Closed
Bug 896900
Opened 11 years ago
Closed 11 years ago
crash in nsXBLBinding::DoInitJSClass @ js::CompartmentChecker::fail
Categories
(Core :: XBL, defect)
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox24 | --- | unaffected |
| firefox25 | + | unaffected |
People
(Reporter: scoobidiver, Unassigned)
References
Details
(5 keywords, Whiteboard: [firebug-p1])
Crash Data
With the stack trace below, it first showed up in 25.0a1/20130715100109 and spiked in 25.0a1/20130720. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=18467a85acf6&tochange=5e191a26d909 Signature js::CompartmentChecker::fail(JSCompartment*, JSCompartment*) More Reports Search UUID 3c5051b7-80e4-45a5-9ba8-d4dd92130722 Date Processed 2013-07-22 23:53:21.118831 Uptime 7545 Last Crash 27335820 seconds before submission Install Age 16679 since version was first installed. Install Time 2013-07-22 19:15:23 Product Firefox Version 25.0a1 Build ID 20130722030226 Release Channel nightly OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 42 stepping 7 | 4 Crash Reason EXCEPTION_BREAKPOINT Crash Address 0x611b8c19 App Notes AdapterVendorID: 0x1002, AdapterDeviceID: 0x6779, AdapterSubsysID: 00000000, AdapterDriverVersion: 8.812.0.0 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ Frame Module Signature Source 0 mozjs.dll js::CompartmentChecker::fail(JSCompartment *,JSCompartment *) js/src/jscntxtinlines.h 1 mozjs.dll JS_GetObjectId(JSContext *,JSObject *,int *) js/src/jsapi.cpp 2 xul.dll nsXBLBinding::DoInitJSClass(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,nsCString const &,nsXBLPrototypeBinding *,JS::MutableHandle<JSObject *>,bool *) content/xbl/src/nsXBLBinding.cpp 3 xul.dll nsXBLProtoImpl::InitTargetObjects(nsXBLPrototypeBinding *,nsIScriptContext *,nsIContent *,nsIXPConnectJSObjectHolder * *,JS::MutableHandle<JSObject *>,bool *) content/xbl/src/nsXBLProtoImpl.cpp 4 xul.dll nsXBLProtoImpl::InstallImplementation(nsXBLPrototypeBinding *,nsXBLBinding *) content/xbl/src/nsXBLProtoImpl.cpp 5 xul.dll nsXBLBinding::InstallImplementation() content/xbl/src/nsXBLBinding.cpp 6 xul.dll nsXBLService::LoadBindings(nsIContent *,nsIURI *,nsIPrincipal *,nsXBLBinding * *,bool *) content/xbl/src/nsXBLService.cpp 7 xul.dll nsCSSFrameConstructor::AddFrameConstructionItemsInternal(nsFrameConstructorState &,nsIContent *,nsIFrame *,nsIAtom *,int,bool,nsStyleContext *,unsigned int,nsCSSFrameConstructor::FrameConstructionItemList &) layout/base/nsCSSFrameConstructor.cpp 8 xul.dll nsCSSFrameConstructor::AddFrameConstructionItems(nsFrameConstructorState &,nsIContent *,bool,nsIFrame *,nsCSSFrameConstructor::FrameConstructionItemList &) layout/base/nsCSSFrameConstructor.cpp 9 xul.dll nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState &,nsIContent *,nsStyleContext *,nsIFrame *,bool,nsFrameItems &,bool,PendingBinding *,nsIFrame *) layout/base/nsCSSFrameConstructor.cpp 10 xul.dll nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem &,nsFrameConstructorState &,nsIFrame *,nsFrameItems &) layout/base/nsCSSFrameConstructor.cpp 11 xul.dll nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState &,nsCSSFrameConstructor::FrameConstructionItemList::Iterator &,nsIFrame *,nsFrameItems &) layout/base/nsCSSFrameConstructor.cpp 12 xul.dll nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState &,nsCSSFrameConstructor::FrameConstructionItemList &,nsIFrame *,nsFrameItems &) layout/base/nsCSSFrameConstructor.cpp 13 xul.dll nsCSSFrameConstructor::ContentRangeInserted(nsIContent *,nsIContent *,nsIContent *,nsILayoutHistoryState *,bool) layout/base/nsCSSFrameConstructor.cpp 14 xul.dll nsCSSFrameConstructor::ContentInserted(nsIContent *,nsIContent *,nsILayoutHistoryState *,bool) layout/base/nsCSSFrameConstructor.cpp 15 xul.dll nsCSSFrameConstructor::IssueSingleInsertNofications(nsIContent *,nsIContent *,nsIContent *,bool) layout/base/nsCSSFrameConstructor.cpp 16 xul.dll nsCSSFrameConstructor::GetRangeInsertionPoint(nsIContent *,nsIContent *,nsIContent *,bool) layout/base/nsCSSFrameConstructor.cpp 17 xul.dll nsCSSFrameConstructor::ContentAppended(nsIContent *,nsIContent *,bool) layout/base/nsCSSFrameConstructor.cpp 18 xul.dll PresShell::ContentAppended(nsIDocument *,nsIContent *,nsIContent *,int) layout/base/nsPresShell.cpp 19 xul.dll nsNodeUtils::ContentAppended(nsIContent *,nsIContent *,int) content/base/src/nsNodeUtils.cpp 20 xul.dll nsINode::doInsertChildAt(nsIContent *,unsigned int,bool,nsAttrAndChildArray &) content/base/src/nsINode.cpp 21 xul.dll mozilla::dom::FragmentOrElement::InsertChildAt(nsIContent *,unsigned int,bool) content/base/src/FragmentOrElement.cpp 22 xul.dll nsINode::ReplaceOrInsertBefore(bool,nsINode *,nsINode *,mozilla::ErrorResult &) content/base/src/nsINode.cpp ... More reports at: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=js%3A%3ACompartmentChecker%3A%3Afail%28JSCompartment*%2C+JSCompartment*%29
|
||
Updated•11 years ago
|
Depends on: 893527, CVE-2013-1730
|
||
Updated•11 years ago
|
Whiteboard: [firebug-p1]
|
|
||
Comment 2•11 years ago
|
||
Scoobidiver, how many of these crashes are for people with Firebug installed? The one comment I see mentions Firebug.
|
Reporter | |
Comment 3•11 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #2) > Scoobidiver, how many of these crashes are for people with Firebug > installed? The one comment I see mentions Firebug. Here are correlations from July 23: 100% (17/17) vs. 7% (124/1798) firebug@software.joehewitt.com (Firebug, https://addons.mozilla.org/addon/1843)
|
||
Comment 4•11 years ago
|
||
== Bug 821733 comment 28 from Jan Honza Odvarko == Here is another STR I found yesterday: 1) Install Firebug 1.12 beta 4 + Firefox Nightly https://getfirebug.com/releases/firebug/1.12/firebug-1.12.0b4.xpi 2) Open any page e.g. www.google.com 3) Open Firebug UI (F12) 4) Click the Firebug (menu) icon available at the Firebug toolbar (the first toolbar button) -> CRASH https://crash-stats.mozilla.com/report/index/01dbc791-168c-4d54-8e74-ea1fb2130723
|
|
||
Comment 5•11 years ago
|
||
(In reply to Jesse Ruderman from comment #4) > == Bug 821733 comment 28 from Jan Honza Odvarko == Yeah, I filed that as bug 897043.
|
|
||
Comment 6•11 years ago
|
||
Marking sec-high because it requires an addon, but it seems to happen a lot.
Keywords: sec-high
|
||
Comment 7•11 years ago
|
||
I haven't investigated this yet but it's very likely that this is going to be fixed by the fix for bug 897386.
|
||
Updated•11 years ago
|
|
|
||
Comment 8•11 years ago
|
||
I think this got fixed in one of the other bugs blocking this one, so I'm going to close this.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
|
|
Reporter | |
Updated•11 years ago
|
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
||
Updated•7 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•