search

rmottola / Arctic-Fox

Web Browser for Mac OS X 10.6+, Linux (PowerPC, x86, amd64, ARM, MIPS), NetBSD, OpenBSD, and Windows XP.
Other
290 stars 35 forks source link

rev 267d288 cause crashes when not in safe mode #146

Closed roytam1 closed 9 months ago

roytam1 commented 11 months ago

with latest dev commit (i.e. c5588dd270af165fcce0893c644d5d7b56b77f4b), it crashes in various locations when it has extension enabled.

possible rev range: https://github.com/rmottola/Arctic-Fox/compare/6021b583ff595ec6db095ba2f670b700ad83025b...723999e7fa7fe51729e10a40e0159e0e56d4c593

EDIT: so the crashes are caused by https://github.com/rmottola/Arctic-Fox/commit/267d28808ae0146c88530968db2414b1d48939be

example:

error:

Unhandled exception at 0x51310F15 (xul.dll) in arcticfox.exe: 0xC0000005: Access violation reading location 0x6F207985.

stack trace:

>   xul.dll!MayBindToContent(nsXBLPrototypeBinding * aProtoBinding, nsIContent * aBoundElement, nsIURI * aURI) Line 660 C++
    xul.dll!nsXBLService::GetBinding(nsIContent * aBoundElement, nsIURI * aURI, bool aPeekOnly, nsIPrincipal * aOriginPrincipal, bool * aIsReady, nsXBLBinding * * aResult, nsTArray<nsCOMPtr<nsIURI> > & aDontExtendURIs) Line 753 C++
    xul.dll!nsXBLService::GetBinding(nsIContent * aBoundElement, nsIURI * aURI, bool aPeekOnly, nsIPrincipal * aOriginPrincipal, bool * aIsReady, nsXBLBinding * * aResult) Line 652    C++
    xul.dll!nsXBLService::LoadBindings(nsIContent * aContent, nsIURI * aURL, nsIPrincipal * aOriginPrincipal, nsXBLBinding * * aBinding, bool * aResolveStyle) Line 454 C++
    xul.dll!nsCSSFrameConstructor::AddFrameConstructionItemsInternal(nsFrameConstructorState & aState, nsIContent * aContent, nsContainerFrame * aParentFrame, nsIAtom * aTag, int aNameSpaceID, bool aSuppressWhiteSpaceOptimizations, nsStyleContext * aStyleContext, unsigned int aFlags, nsTArray<nsIAnonymousContentCreator::ContentInfo> * aAnonChildren, nsCSSFrameConstructor::FrameConstructionItemList & aItems) Line 5577    C++
    xul.dll!nsCSSFrameConstructor::DoAddFrameConstructionItems(nsFrameConstructorState & aState, nsIContent * aContent, nsStyleContext * aStyleContext, bool aSuppressWhiteSpaceOptimizations, nsContainerFrame * aParentFrame, nsTArray<nsIAnonymousContentCreator::ContentInfo> * aAnonChildren, nsCSSFrameConstructor::FrameConstructionItemList & aItems) Line 5493 C++
    xul.dll!nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState & aState, nsIContent * aContent, nsStyleContext * aStyleContext, nsContainerFrame * aFrame, const bool aCanHaveGeneratedContent, nsFrameItems & aFrameItems, const bool aAllowBlockStyles, PendingBinding * aPendingBinding, nsIFrame * aPossiblyLeafFrame) Line 10599   C++
    xul.dll!nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem & aItem, nsFrameConstructorState & aState, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 3924    C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList::Iterator & aIter, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 6040 C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList & aItems, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 10413 C++
    xul.dll!nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState & aState, nsIContent * aContent, nsStyleContext * aStyleContext, nsContainerFrame * aFrame, const bool aCanHaveGeneratedContent, nsFrameItems & aFrameItems, const bool aAllowBlockStyles, PendingBinding * aPendingBinding, nsIFrame * aPossiblyLeafFrame) Line 10621   C++
    xul.dll!nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem & aItem, nsFrameConstructorState & aState, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 3924    C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList::Iterator & aIter, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 6040 C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList & aItems, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 10413 C++
    xul.dll!nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState & aState, nsIContent * aContent, nsStyleContext * aStyleContext, nsContainerFrame * aFrame, const bool aCanHaveGeneratedContent, nsFrameItems & aFrameItems, const bool aAllowBlockStyles, PendingBinding * aPendingBinding, nsIFrame * aPossiblyLeafFrame) Line 10621   C++
    xul.dll!nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem & aItem, nsFrameConstructorState & aState, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 3924    C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList::Iterator & aIter, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 6040 C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList & aItems, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 10413 C++
    xul.dll!nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState & aState, nsIContent * aContent, nsStyleContext * aStyleContext, nsContainerFrame * aFrame, const bool aCanHaveGeneratedContent, nsFrameItems & aFrameItems, const bool aAllowBlockStyles, PendingBinding * aPendingBinding, nsIFrame * aPossiblyLeafFrame) Line 10621   C++
    xul.dll!nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem & aItem, nsFrameConstructorState & aState, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 3924    C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList::Iterator & aIter, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 6040 C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList & aItems, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 10413 C++
    xul.dll!nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState & aState, nsIContent * aContent, nsStyleContext * aStyleContext, nsContainerFrame * aFrame, const bool aCanHaveGeneratedContent, nsFrameItems & aFrameItems, const bool aAllowBlockStyles, PendingBinding * aPendingBinding, nsIFrame * aPossiblyLeafFrame) Line 10621   C++
    xul.dll!nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem & aItem, nsFrameConstructorState & aState, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 3924    C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList::Iterator & aIter, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 6040 C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList & aItems, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 10413 C++
    xul.dll!nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState & aState, nsIContent * aContent, nsStyleContext * aStyleContext, nsContainerFrame * aFrame, const bool aCanHaveGeneratedContent, nsFrameItems & aFrameItems, const bool aAllowBlockStyles, PendingBinding * aPendingBinding, nsIFrame * aPossiblyLeafFrame) Line 10621   C++
    xul.dll!nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem & aItem, nsFrameConstructorState & aState, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 3924    C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList::Iterator & aIter, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 6040 C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList & aItems, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 10413 C++
    xul.dll!nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState & aState, nsIContent * aContent, nsStyleContext * aStyleContext, nsContainerFrame * aFrame, const bool aCanHaveGeneratedContent, nsFrameItems & aFrameItems, const bool aAllowBlockStyles, PendingBinding * aPendingBinding, nsIFrame * aPossiblyLeafFrame) Line 10621   C++
    xul.dll!nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem & aItem, nsFrameConstructorState & aState, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 3924    C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList::Iterator & aIter, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 6040 C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList & aItems, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 10413 C++
    xul.dll!nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState & aState, nsIContent * aContent, nsStyleContext * aStyleContext, nsContainerFrame * aFrame, const bool aCanHaveGeneratedContent, nsFrameItems & aFrameItems, const bool aAllowBlockStyles, PendingBinding * aPendingBinding, nsIFrame * aPossiblyLeafFrame) Line 10621   C++
    xul.dll!nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem & aItem, nsFrameConstructorState & aState, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 3924    C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList::Iterator & aIter, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 6040 C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList & aItems, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 10413 C++
    xul.dll!nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState & aState, nsIContent * aContent, nsStyleContext * aStyleContext, nsContainerFrame * aFrame, const bool aCanHaveGeneratedContent, nsFrameItems & aFrameItems, const bool aAllowBlockStyles, PendingBinding * aPendingBinding, nsIFrame * aPossiblyLeafFrame) Line 10621   C++
    xul.dll!nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem & aItem, nsFrameConstructorState & aState, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 3924    C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList::Iterator & aIter, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 6040 C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList & aItems, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 10413 C++
    xul.dll!nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState & aState, nsIContent * aContent, nsStyleContext * aStyleContext, nsContainerFrame * aFrame, const bool aCanHaveGeneratedContent, nsFrameItems & aFrameItems, const bool aAllowBlockStyles, PendingBinding * aPendingBinding, nsIFrame * aPossiblyLeafFrame) Line 10621   C++
    xul.dll!nsCSSFrameConstructor::ConstructFrameFromItemInternal(nsCSSFrameConstructor::FrameConstructionItem & aItem, nsFrameConstructorState & aState, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 3924    C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItem(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList::Iterator & aIter, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 6040 C++
    xul.dll!nsCSSFrameConstructor::ConstructFramesFromItemList(nsFrameConstructorState & aState, nsCSSFrameConstructor::FrameConstructionItemList & aItems, nsContainerFrame * aParentFrame, nsFrameItems & aFrameItems) Line 10413 C++
    xul.dll!nsCSSFrameConstructor::ProcessChildren(nsFrameConstructorState & aState, nsIContent * aContent, nsStyleContext * aStyleContext, nsContainerFrame * aFrame, const bool aCanHaveGeneratedContent, nsFrameItems & aFrameItems, const bool aAllowBlockStyles, PendingBinding * aPendingBinding, nsIFrame * aPossiblyLeafFrame) Line 10621   C++
    xul.dll!nsCSSFrameConstructor::ConstructDocElementFrame(mozilla::dom::Element * aDocElement, nsILayoutHistoryState * aFrameState) Line 2569 C++
    xul.dll!nsCSSFrameConstructor::ContentRangeInserted(nsIContent * aContainer, nsIContent * aStartChild, nsIContent * aEndChild, nsILayoutHistoryState * aFrameState, bool aAllowLazyConstruction) Line 7603  C++
    xul.dll!nsCSSFrameConstructor::ContentInserted(nsIContent * aContainer, nsIContent * aChild, nsILayoutHistoryState * aFrameState, bool aAllowLazyConstruction) Line 7491    C++
    xul.dll!PresShell::Initialize(int aWidth, int aHeight) Line 1643    C++
    xul.dll!mozilla::dom::XULDocument::StartLayout() Line 1904  C++
    xul.dll!mozilla::dom::XULDocument::DoneWalking() Line 3008  C++
    xul.dll!mozilla::dom::XULDocument::ResumeWalk() Line 2956   C++
    xul.dll!mozilla::dom::XULDocument::OnScriptCompileComplete(JSScript * aScript, nsresult aStatus) Line 3459  C++
    xul.dll!NotifyOffThreadScriptCompletedRunnable::Run() Line 2731 C++
    xul.dll!nsThread::ProcessNextEvent(bool aMayWait, bool * aResult) Line 970  C++
    xul.dll!NS_ProcessNextEvent(nsIThread * aThread, bool aMayWait) Line 297    C++
    xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate * aDelegate) Line 133    C++
    xul.dll!MessageLoop::RunHandler() Line 228  C++
    xul.dll!MessageLoop::Run() Line 202 C++
    xul.dll!nsBaseAppShell::Run() Line 158  C++
    xul.dll!nsAppShell::Run() Line 167  C++
    xul.dll!nsAppStartup::Run() Line 282    C++
    xul.dll!XREMain::XRE_mainRun() Line 4242    C++
    xul.dll!NS_InitXPCOM2(nsIServiceManager * * aResult, nsIFile * aBinDirectory, nsIDirectoryServiceProvider * aAppFileLocationProvider) Line 764  C++
    xul.dll!ScopedXPCOMStartup::Initialize() Line 1546  C++
    [External Code] 
    [Frames below may be incorrect and/or missing, no symbols loaded for ntdll.dll] 
    mozglue.dll!mozilla::internal::WindowsDllDetourPatcher::CreateTrampoline(void * aOrigFunction, int aDest, void * * aOutTramp) Line 663  C++
    mozglue.dll!mozilla::WindowsDllInterceptor::AddDetour(const char * aName, int aHookDest, void * * aOrigFunc) Line 765   C++
    [External Code]

code:

--- c:\devel\arctic-fox\dom\xbl\nsxblservice.cpp -------------------------------

static bool
MayBindToContent(nsXBLPrototypeBinding* aProtoBinding, nsIContent* aBoundElement,
                 nsIURI* aURI)
{
51310F10  push        esi  
  // If this binding explicitly allows untrusted content, we're done.
  if (aProtoBinding->BindToUntrustedContent()) {
51310F11  mov         esi,dword ptr [esp+8]  
51310F15  cmp         byte ptr [esi+24h],0  // <--- FAULT
51310F19  je          MayBindToContent+0Fh (51310F1Fh)  
    return true;
51310F1B  mov         al,1  
51310F1D  pop         esi  
}
51310F1E  ret  
51310F1F  push        edi  
  }

another example:

Unhandled exception at 0x5062C712 (xul.dll) in arcticfox.exe: 0xC0000005: Access violation reading location 0x20200A43.

stack trace:

>   xul.dll!nsJARChannel::~nsJARChannel() Line 224  C++
    [External Code] 
    xul.dll!nsHashPropertyBag::Release() Line 258   C++
    xul.dll!ReadSourceFromFilename(JSContext * cx, const char * filename, wchar_t * * src, unsigned int * len) Line 3285    C++
    xul.dll!XPCJSSourceHook::load(JSContext * cx, const char * filename, wchar_t * * src, unsigned int * length) Line 3303  C++
    mozjs.dll!JSScript::loadSource(JSContext * cx, js::ScriptSource * ss, bool * worked) Line 1755  C++
    mozjs.dll!js::FunctionToString(JSContext * cx, JS::Handle<JSFunction *> fun, bool lambdaParen) Line 1056    C++
    mozjs.dll!fun_toStringHelper(JSContext * cx, JS::Handle<JSObject *> obj, unsigned int indent) Line 1223 C++
    mozjs.dll!js::fun_toString(JSContext * cx, unsigned int argc, JS::Value * vp) Line 1241 C++
    mozjs.dll!js::Invoke(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 457  C++
    mozjs.dll!Interpret(JSContext * cx, js::RunState & state) Line 2823 C++
    mozjs.dll!js::RunScript(JSContext * cx, js::RunState & state) Line 404  C++
    mozjs.dll!js::Invoke(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 478  C++
    mozjs.dll!Interpret(JSContext * cx, js::RunState & state) Line 2823 C++
    mozjs.dll!js::RunScript(JSContext * cx, js::RunState & state) Line 404  C++
    mozjs.dll!js::Invoke(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 478  C++
    mozjs.dll!Interpret(JSContext * cx, js::RunState & state) Line 2823 C++
    mozjs.dll!js::RunScript(JSContext * cx, js::RunState & state) Line 404  C++
    mozjs.dll!js::Invoke(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 478  C++
    mozjs.dll!js::fun_apply(JSContext * cx, unsigned int argc, JS::Value * vp) Line 1365    C++
    mozjs.dll!js::Invoke(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 457  C++
    mozjs.dll!js::Invoke(JSContext * cx, const JS::Value & thisv, const JS::Value & fval, unsigned int argc, const JS::Value * argv, JS::MutableHandle<JS::Value> rval) Line 509    C++
    mozjs.dll!js::jit::DoCallFallback(JSContext * cx, js::jit::BaselineFrame * frame, js::jit::ICCall_Fallback * stub_, unsigned int argc, JS::Value * vp, JS::MutableHandle<JS::Value> res) Line 6166  C++
    [External Code] 
    [Frames below may be incorrect and/or missing]  
    mozjs.dll!EnterBaseline(JSContext * cx, js::jit::EnterJitData & data) Line 137  C++
    mozjs.dll!js::jit::EnterBaselineAtBranch(JSContext * cx, js::InterpreterFrame * fp, unsigned char * pc) Line 245    C++
    mozjs.dll!Interpret(JSContext * cx, js::RunState & state) Line 1836 C++
    mozjs.dll!js::RunScript(JSContext * cx, js::RunState & state) Line 404  C++
    mozjs.dll!js::Invoke(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 478  C++
    mozjs.dll!js::Invoke(JSContext * cx, const JS::Value & thisv, const JS::Value & fval, unsigned int argc, const JS::Value * argv, JS::MutableHandle<JS::Value> rval) Line 509    C++
    mozjs.dll!JS::Call(JSContext * cx, JS::Handle<JS::Value> thisv, JS::Handle<JS::Value> fval, const JS::HandleValueArray & args, JS::MutableHandle<JS::Value> rval) Line 2849 C++
    xul.dll!mozilla::dom::EventListener::HandleEvent(JSContext * cx, JS::Handle<JS::Value> aThisVal, mozilla::dom::Event & event, mozilla::ErrorResult & aRv) Line 48   C++
    xul.dll!mozilla::dom::EventListener::HandleEvent<mozilla::dom::EventTarget *>(mozilla::dom::EventTarget * const & thisVal, mozilla::dom::Event & event, mozilla::ErrorResult & aRv, const char * aExecutionReason, mozilla::dom::CallbackObject::ExceptionHandling aExceptionHandling, JSCompartment * aCompartment) Line 54    C++
    xul.dll!mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener * aListener, nsIDOMEvent * aDOMEvent, mozilla::dom::EventTarget * aCurrentTarget) Line 1026   C++
    xul.dll!mozilla::EventListenerManager::HandleEventInternal(nsPresContext * aPresContext, mozilla::WidgetEvent * aEvent, nsIDOMEvent * * aDOMEvent, mozilla::dom::EventTarget * aCurrentTarget, nsEventStatus * aEventStatus) Line 1156  C++
    xul.dll!mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem> & aChain, mozilla::EventChainPostVisitor & aVisitor, mozilla::EventDispatchingCallback * aCallback, mozilla::ELMCreationDetector & aCd) Line 338  C++
    xul.dll!mozilla::EventDispatcher::Dispatch(nsISupports * aTarget, nsPresContext * aPresContext, mozilla::WidgetEvent * aEvent, nsIDOMEvent * aDOMEvent, nsEventStatus * aEventStatus, mozilla::EventDispatchingCallback * aCallback, nsTArray<mozilla::dom::EventTarget *> * aTargets) Line 656 C++
    xul.dll!mozilla::EventDispatcher::DispatchDOMEvent(nsISupports * aTarget, mozilla::WidgetEvent * aEvent, nsIDOMEvent * aDOMEvent, nsPresContext * aPresContext, nsEventStatus * aEventStatus) Line 720  C++
    xul.dll!nsINode::DispatchEvent(nsIDOMEvent * aEvent, bool * aRetVal) Line 1295  C++
    xul.dll!nsContentUtils::DispatchEvent(nsIDocument * aDoc, nsISupports * aTarget, const nsAString_internal & aEventName, bool aCanBubble, bool aCancelable, bool aTrusted, bool * aDefaultAction, bool aOnlyChromeDispatch) Line 3807    C++
    xul.dll!nsContentUtils::DispatchTrustedEvent(nsIDocument * aDoc, nsISupports * aTarget, const nsAString_internal & aEventName, bool aCanBubble, bool aCancelable, bool * aDefaultAction) Line 3776  C++
    xul.dll!nsDocument::DispatchContentLoadedEvents() Line 4963 C++
    xul.dll!mozilla::dom::XULDocument::DoneWalking() Line 3030  C++
    xul.dll!mozilla::dom::XULDocument::ResumeWalk() Line 2956   C++
    xul.dll!mozilla::dom::XULDocument::EndLoad() Line 544   C++
    xul.dll!XULContentSinkImpl::DidBuildModel(bool aTerminated) Line 229    C++
    xul.dll!nsParser::DidBuildModel(nsresult anErrorCode) Line 901  C++
    xul.dll!nsParser::ResumeParse(bool allowIteration, bool aIsFinalChunk, bool aCanInterrupt) Line 1507    C++
    xul.dll!nsParser::OnStopRequest(nsIRequest * request, nsISupports * aContext, nsresult status) Line 1880    C++
    xul.dll!nsJARChannel::OnStopRequest(nsIRequest * req, nsISupports * ctx, nsresult status) Line 1305 C++
    xul.dll!nsInputStreamPump::OnStateStop() Line 716   C++
    xul.dll!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream * stream) Line 435    C++
    xul.dll!nsInputStreamReadyEvent::Run() Line 96  C++
    xul.dll!nsThread::ProcessNextEvent(bool aMayWait, bool * aResult) Line 970  C++
    xul.dll!NS_ProcessNextEvent(nsIThread * aThread, bool aMayWait) Line 297    C++
    xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate * aDelegate) Line 133    C++
    xul.dll!MessageLoop::RunHandler() Line 228  C++
    xul.dll!MessageLoop::Run() Line 202 C++
    xul.dll!nsBaseAppShell::Run() Line 158  C++
    xul.dll!nsAppShell::Run() Line 167  C++
    xul.dll!nsAppStartup::Run() Line 282    C++
    xul.dll!XREMain::XRE_mainRun() Line 4242    C++
    xul.dll!NS_InitXPCOM2(nsIServiceManager * * aResult, nsIFile * aBinDirectory, nsIDirectoryServiceProvider * aAppFileLocationProvider) Line 764  C++
    xul.dll!ScopedXPCOMStartup::Initialize() Line 1546  C++
    [External Code] 
    mozglue.dll!mozilla::internal::WindowsDllDetourPatcher::CreateTrampoline(void * aOrigFunction, int aDest, void * * aOutTramp) Line 663  C++
    mozglue.dll!mozilla::WindowsDllInterceptor::AddDetour(const char * aName, int aHookDest, void * * aOrigFunc) Line 765   C++
    [External Code]

code:

nsJARChannel::~nsJARChannel()
{
5062C63D  mov         dword ptr [esi],51BD4E4Ch  
5062C643  mov         dword ptr [esi+4],51BD4EF4h  
5062C64A  mov         dword ptr [esi+8],51BD4F04h  
5062C651  mov         dword ptr [esi+0Ch],51BD4F1Ch  
5062C658  mov         dword ptr [esi+10h],51BD4F2Ch  
5062C65F  mov         dword ptr [esi+14h],51BD4F3Ch  
5062C666  mov         dword ptr [esi+18h],51BD4F4Ch  
5062C66D  mov         dword ptr [esi+1Ch],51BD4F6Ch  
    NS_ReleaseOnMainThread(mLoadInfo);
5062C674  mov         edi,dword ptr [esi+60h]  
5062C677  mov         dword ptr [esi+60h],0  
    NS_ReleaseOnMainThread(mLoadInfo);
5062C67E  call        NS_IsMainThread (501F9AB0h)  
5062C683  test        al,al  
5062C685  jne         nsJARChannel::~nsJARChannel+77h (5062C6A7h)  
5062C687  mov         ecx,dword ptr [esp+8]  
5062C68B  mov         dword ptr [esp+8],0  
5062C693  test        ecx,ecx  
5062C695  je          nsJARChannel::~nsJARChannel+6Dh (5062C69Dh)  
5062C697  mov         eax,dword ptr [ecx]  
5062C699  push        ecx  
5062C69A  call        dword ptr [eax+8]  
5062C69D  lea         eax,[esp+8]  
5062C6A1  push        eax  
5062C6A2  call        NS_GetMainThread (502150D0h)  
5062C6A7  push        0  
5062C6A9  push        edi  
5062C6AA  push        dword ptr [esp+10h]  
5062C6AE  call        NS_ProxyRelease (50213040h)  
5062C6B3  mov         eax,dword ptr [esp+14h]  
5062C6B7  add         esp,0Ch  
5062C6BA  test        eax,eax  
5062C6BC  je          nsJARChannel::~nsJARChannel+94h (5062C6C4h)  
5062C6BE  mov         ecx,dword ptr [eax]  
5062C6C0  push        eax  
5062C6C1  call        dword ptr [ecx+8]  

    // release owning reference to the jar handler
    nsJARProtocolHandler *handler = gJarHandler;
    NS_RELEASE(handler); // nullptr parameter
5062C6C4  push        dword ptr ds:[52123278h]  
5062C6CA  call        nsJARProtocolHandler::Release (50632E30h)  
}
5062C6CF  mov         eax,dword ptr [esi+0E8h]  
5062C6D5  test        eax,eax  
5062C6D7  je          nsJARChannel::~nsJARChannel+0AFh (5062C6DFh)  
5062C6D9  push        eax  
5062C6DA  call        nsInputStreamPump::Release (50266CD0h)  
5062C6DF  lea         ecx,[esi+0DCh]  
5062C6E5  call        nsACString_internal::Finalize (501AFDB0h)  
5062C6EA  lea         ecx,[esi+0D0h]  
5062C6F0  call        nsACString_internal::Finalize (501AFDB0h)  
5062C6F5  mov         ecx,dword ptr [esi+0CCh]  
5062C6FB  test        ecx,ecx  
5062C6FD  je          nsJARChannel::~nsJARChannel+0D5h (5062C705h)  
5062C6FF  mov         eax,dword ptr [ecx]  
5062C701  push        ecx  
5062C702  call        dword ptr [eax+8]  
5062C705  mov         ecx,dword ptr [esi+0C8h]  
5062C70B  test        ecx,ecx  
5062C70D  je          nsJARChannel::~nsJARChannel+0E5h (5062C715h)  
5062C70F  mov         eax,dword ptr [ecx]  
5062C711  push        ecx  
5062C712  call        dword ptr [eax+8]  // <--- FAULT
5062C715  mov         ecx,dword ptr [esi+0C4h]  
5062C71B  test        ecx,ecx  
5062C71D  je          nsJARChannel::~nsJARChannel+0F5h (5062C725h)  
5062C71F  mov         eax,dword ptr [ecx]
rmottola commented 9 months ago

Is this still current or has it been fixed given the other fixes we did....

roytam1 commented 9 months ago

it seems that it is not the case in win32 builds now, did it happen in linux/osx builds?

rmottola commented 9 months ago

It was a specific windows bug report, I don't experience specific issues on linux between safe and unsafe mode. You mention an extension, perhaps that one needs to be used? It is not cited which one causes issues though.

roytam1 commented 9 months ago

I have 2 extensions: Tab Mix Plus and S3 downloader

rmottola commented 9 months ago

But you don't have the issue anymore even with these extensions. Let's suppose it has been fixed.