981416 - [B2G] Main process crash on sending of MMS with attached picture

Status: RESOLVED DUPLICATE of bug 981202

(Core :: JavaScript Engine, defect)

Description

[:gerard-majax]

On builds since saturday for my Nexus S and Desire Z devices, sending a MMS crashes the main process.

STR:
 0. Open the Messages app
 1. Tap the attach button
 2. Select gallery or photo, reproduces with both
 3. Pick a picture or take one
 4. Image is correctly attached as MMS, resized and visible
 5. Tap the send button

Expected:
 MMS is sent

Actual:
 Main B2G process crashes

I plugged GDB and got the following backtrace:

Program received signal SIGSEGV, Segmentation fault.
js::NewObjectWithClassProtoCommon (cxArg=0x40322270, clasp=0x42251a6c, protoArg=<value optimized out>, parentArg=0x0, allocKind=js::gc::FINALIZE_OBJECT0_BACKGROUND, newKind=js::GenericObject)
    at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/js/src/jsobj.cpp:1382
1382	        parentArg = cxArg->global();
(gdb) bt
#0  js::NewObjectWithClassProtoCommon (cxArg=0x40322270, clasp=0x42251a6c, protoArg=<value optimized out>, parentArg=0x0, allocKind=js::gc::FINALIZE_OBJECT0_BACKGROUND, newKind=js::GenericObject)
    at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/js/src/jsobj.cpp:1382
#1  0x41ab56c2 in NewObjectWithClassProto (cx=0x40322270, jsclasp=0x42251a6c, proto=<value optimized out>, parent=<value optimized out>)
    at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/js/src/jsobjinlines.h:906
#2  NewObjectWithClassProto (cx=0x40322270, jsclasp=0x42251a6c, proto=<value optimized out>, parent=<value optimized out>) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/js/src/jsobjinlines.h:914
#3  JS_NewObject (cx=0x40322270, jsclasp=0x42251a6c, proto=<value optimized out>, parent=<value optimized out>) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/js/src/jsapi.cpp:2572
#4  0x4126aa4a in GetParamsFromSendMmsMessageRequest (this=<value optimized out>, aRequest=...) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/dom/mobilemessage/src/ipc/SmsParent.cpp:81
#5  mozilla::dom::mobilemessage::SmsRequestParent::DoRequest (this=<value optimized out>, aRequest=...) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/dom/mobilemessage/src/ipc/SmsParent.cpp:483
#6  0x4126ad1a in mozilla::dom::mobilemessage::SmsParent::RecvPSmsRequestConstructor (this=<value optimized out>, aActor=0x40322270, aRequest=...)
    at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/dom/mobilemessage/src/ipc/SmsParent.cpp:374
#7  0x40d6bf8a in mozilla::dom::mobilemessage::PSmsParent::OnMessageReceived (this=0x4537f980, __msg=<value optimized out>)
    at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/objdir-gecko/ipc/ipdl/PSmsParent.cpp:523
#8  0x40d134fe in mozilla::dom::PContentParent::OnMessageReceived (this=0x43436800, __msg=...) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/objdir-gecko/ipc/ipdl/PContentParent.cpp:2013
#9  0x40cd697e in mozilla::ipc::MessageChannel::DispatchAsyncMessage (this=0x43436830, aMsg=...) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/ipc/glue/MessageChannel.cpp:1142
#10 0x40cd85b2 in mozilla::ipc::MessageChannel::DispatchMessage (this=0x43436830, aMsg=...) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/ipc/glue/MessageChannel.cpp:1056
#11 0x40cd864a in mozilla::ipc::MessageChannel::OnMaybeDequeueOne (this=<value optimized out>) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/ipc/glue/MessageChannel.cpp:1039
#12 0x40cd66f6 in DispatchToMethod<mozilla::ipc::MessageChannel, void (mozilla::ipc::MessageChannel::*)()> (this=<value optimized out>)
    at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/ipc/chromium/src/base/tuple.h:383
#13 RunnableMethod<mozilla::ipc::MessageChannel, void (mozilla::ipc::MessageChannel::*)(), Tuple0>::Run (this=<value optimized out>)
    at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/ipc/chromium/src/base/task.h:307
#14 0x40cd6618 in mozilla::ipc::MessageChannel::RefCountedTask::Run (this=<value optimized out>) at ../../dist/include/mozilla/ipc/MessageChannel.h:383
#15 mozilla::ipc::MessageChannel::DequeueTask::Run (this=<value optimized out>) at ../../dist/include/mozilla/ipc/MessageChannel.h:400
#16 0x40ccd9d4 in MessageLoop::RunTask (this=0x403411a0, task=0xbee2e70c) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/ipc/chromium/src/base/message_loop.cc:344
#17 0x40cce772 in MessageLoop::DeferOrRunPendingTask (this=0x43436830, pending_task=<value optimized out>) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/ipc/chromium/src/base/message_loop.cc:352
#18 0x40ccf330 in MessageLoop::DoWork (this=0x403411a0) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/ipc/chromium/src/base/message_loop.cc:452
#19 0x40cd9bce in mozilla::ipc::DoWorkRunnable::Run (this=<value optimized out>) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/ipc/glue/MessagePump.cpp:228
#20 0x40ba044c in nsThread::ProcessNextEvent (this=0x403024e0, mayWait=false, result=0xbee2e7ff) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/xpcom/threads/nsThread.cpp:643
#21 0x40b7051c in NS_ProcessNextEvent (thread=0x43436830, mayWait=false) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/xpcom/glue/nsThreadUtils.cpp:263
#22 0x40cd9c78 in mozilla::ipc::MessagePump::Run (this=0x40301d60, aDelegate=0x403411a0) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/ipc/glue/MessagePump.cpp:95
#23 0x40ccd998 in MessageLoop::RunInternal (this=0x1000000) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/ipc/chromium/src/base/message_loop.cc:226
#24 0x40ccda16 in MessageLoop::RunHandler (this=0x403411a0) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/ipc/chromium/src/base/message_loop.cc:219
#25 MessageLoop::Run (this=0x403411a0) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/ipc/chromium/src/base/message_loop.cc:193
#26 0x41155f54 in nsBaseAppShell::Run (this=0x442d5ca0) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/widget/xpwidgets/nsBaseAppShell.cpp:164
#27 0x417a289c in nsAppStartup::Run (this=0x43de67f0) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/toolkit/components/startup/nsAppStartup.cpp:276
#28 0x4177ad14 in XREMain::XRE_mainRun (this=0xbee2ea34) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/toolkit/xre/nsAppRunner.cpp:4008
#29 0x4177d698 in XREMain::XRE_main (this=0xbee2ea34, argc=<value optimized out>, argv=<value optimized out>, aAppData=0x24804)
    at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/toolkit/xre/nsAppRunner.cpp:4075
#30 0x4177d804 in XRE_main (argc=1, argv=0xbee30c14, aAppData=0x24804, aFlags=<value optimized out>) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/toolkit/xre/nsAppRunner.cpp:4285
#31 0x00009ace in do_main (argc=1, argv=0xbee30c14) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/b2g/app/nsBrowserApp.cpp:163
#32 main (argc=1, argv=0xbee30c14) at /home/alex/codaz/Mozilla/b2g/devices/NexusS/B2G/gecko/b2g/app/nsBrowserApp.cpp:256