0e7-be1602130612 Date Processed 2013-06-12 15:18:20 Uptime 4 Last Crash 1.7 days before submission Install Age 11.8 minutes since version was first installed. Install Time 2013-06-12 15:06:54 Product Firefox Version 24.0a1 Build ID 20130612031138 Release Channel nightly OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 23 stepping 10 Crash Reason EXCEPTION_BREAKPOINT Crash Address 0x69b01b33 App Notes AdapterVendorID: 0x8086, AdapterDeviceID: 0x2a42, AdapterSubsysID: 02961025, AdapterDriverVersion: 8.15.10.2869 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ Processor Notes sp-processor05_phx1_mozilla_com_3890:2012 EMCheckCompatibility True Adapter Vendor ID 0x8086 Adapter Device ID 0x2a42 Total Virtual Memory 4294836224 Available Virtual Memory 3937624064 System Memory Use Percentage 61 Available Page File 5804310528 Available Physical Memory 1612771328 Frame Module Signature Source 0 mozjs.dll js::CompartmentChecker::fail js/src/jscntxtinlines.h:165 1 mozjs.dll JS_GetGlobalForObject js/src/jsapi.cpp:2244 2 xul.dll nsHTMLDocument::GetAll content/html/document/src/nsHTMLDocument.cpp:2728 3 xul.dll mozilla::dom::HTMLDocumentBinding::get_all obj-firefox/dom/bindings/HTMLDocumentBinding.cpp:1297 4 xul.dll mozilla::dom::HTMLDocumentBinding::genericGetter obj-firefox/dom/bindings/HTMLDocumentBinding.cpp:1443 5 mozjs.dll js::Invoke js/src/vm/Interpreter.cpp:434 6 mozjs.dll js::BaseProxyHandler::get js/src/jsproxy.cpp:159 7 xul.dll xpc::XrayWrapper<js::CrossCompartmentWrapper,xpc::DOMXrayTraits>::get js/xpconnect/wrappers/XrayWrapper.cpp:1821 8 mozjs.dll js::Proxy::get js/src/jsproxy.cpp:2478 9 mozjs.dll proxy_GetGeneric js/src/jsproxy.cpp:2816 10 mozjs.dll JSObject::getGeneric js/src/jsobjinlines.h:158 11 mozjs.dll JSObject::getProperty js/src/jsobjinlines.h:182 12 mozjs.dll js::ion::TryAttachScopeNameStub js/src/ion/BaselineIC.cpp:4894 13 @0x9063be4 14 @0xffffff82 More reports at: https://crash-stats.mozilla.com/report/list?signature=js%3A%3ACompartmentChecker%3A%3Afail%28JSCompartment*%2C+JSCompartment*%29
|
Assignee | |
Comment 1•11 years ago
|
||
Does this need anything else than a JSAutoCompartment?
Assignee: nobody → Ms2ger
|
||
Comment 2•11 years ago
|
||
No.
|
|
Assignee | |
Comment 3•11 years ago
|
||
Sounds like I can do it, then.
Attachment #761607 -
Flags: review?(bugs)
|
|
||
Comment 4•11 years ago
|
||
Comment on attachment 761607 [details] [diff] [review] Patch v1 r=me
Attachment #761607 -
Flags: review?(bugs) → review+
|
|
Assignee | |
Comment 5•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/f850d84e4bb5 This should probably have a test, but I guess it needs to be something with frames or something... I'll look later.
Status: NEW → ASSIGNED
Flags: in-testsuite?
OS: Windows 7 → All
Hardware: x86 → All
|
|
||
Comment 6•11 years ago
|
||
Doing document.all on an Xray is the right way to trigger this.
|
|
||
Comment 7•11 years ago
|
||
Tough actually, getting the document.all getter from one window and doing a .call() on a document from another window will in fact work too.
|
Reporter | |
Comment 8•11 years ago
|
||
There are 341 crashes in today's build.
tracking-firefox24:
--- → ?
Keywords: reproducible,
topcrash
|
||
Comment 9•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/f850d84e4bb5 (In reply to :Ms2ger from comment #5) > This should probably have a test, but I guess it needs to be something with > frames or something... I'll look later.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Flags: needinfo?(Ms2ger)
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
|
||
Updated•11 years ago
|
|
||
Updated•11 years ago
|
|
||
Comment 10•11 years ago
|
||
Reproduced on nightly 2013-06-12. Verified fixed FF 24b8, 26.0a1 (2013-09-02) Win 7.
Status: RESOLVED → VERIFIED
|
|
||
Updated•10 years ago
|
Flags: needinfo?(Ms2ger)
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•