Closed Bug 71610 Opened 24 years ago Closed 24 years ago

Crash in JS_GetFunctionObject() on startup

Categories

(Core :: JavaScript Engine, defect)

x86
Linux
defect
Not set
blocker

Tracking

()

VERIFIED FIXED

People

(Reporter: cls, Assigned: bugs)

References

Details

(Keywords: crash, smoketest)

After BenG's bookmark checkins, clobber builds started crashing on startup. Assigning to the JS engine component because the actual crash appears to occur from a NULL pointer dereference in JS_GetFunctionObject.
I hate these kind of bugs. Putting the NULL check in JS_GetFunctionObject() moves the crash into caps, nsScriptSecurityManager::GetObjectPrincipal . Some how this bug is registry related because the bug does not manifest if component.reg already exists. This is why the depend builds do not crash.
Severity: normal → blocker
Keywords: crash, smoketest
Is this really linux-only?
My win32 build is out of date so I dunno. Here's the trace: (gdb) bt #0 0x2abc30fe in JS_GetFunctionObject () from /usr/cls/moz/main/obj-opt-O/dist/bin/libmozjs.so #1 0x2bdcf2cc in nsScriptSecurityManager::GetFunctionObjectPrincipal () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libcaps.so #2 0x2bdce1de in nsScriptSecurityManager::CheckFunctionAccess () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libcaps.so #3 0x2aee55db in nsJSContext::CallEventHandler () from /usr/cls/moz/main/obj-opt-O/dist/bin/libjsdom.so #4 0x2af20e39 in nsJSDOMEventListener::HandleEvent () from /usr/cls/moz/main/obj-opt-O/dist/bin/libjsdom.so #5 0x2afe8fbc in nsEventListenerManager::HandleEventSubType () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libgkcontent.so #6 0x2afea28f in nsEventListenerManager::HandleEvent () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libgkcontent.so #7 0x2aef4dc4 in GlobalWindowImpl::HandleDOMEvent () from /usr/cls/moz/main/obj-opt-O/dist/bin/libjsdom.so #8 0x2b1461db in DocumentViewerImpl::LoadComplete () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libgkcontent.so #9 0x2ae9c8fc in nsDocShell::EndPageLoad () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libdocshell.so #10 0x2aea4ed9 in nsWebShell::EndPageLoad () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libdocshell.so #11 0x2ae9c6d9 in nsDocShell::OnStateChange () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libdocshell.so #12 0x2aea4e17 in nsWebShell::OnStateChange () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libdocshell.so #13 0x2c01ec6e in nsDocLoaderImpl::FireOnStateChange () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/liburiloader.so #14 0x2c01df35 in nsDocLoaderImpl::doStopDocumentLoad () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/liburiloader.so #15 0x2c01de13 in nsDocLoaderImpl::DocLoaderIsEmpty () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/liburiloader.so #16 0x2c01dc3b in nsDocLoaderImpl::OnStopRequest () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/liburiloader.so #17 0x2b38041a in nsLoadGroup::RemoveRequest () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libnecko.so #18 0x2b3c7d4b in nsJARChannel::OnStopRequest () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libnecko.so #19 0x2b37669a in nsOnStopRequestEvent::HandleEvent () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libnecko.so #20 0x2b3764b2 in nsStreamObserverEvent::HandlePLEvent () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libnecko.so #21 0x2ab6f089 in PL_HandleEvent () from /usr/cls/moz/main/obj-opt-O/dist/bin/libxpcom.so #22 0x2ab6ef99 in PL_ProcessPendingEvents () from /usr/cls/moz/main/obj-opt-O/dist/bin/libxpcom.so #23 0x2ab6fedb in nsEventQueueImpl::ProcessPendingEvents () from /usr/cls/moz/main/obj-opt-O/dist/bin/libxpcom.so #24 0x2b8c8f19 in event_processor_callback () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libwidget_gtk.so #25 0x2b8c8ca6 in our_gdk_io_invoke () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libwidget_gtk.so #26 0x2ba6aaca in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0 #27 0x2ba6c186 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0 #28 0x2ba6c751 in g_main_iterate () from /usr/lib/libglib-1.2.so.0 #29 0x2ba6c8f1 in g_main_run () from /usr/lib/libglib-1.2.so.0 #30 0x2b9915b9 in gtk_main () from /usr/lib/libgtk-1.2.so.0 #31 0x2b8c94aa in nsAppShell::Run () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libwidget_gtk.so #32 0x2c1423d0 in nsAppShellService::Run () from /usr/cls/moz/main/obj-opt-O/dist/bin/components/libnsappshell.so #33 0x804e2c2 in main1 () #34 0x804ec5c in main () #35 0x2acfb9cb in __libc_start_main (main=0x804eafc <main>, argc=1, argv=0x7ffff7f4, init=0x804ad68 <_init>, fini=0x805435c <_fini>, rtld_fini=0x2aab5ea0 <_dl_fini>, stack_end=0x7ffff7ec) at ../sysdeps/generic/libc-start.c:92
This smells like bug 31847.
At dbaron's request, I applied brendan's patch from bug 31847 and it appears to fix the problem.
Let's get that in ASAP, then.
Depends on: 31847
It's in -- cls, can you verify that this is fixed?
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
I'm getting no crash on startup using builds from 2001-03-12, 2001-03-13. Marking Verified. Please re-open if it's still occurring for anyone else -
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.