Closed
Bug 320256
Opened 19 years ago
Closed 15 years ago
crash [@ js_AllocStack - js_InternalInvoke] access violation (jsinterp.c line 390)
Categories
(Core :: DOM: Events, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: tonymec, Unassigned)
Details
(Keywords: crash)
Crash Data
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051213 Firefox/1.5
Build Identifier: branch 1.5 (Gecko 1.8) build 2005120103
TB12498125Z
Reproducible: Didn't try
Steps to Reproduce:
Actual Results:
crash
Expected Results:
no crash
Stack Signature js_AllocStack 3e09427b
Product ID Firefox15
Build ID 2005120103
Trigger Time 2005-12-01 22:10:39.0
Platform Win32
Operating System Windows NT 5.1 build 2600
Module js3250.dll + (0001e54c)
URL visited
User Comments
Since Last Crash 6260 sec
Total Uptime 6260 sec
Trigger Reason Access violation
Source File, Line No. c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 390
Stack Trace
js_AllocStack [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 390]
js_InternalInvoke [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1263]
JS_CallFunctionValue [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/js/src/jsapi.c, line 4158]
nsJSContext::CallEventHandler [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1411]
nsJSEventListener::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/dom/src/events/nsJSEventListener.cpp, line 195]
nsXBLPrototypeHandler::ExecuteHandler [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp, line 505]
nsXBLEventHandler::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/xbl/src/nsXBLEventHandler.cpp, line 86]
nsEventListenerManager::HandleEventSubType [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1685]
nsEventListenerManager::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1786]
nsXULElement::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2153]
nsXULElement::HandleChromeEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2833]
nsGlobalWindow::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/dom/src/base/nsGlobalWindow.cpp, line 1574]
nsDocument::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsDocument.cpp, line 4013]
nsGenericElement::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 2206]
nsXULElement::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
nsXULElement::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2174]
PresShell::HandleEventInternal [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6367]
PresShell::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6203]
nsViewManager::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp, line 2559]
nsViewManager::DispatchEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp, line 2246]
HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/view/src/nsView.cpp, line 174]
nsWindow::DispatchEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1252]
nsWindow::DispatchMouseEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 5982]
ChildWindow::DispatchMouseEvent [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 6233]
nsWindow::WindowProc [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1434]
USER32.dll + 0x8734 (0x77d18734)
USER32.dll + 0x8816 (0x77d18816)
USER32.dll + 0x89cd (0x77d189cd)
USER32.dll + 0x8a10 (0x77d18a10)
nsAppShell::Run [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/widget/src/windows/nsAppShell.cpp, line 159]
nsAppStartup::Run [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 151]
main [c:/builds/tinderbox/Fx-Mozilla1.8/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 61]
kernel32.dll + 0x16d4f (0x7c816d4f)
Reporter | ||
Updated•19 years ago
|
Version: unspecified → 1.5 Branch
Comment 1•19 years ago
|
||
Dupe of bug 237823?
Comment 2•19 years ago
|
||
(In reply to comment #1)
> Dupe of bug 237823?
Steve, do you see a similarity in the stacks? (I don't - it's why Tony filed a new bug)
Updated•19 years ago
|
Assignee: nobody → general
Component: General → JavaScript Engine
Keywords: crash
Product: Firefox → Core
QA Contact: general → general
Version: 1.5 Branch → 1.8 Branch
Comment 3•19 years ago
|
||
No i don't. But i'm a triage monkey, not a code ninja, hence why I suggested it /may/ be a dupe; it makes verifying such claims easier for people who know more about it than i do. (they don't have to do the search themselves)
Comment 4•19 years ago
|
||
See bug 237823 comment 9.
/be
Assignee: general → events
Status: UNCONFIRMED → NEW
Component: JavaScript Engine → DOM: Events
Ever confirmed: true
QA Contact: general → ian
Reporter | ||
Comment 5•19 years ago
|
||
Quoting bug 237823 comment #9 by Brendan Eich:
> jay, anyone: do the talkback reports show a consistent caller and even
> grand-caller of js_AllocStack? Here in timeless's comment 0, the caller is
> nsXPCWrappedJSClass::CallMethod. Over in bug 320356 the caller is
> js_InternalInvoke, from JS_CallFunctionValue, from DOM event handler dispatch.
>
> I agree these are distinct bugs. The signature needs to include more than the
> top frame of the stack. In that light, bug 320356 is unlikely to be a JS
> engine bug. It's probably a DOM or embedding bug where a destroyed JSContext is
> being used by faulty code that passes the bad pointer into the JS engine.
>
> /be
>
...and IIUC his mentioning "bug 320356" (for 320256) is a typo.
Component: DOM: Events → JavaScript Engine
Reporter | ||
Updated•19 years ago
|
Component: JavaScript Engine → DOM: Events
Comment 6•19 years ago
|
||
Do we have any ideas on how to reproduce?
Comment 7•19 years ago
|
||
(In reply to comment #6)
> Do we have any ideas on how to reproduce?
I've filed bug 344062, it has a testcase which, I think, reproduces this crash.
Reporter | ||
Comment 8•19 years ago
|
||
(In reply to comment #7)
> (In reply to comment #6)
> > Do we have any ideas on how to reproduce?
>
> I've filed bug 344062, it has a testcase which, I think, reproduces this crash.
>
If one of you gurus has the savvy to check that it does reproduce -this- crash, then if it does, I guess this one should be marked as a dupe of bug 344062
Comment 10•17 years ago
|
||
(In reply to comment #9)
> *** Bug 400618 has been marked as a duplicate of this bug. ***
>
Well, I'm not convinced. 400618 is reliably created with firebug+google ads. This one does not seem to be related to jsd and that matter how to even produce this trace?
Summary: crash [@ js_AllocStack 3e09427b] access violation (jsinterp.c line 390) → crash [@ js_AllocStack - js_InternalInvoke] access violation (jsinterp.c line 390)
Updated•15 years ago
|
Assignee: events → nobody
QA Contact: ian → events
Comment 11•15 years ago
|
||
Smaug, any idea what the DOM Events code might be doing wrong, given bug 237823 comment 9 and the stack trace in comment 0?
If not, let's close this bug as incomplete.
Comment 12•15 years ago
|
||
The stack isn't too useful, and the whole DOM event dispatch handling has been written (over 3 years ago). So marking incomplete.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
Assignee | ||
Updated•14 years ago
|
Crash Signature: [@ js_AllocStack - js_InternalInvoke]
You need to log in
before you can comment on or make changes to this bug.
Description
•