Closed Bug 889885 Opened 9 years ago Closed 9 years ago

crash in mozilla::psm::NotifyObserverRunnable::~NotifyObserverRunnable @ nsXPCWrappedJS::Release


(Core :: Security, defect)

Not set



Tracking Status
firefox24 --- fixed
firefox25 --- fixed


(Reporter: scoobidiver, Assigned: jdm)



(Keywords: crash, Whiteboard: [native-crash])

Crash Data


(1 file)

There's one crash in 25.0a1/20130703.

Signature 	nsXPCWrappedJS::Release() More Reports Search
UUID 	ecd4cb41-b720-4b34-86b5-8ccc62130703
Date Processed	2013-07-03 14:22:21.169970
Uptime	100
Install Age 	100 since version was first installed.
Install Time 	2013-07-03 14:18:56
Product 	FennecAndroid
Version 	25.0a1
Build ID 	20130703031323
Release Channel 	nightly
OS 	Android
OS Version 	0.0.0 Linux 3.1.10-g05b777c #1 SMP PREEMPT Thu Nov 29 10:35:37 PST 2012 armv7l google/nakasi/grouper
Build Architecture 	arm
Build Architecture Info 	ARMv0 | None
Crash Reason 	SIGSEGV
Crash Address 	0x0
App Notes 	
AdapterDescription: 'NVIDIA Corporation -- NVIDIA Tegra 3 -- OpenGL ES 2.0 14.01002 -- Model: Nexus 7, Product: nakasi, Manufacturer: asus, Hardware: grouper'
GL Layers! EGL? EGL+ GL Context? GL Context+ GL Layers+ 
asus Nexus 7
Adapter Vendor ID 	NVIDIA Corporation
Adapter Device ID 	NVIDIA Tegra 3
Android CPU ABI 	armeabi-v7a
Android Manufacturer 	asus
Android Model 	Nexus 7
Android Version 	17 (REL)

Frame 	Module 	Signature 	Source
0 	nsXPCWrappedJS::Release() 	js/xpconnect/src/XPCWrappedJS.cpp
1 	GrGLProgramStage::name() const 	gfx/skia/src/gpu/gl/GrGLProgramStage.h
2 	mozilla::RefPtr<mozilla::psm::TransportSecurityInfo>::~RefPtr() 	
3 	mozilla::psm::NotifyObserverRunnable::~NotifyObserverRunnable() 	obj-firefox/dist/include/nsCOMPtr.h
4 	mozilla::psm::NotifyObserverRunnable::~NotifyObserverRunnable() 	security/manager/ssl/src/PSMRunnable.h
5 	PipUIContext::Release() 	security/manager/ssl/src/nsNSSComponent.cpp
6 	mozilla::RefPtr<mozilla::psm::TransportSecurityInfo>::~RefPtr() 	
7 	nsKeygenThread::Run() 	obj-firefox/dist/include/nsCOMPtr.h
8 	_pt_root 	nsprpub/pr/src/pthreads/ptthread.c
9 	__thread_entry 	
10 	pthread_create

More reports at:

We can reach a point in nsKeygenThread::Run where statusDialogClosed is false and mNotifyObserver is non-null, causing us to null out mNotifyObserver and release a JS-implemented observer ( off the main thread. mNotifyObserver needs to be an nsMainThreadPtrHandle in order to avoid this.
Assignee: nobody → josh
Attachment #770964 - Flags: review?(brian) → review+
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla25
Comment on attachment 770964 [details] [diff] [review]
Avoid releasing scripted observers from PSM off the main thread.

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 770840
User impact if declined: Occasional crashes.
Testing completed (on m-c, etc.): m-c
Risk to taking this patch (and alternatives if risky): None.
String or IDL/UUID changes made by this patch: None.
Attachment #770964 - Flags: approval-mozilla-aurora?
Comment on attachment 770964 [details] [diff] [review]
Avoid releasing scripted observers from PSM off the main thread.

Low risk patch that helps avoid occasional crashes.
Attachment #770964 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.