Closed
Bug 419132
Opened 17 years ago
Closed 17 years ago
Crash [@ KiFastSystemCallRet] with binding, focusing and some other stuff
Categories
(Core :: XBL, defect, P2)
Core
XBL
Tracking
()
RESOLVED
DUPLICATE
of bug 415192
mozilla1.9
People
(Reporter: martijn.martijn, Assigned: peterv)
References
Details
(Keywords: crash, regression, testcase, Whiteboard: [sg:critical])
Crash Data
Attachments
(3 files)
See zipped up testcase, open "Kopie van nsXBLBindingGetAnonymousNodes.htm" and let it run for a while. Normally, it should crash within 20s within current trunk build. This regressed between 2007-11-28 and 2007-12-02: http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2007-11-28+04&maxdate=2007-12-02+09&cvsroot=%2Fcvsroot I guess this regressed somehow from bug 348156, because the check-in comment also mentions UnbindFromTree, which is also in the stacktrace from the crash report. http://crash-stats.mozilla.com/report/index/51707028-e148-11dc-ab27-001a4bd43e5c 0 KiFastSystemCallRet 1 NtReleaseSemaphore 2 ReleaseSemaphore 3 google_breakpad::ExceptionHandler::WriteMinidumpOnHandlerThread(_EXCEPTION_POINTERS*, MDRawAssertionInfo*) mozilla/toolkit/crashreporter/google-breakpad/src/client/windows/handler/exception_handler.cc:406 4 google_breakpad::ExceptionHandler::HandlePureVirtualCall() mozilla/toolkit/crashreporter/google-breakpad/src/client/windows/handler/exception_handler.cc:378 5 _purecall purevirt.c:47 6 nsCOMPtr_base::assign_from_qi(nsQueryInterface, nsID const&) nsCOMPtr.cpp:96 7 nsCOMPtr<nsIDOMElement>::nsCOMPtr<nsIDOMElement>(nsQueryInterface) nsCOMPtr.h:645 8 nsXBLBinding::GetAnonymousNodes() mozilla/content/xbl/src/nsXBLBinding.cpp:1552 9 nsBindingManager::GetAnonymousNodesInternal(nsIContent*, nsIDOMNodeList**, int*) mozilla/content/xbl/src/nsBindingManager.cpp:709 10 nsBindingManager::GetAnonymousNodesFor(nsIContent*, nsIDOMNodeList**) mozilla/content/xbl/src/nsBindingManager.cpp:723 11 nsBindingManager::RemoveInsertionParent(nsIContent*) mozilla/content/xbl/src/nsBindingManager.cpp:469 12 nsBindingManager::SetBinding(nsIContent*, nsXBLBinding*) mozilla/content/xbl/src/nsBindingManager.cpp:511 13 nsBindingManager::ChangeDocumentFor(nsIContent*, nsIDocument*, nsIDocument*) mozilla/content/xbl/src/nsBindingManager.cpp:616 14 nsGenericElement::UnbindFromTree(int, int) mozilla/content/base/src/nsGenericElement.cpp:2220 15 nsGenericHTMLElement::UnbindFromTree(int, int) mozilla/content/html/content/src/nsGenericHTMLElement.cpp:1140 16 nsGenericElement::UnbindFromTree(int, int) mozilla/content/base/src/nsGenericElement.cpp:2259 17 nsGenericHTMLElement::UnbindFromTree(int, int) mozilla/content/html/content/src/nsGenericHTMLElement.cpp:1140 18 nsGenericElement::UnbindFromTree(int, int) mozilla/content/base/src/nsGenericElement.cpp:2259 19 nsGenericHTMLElement::UnbindFromTree(int, int) mozilla/content/html/content/src/nsGenericHTMLElement.cpp:1140 20 nsGenericElement::UnbindFromTree(int, int) mozilla/content/base/src/nsGenericElement.cpp:2259 21 nsGenericHTMLElement::UnbindFromTree(int, int) mozilla/content/html/content/src/nsGenericHTMLElement.cpp:1140 22 nsGenericElement::cycleCollection::Unlink(void*) mozilla/content/base/src/nsGenericElement.cpp:3493 23 nsCycleCollector::CollectWhite() mozilla/xpcom/base/nsCycleCollector.cpp:1589 24 nsCycleCollector::FinishCollection() mozilla/xpcom/base/nsCycleCollector.cpp:2352 25 XPCCycleCollectGCCallback mozilla/js/src/xpconnect/src/nsXPConnect.cpp:450 26 js_GC 27 JS_GC 28 JS_MaybeGC
|
Reporter | |
Comment 1•17 years ago
|
||
This is basically the same as the previous testcase, but it uses a data url as the binding url.
|
||
Comment 2•17 years ago
|
||
[@ nsBaseHashtableET] for me.
|
|
||
Updated•17 years ago
|
Flags: blocking1.9?
OS: Windows XP → All
Hardware: PC → All
Whiteboard: [sg:critical]
*please* mark dependencies for regressions. Even if they are just suspected regressions.
Blocks: 348156
So this is probably because we're relying on the cycle collector more. Possibly a dupe of bug 415192
Depends on: 415192
|
||
Updated•17 years ago
|
Flags: tracking1.9? → blocking1.9?
|
||
Updated•17 years ago
|
Assignee: nobody → jonas
Flags: blocking1.9? → blocking1.9+
Priority: -- → P2
Target Milestone: --- → mozilla1.9
|
|
||
Comment 5•17 years ago
|
||
Peter, this is most likely a dupe of your bug 415192.
Assignee: jonas → peterv
|
Assignee | |
Comment 6•17 years ago
|
||
Yes, my patch in bug 415192 seems to fix this too.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
|
||
Updated•16 years ago
|
Group: core-security
Flags: wanted1.8.1.x-
|
||
Comment 7•15 years ago
|
||
mochitest landed http://hg.mozilla.org/mozilla-central/rev/4d3da4aa4018
Flags: in-testsuite+
|
|
||
Comment 8•15 years ago
|
||
test disabled due to length of time required. http://hg.mozilla.org/mozilla-central/rev/24c399da79a0
|
||
Updated•13 years ago
|
Crash Signature: [@ KiFastSystemCallRet]
You need to log in
before you can comment on or make changes to this bug.
Description
•