Closed Bug 900987 Opened 12 years ago Closed 12 years ago

crash in nsScriptError::Init

Categories

(Core :: XPConnect, defect)

25 Branch
defect
Not set
blocker

Tracking

()

VERIFIED FIXED
mozilla25
Tracking Status
firefox24 --- unaffected
firefox25 + verified

People

(Reporter: scoobidiver, Assigned: Ms2ger)

References

Details

(4 keywords, Whiteboard: [startupcrash])

Crash Data

Attachments

(1 file)

It first showed up in 25.0a1/20130802 and is currently #1 top crasher in this build. The regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=05d3797276d3&tochange=76a944fa6b25 It's likely a regression from bug 897945. Signature zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*) More Reports Search UUID 8778c765-1f50-4a37-8fc6-830bb2130802 Date Processed 2013-08-02 14:55:14.659597 Uptime 56 Last Crash 58 seconds before submission Install Age 1568 since version was first installed. Install Time 2013-08-02 14:20:01 Product Firefox Version 25.0a1 Build ID 20130802030204 Release Channel nightly OS Windows NT OS Version 6.1.7601 Service Pack 1 Build Architecture x86 Build Architecture Info GenuineIntel family 6 model 58 stepping 9 | 4 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x0 App Notes AdapterVendorID: 0x1002, AdapterDeviceID: 0x683d, AdapterSubsysID: 042b1043, AdapterDriverVersion: 9.12.0.0 D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ Frame Module Signature Source 0 msvcr100.dll zzz_AsmCodeRange_Begin f:\\dd\\vctools\\crt_bld\\SELF_X86\\crt\\src\\INTEL\\strlen.asm 1 xul.dll nsDependentCString::nsDependentCString(char const *) obj-firefox/dist/include/nsTDependentString.h 2 xul.dll nsScriptError::Init(nsAString_internal const &,nsAString_internal const &,nsAString_internal const &,unsigned int,unsigned int,unsigned int,char const *) js/xpconnect/src/nsScriptError.cpp 3 xul.dll NS_InvokeByIndex xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp 4 xul.dll XPC_WN_CallMethod(JSContext *,unsigned int,JS::Value *) js/xpconnect/src/XPCWrappedNativeJSOps.cpp 5 mozjs.dll js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) js/src/vm/Interpreter.cpp 6 mozjs.dll Interpret js/src/vm/Interpreter.cpp 7 mozjs.dll js::detail::HashTable<js::HashMapEntry<js::ion::VMFunction const *,js::ion::IonCode *>,js::HashMap<js::ion::VMFunction const *,js::ion::IonCode *,js::DefaultHasher<js::ion::VMFunction const *>,js::RuntimeAllocPolicy>::MapHashPolicy,js::RuntimeAllocPolicy>::init(unsigned int) obj-firefox/dist/include/js/HashTable.h 8 mozjs.dll js::ion::IonCompartment::initialize(JSContext *) js/src/ion/Ion.cpp 9 mozjs.dll js::RunScript(JSContext *,js::RunState &) js/src/vm/Interpreter.cpp 10 mozjs.dll js::Invoke(JSContext *,JS::CallArgs,js::MaybeConstruct) js/src/vm/Interpreter.cpp 11 mozjs.dll js_fun_apply(JSContext *,unsigned int,JS::Value *) js/src/jsfun.cpp 12 xul.dll xpc::WrapperFactory::Rewrap(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<JSObject *>,unsigned int) js/xpconnect/wrappers/WrapperFactory.cpp 13 mozjs.dll JSCompartment::wrap(JSContext *,JS::MutableHandle<JS::Value>,JS::Handle<JSObject *>) js/src/jscompartment.cpp 14 mozjs.dll js::CrossCompartmentWrapper::get(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<int>,JS::MutableHandle<JS::Value>) js/src/jswrapper.cpp 15 mozjs.dll js::Proxy::get(JSContext *,JS::Handle<JSObject *>,JS::Handle<JSObject *>,JS::Handle<int>,JS::MutableHandle<JS::Value>) js/src/jsproxy.cpp 16 mozjs.dll js::ObjectImpl::nativeLookup(js::ExclusiveContext *,int) js/src/vm/ObjectImpl.cpp 17 mozjs.dll NameOperation js/src/vm/Interpreter.cpp 18 @0x1a01b5e0 More reports at: https://crash-stats.mozilla.com/report/list?product=Firefox&signature=zzz_AsmCodeRange_Begin+|+nsDependentCString%3A%3AnsDependentCString%28char+const*%29 https://crash-stats.mozilla.com/report/list?product=Firefox&signature=strlen+|+nsScriptError%3A%3AInit%28nsAString_internal+const%26%2C+nsAString_internal+const%26%2C+nsAString_internal+const%26%2C+unsigned+int%2C+unsigned+int%2C+unsigned+int%2C+char+const*%29
Crash Signature: [@ zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*)] → [@ zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*)] [@ strlen | nsScriptError::Init(nsAString_internal const&, nsAString_internal const&, nsAString_internal const&, unsigned int, unsigned int, unsigned int, char const*)]
Assignee: nobody → Ms2ger
Steps To Reproduce: 1. Install https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/ and Restart brower 2. Install the following GM script // ==UserScript== // @name CrashTest // @namespace http://www.yahoo.com // @description Crash test // @include http://www.yahoo.com/* // @grant none // @version 1 // ==/UserScript== GM_log("crash", 1); 3. Open http://www.yahoo.com/ Actual Results: Crash
Keywords: reproducible
Crash Signature: [@ zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*)] [@ strlen | nsScriptError::Init(nsAString_internal const&, nsAString_internal const&, nsAString_internal const&, unsigned int, unsigned int, unsigned int, char const*)] → [@ zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*)] [@ strlen | nsScriptError::Init(nsAString_internal const&, nsAString_internal const&, nsAString_internal const&, unsigned int, unsigned int, unsigned int, char const*)] [@ …
OS: Windows 7 → All
There are currently 1378 crashes so either fix it before the merge or backout bug 897945's patch.
Severity: critical → blocker
Attached patch Patch v1Splinter Review
Attachment #785359 - Flags: review?(bobbyholley+bmo)
I managed to trigger the bug when running this Userscript on Youtube: http://pastebin.com/Y6KEhapM
Crash Signature: , char const*)] [@ nsScriptError::Init(nsAString_internal const&, nsAString_internal const&, nsAString_internal const&, unsigned int, unsigned int, unsigned int, char const*) ] [@ libsystem_c.dylib@0x26b0 ] → , char const*)] [@ nsScriptError::Init(nsAString_internal const&, nsAString_internal const&, nsAString_internal const&, unsigned int, unsigned int, unsigned int, char const*) ] [@ libsystem_c.dylib@0x26b0 ] [@ libsystem_c.dylib@0xa24f0 ]
Signature [@ zzz_AsmCodeRange_Begin | nsDependentCString::nsDependentCString(char const*) ] recent reports: https://crash-stats.mozilla.com/report/index/3226a945-6b2a-4643-8fe6-8dcaa2130804 https://crash-stats.mozilla.com/report/index/c766057e-d709-4599-9e8f-85ac02130804 bug between Firefox 25.0a1 and script "userscripts updater" Greasemonkey (XP et Vista) Manual removal of the script "userscripts updater" or disable Greasemonkey through safe mode .... prevent new crashes !
Attachment #785359 - Flags: review?(bobbyholley+bmo) → review+
Keywords: regression
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla25
Keywords: verifyme
WFM following STR from Comment 1. In addition there are no more crashes in FF25 or later versions vis Soccoro. BuildID: 20130908004001
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: