This is a report of a possible bug related to this.
> It also has the serious disadvantage that
>mistakes result in exploitable use-after-frees, rather than unexploitable
>leaks. It also causes various problems with the WebIDL binding
>codegenerator in its current incarnation.
I just ran across an assert() failure.
This seems like a use-after-free case in the discussed case.
The following is a dump recorded in session log of debug build of thunderbird
(TB)
when it ran under memcheck during "make mozmill" on a local PC.
Crash occured when TB was performing a trace (trace gray objects) of hash table
entries
when it encountered something that is not allocated (from the viewpoint
of allocator/garbage collector) and bombout.
I hope these problems will be sorted out soon. I have seen several
crashes of TB since November and want to see them fixed.
I want my mail client to be rock solid.
TIA
By the way, the hash table function seems to be implicated in one of
the topmost crash reports for ARM port of mozilla software (FF), and I
wonder if this CC is trigerring the problem (at least as one of the
causes.) in the hash related code.
https://bugzilla.mozilla.org/show_bug.cgi?id=819386
Bug 819386 - Intermittent Android shutdown crash [@ nss_certificate_hash]
Excerpt:
[...]
Test-update-mailing-list.js::setupModule
TEST-START | /TB-NEW/TB-3HG/new-src/mail/test/mozmill/addrbook/test-update-mailing-list.js |
test_contact_in_mailing_list_updated
Step Pass: {"function": "Controller.keypress()"}
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
--DOMWINDOW == 25 (0x16808860) [serial = 26] [outer = 0xdf4e5c8] [url =
chrome://messenger/content/msgAccountCentral.xul]
--DOMWINDOW == 24 (0x1683e6e0) [serial = 17] [outer = 0xdf4e5c8] [url =
about:blank]
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
Assertion failure: allocated(), at
/TB-NEW/TB-3HG/new-src/mozilla/js/src/gc/Heap.h:482
==18357== Invalid write of size 4
==18357== at 0xB311A9F: js::GCThingTraceKind(void*) (Heap.h:482)
[CI comment: There are inlined functions, etc., and so
difficult to figure out initially what happened.
I sprinkled the perceived value copy of macros/calls and
code snippets in the log.
In the end, I figured out the following sequence of calls
leading to crash.
JS_ASSERT() in getAllocKind() trapped meaning something was not
actually allocated while GC-related function is called.
<== GetGCThinkTraceKind() [ "<==" denotes "called by" relation. ]
<== GetGCThinkTraceKind()
<== GCThingTraceKind()
<== TraceJSObject()
... not sure for the few next steps ...
... ...
<== TraceJSHolder()
<== nsBaaseHashtable::s_EnumStub
<== PL_DHashTableEnumerate()
AllocKind getAllocKind() const {
JS_ASSERT(allocated());
482=> return AllocKind(allocKind);
}
53 inline JSGCTraceKind
54 GetGCThingTraceKind(const void *thing)
55 {
56 AutoAssertNoGC nogc;
57 JS_ASSERT(thing);
58 const Cell *cell = reinterpret_cast<const Cell *>(thing);
59 return MapAllocToTraceKind(cell->getAllocKind()); <--- getAllocKind
60 }
61
https://mxr.mozilla.org/comm-central/source/mozilla/js/src/jsfriendapi.cpp#549
549 js::GCThingTraceKind(void *thing)
550 {
551 JS_ASSERT(thing);
552 return gc::GetGCThingTraceKind(thing);
553 }
==18357== by 0x9E24245: TraceJSObject(void*, char const*, void*)
(XPCJSRuntime.cpp:385)
===> TraceJSObject (tmp (= p) ->_field, "mScopeObject", arg)
static void
TraceJSObject(void *aScriptThing, const char *name, void *aClosure)
{
385=> JS_CALL_TRACER(static_cast<JSTracer*>(aClosure), aScriptThing,
js::GCThingTraceKind(aScriptThing), name);
}
==18357== by 0x987633A: nsJSEventListener::cycleCollection::TraceImpl(void*, void (*)(void*, char const*, void*),
void*) (nsJSEventListener.cpp:106)
NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN(nsJSEventListener)
106=> NS_IMPL_CYCLE_COLLECTION_TRACE_JS_MEMBER_CALLBACK(mScopeObject)
NS_IMPL_CYCLE_COLLECTION_TRACE_END
p <- holder
TraceCallback aCallback <- TracJSObject
void *aClosure <- arg
https://mxr.mozilla.org/comm-central/source/mozilla/xpcom/glue/nsCycleCollectionParticipant.h#459
459 #define NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN(_class)
\
460 void
\
461 NS_CYCLE_COLLECTION_CLASSNAME(_class)::TraceImpl(void *p,
\
462 TraceCallback aCallback,
\
463 void *aClosure)
\
464 {
\
465 _class *tmp = DowncastCCParticipant<_class >(p);
tmp <- p
p <- holder
TraceCallback aCallback <- TraceJSObject
void *aClosure <- arg
478 #define NS_IMPL_CYCLE_COLLECTION_TRACE_JS_MEMBER_CALLBACK(_field)
\
479 NS_IMPL_CYCLE_COLLECTION_TRACE_JS_CALLBACK(tmp->_field, #_field)
tmp <- p
p <- holder
TraceCallback aCallback <- TraceJSObject
void *aClosure <- arg
_object <- tmp->_field
_name <- #_field (= "mScopeObject")
474 #define NS_IMPL_CYCLE_COLLECTION_TRACE_JS_CALLBACK(_object, _name)
\
475 if (_object)
\
476 aCallback(_object, _name, aClosure);
===> TraceJSObject (tmp (= p) ->_field, "mScopeObject", arg)
==18357== by 0x9E22F30: TraceJSHolder(void*, nsScriptObjectTracer*&, void*)
(XPCJSRuntime.cpp:392)
static PLDHashOperator
TraceJSHolder(void *holder, nsScriptObjectTracer *&tracer, void *arg)
{
392=> tracer->Trace(holder, TraceJSObject, arg);
return PL_DHASH_NEXT;
}
==18357== by 0x9E230A9: nsBaseHashtable<nsPtrHashKey<void>, nsScriptObjectTracer*,
nsScriptObjectTracer*>::s_EnumStub(PLDHashTable*, PLDHashEntryHdr*, unsigned int, void*) (nsBaseHashtable.h:419)
template<class KeyClass,class DataType,class UserDataType>
PLDHashOperator
nsBaseHashtable<KeyClass,DataType,UserDataType>::s_EnumStub
(PLDHashTable *table, PLDHashEntryHdr *hdr, uint32_t number, void* arg)
{
EntryType* ent = static_cast<EntryType*>(hdr);
s_EnumArgs* eargs = (s_EnumArgs*) arg;
419=> return (eargs->func)(ent->GetKey(), ent->mData, eargs->userArg);
}
ent->mData
ent->mData -> _field <=== not allocated ?
==18357== by 0xAD4B05C: PL_DHashTableEnumerate (pldhash.cpp:717)
while (entryAddr < entryLimit) {
entry = (PLDHashEntryHdr *)entryAddr;
if (ENTRY_IS_LIVE(entry)) {
717=> op = etor(table, entry, i++, arg);
if (op & PL_DHASH_REMOVE) {
METER(table->stats.removeEnums++);
PL_DHashTableRawRemove(table, entry);
didRemove = true;
}
==18357== by 0x9E2A5AF: XPCJSRuntime::TraceXPConnectRoots(JSTracer*)
(nsBaseHashtable.h:223)
uint32_t Enumerate(EnumFunction enumFunc, void* userArg)
{
NS_ASSERTION(this->mTable.entrySize,
"nsBaseHashtable was not initialized properly.");
s_EnumArgs enumData = { enumFunc, userArg };
223=> return PL_DHashTableEnumerate(&this->mTable,
s_EnumStub,
&enumData);
}
==18357== by 0x9E2A62F: XPCJSRuntime::TraceGrayJS(JSTracer*, void*)
(XPCJSRuntime.cpp:379)
==18357== by 0xB5668F8: js::gc::BufferGrayRoots(js::GCMarker*)
(RootMarking.cpp:790)
==18357== by 0xB337F52: BeginMarkPhase(JSRuntime*) (jsgc.cpp:2783)
==18357== by 0xB33AB9E: IncrementalCollectSlice(JSRuntime*, long long, JS::gcreason::Reason, js::JSGCInvocationKind)
(jsgc.cpp:4158)
==18357== by 0xB33B5C4: GCCycle(JSRuntime*, bool, long long, js::JSGCInvocationKind, JS::gcreason::Reason)
(jsgc.cpp:4343)
==18357== by 0xB33B903: Collect(JSRuntime*, bool, long long, js::JSGCInvocationKind, JS::gcreason::Reason)
(jsgc.cpp:4468)
==18357== by 0xB33BE0E: js::GCSlice(JSRuntime*, js::JSGCInvocationKind,
JS::gcreason::Reason, long long) (jsgc.cpp:4506)
==18357== by 0xB30F0B3: JS::IncrementalGC(JSRuntime*, JS::gcreason::Reason,
long long) (jsfriendapi.cpp:187)
==18357== by 0x9747CAE: nsJSContext::GarbageCollectNow(JS::gcreason::Reason, nsJSContext::IsIncremental,
nsJSContext::IsCompartment, nsJSContext::IsShrinking, long long) (nsJSEnvironment.cpp:2605)
==18357== by 0x9747DF8: GCTimerFired(nsITimer*, void*)
(nsJSEnvironment.cpp:2904)
==18357== by 0xADC68E2: nsTimerImpl::Fire() (nsTimerImpl.cpp:503)
==18357== by 0xADC6D05: nsTimerEvent::Run() (nsTimerImpl.cpp:586)
==18357== by 0xADBDE46: nsThread::ProcessNextEvent(bool, bool*)
(nsThread.cpp:642)
==18357== by 0xADED8E3: NS_InvokeByIndex_P (in
/TB-NEW/TB-3HG/objdir-tb3/mozilla/toolkit/library/libxul.so)
==18357== by 0x9E5949B: CallMethodHelper::Call() (XPCWrappedNative.cpp:3084)
==18357== by 0x9E59E90: XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode)
(XPCWrappedNative.cpp:2384)
==18357== by 0x9E61318: XPC_WN_CallMethod(JSContext*, unsigned int,
JS::Value*) (XPCWrappedNativeJSOps.cpp:1488)
==18357== by 0xB36D5A1: js::CallJSNative(JSContext*, int (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs
const&) (jscntxtinlines.h:327)
==18357== by 0xB37A942: js::InvokeKernel(JSContext*, JS::CallArgs,
js::MaybeConstruct) (jsinterp.cpp:377)
==18357== by 0xB374C47: js::Interpret(JSContext*, js::StackFrame*,
js::InterpMode) (jsinterp.cpp:2363)
==18357== by 0xB379C7C: js::RunScript(JSContext*, js::StackFrame*)
(jsinterp.cpp:334)
==18357== by 0xB37A85F: js::InvokeKernel(JSContext*, JS::CallArgs,
js::MaybeConstruct) (jsinterp.cpp:391)
==18357== by 0xB37B1C3: js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*,
JS::Value*) (jsinterp.h:131)
==18357== by 0xB3CBA63: js::BaseProxyHandler::call(JSContext*, JSObject*,
unsigned int, JS::Value*) (jsproxy.cpp:271)
==18357== by 0xB46AB37: js::Wrapper::call(JSContext*, JSObject*, unsigned
int, JS::Value*) (jswrapper.cpp:283)
==18357== by 0xB46DBDC: js::CrossCompartmentWrapper::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(jswrapper.cpp:616)
==18357== by 0xB3D17D5: js::Proxy::call(JSContext*, JSObject*, unsigned int,
JS::Value*) (jsproxy.cpp:2457)
==18357== by 0xB3D1850: proxy_Call(JSContext*, unsigned int, JS::Value*)
(jsproxy.cpp:3015)
==18357== by 0xB36D5A1: js::CallJSNative(JSContext*, int (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs
const&) (jscntxtinlines.h:327)
==18357== by 0xB37AA77: js::InvokeKernel(JSContext*, JS::CallArgs,
js::MaybeConstruct) (jsinterp.cpp:370)
==18357== by 0xB374C47: js::Interpret(JSContext*, js::StackFrame*,
js::InterpMode) (jsinterp.cpp:2363)
==18357== by 0xB379C7C: js::RunScript(JSContext*, js::StackFrame*)
(jsinterp.cpp:334)
==18357== by 0xB37A85F: js::InvokeKernel(JSContext*, JS::CallArgs,
js::MaybeConstruct) (jsinterp.cpp:391)
==18357== by 0xB31A1D1: js_fun_apply(JSContext*, unsigned int, JS::Value*)
(jsinterp.h:131)
==18357== by 0xB36D5A1: js::CallJSNative(JSContext*, int (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs
const&) (jscntxtinlines.h:327)
==18357== by 0xB37A942: js::InvokeKernel(JSContext*, JS::CallArgs,
js::MaybeConstruct) (jsinterp.cpp:377)
==18357== by 0xB37B1C3: js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*,
JS::Value*) (jsinterp.h:131)
==18357== by 0xB3CBA63: js::BaseProxyHandler::call(JSContext*, JSObject*,
unsigned int, JS::Value*) (jsproxy.cpp:271)
==18357== by 0xB46AB37: js::Wrapper::call(JSContext*, JSObject*, unsigned
int, JS::Value*) (jswrapper.cpp:283)
==18357== by 0xB46DBDC: js::CrossCompartmentWrapper::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(jswrapper.cpp:616)
==18357== by 0xB3D17D5: js::Proxy::call(JSContext*, JSObject*, unsigned int,
JS::Value*) (jsproxy.cpp:2457)
==18357== by 0xB3D1850: proxy_Call(JSContext*, unsigned int, JS::Value*)
(jsproxy.cpp:3015)
==18357== by 0xB36D5A1: js::CallJSNative(JSContext*, int (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs
const&) (jscntxtinlines.h:327)
==18357== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==18357==
{
<insert_a_suppression_name_here>
Memcheck:Addr4
fun:_ZN2js16GCThingTraceKindEPv
fun:_ZL13TraceJSObjectPvPKcS_
fun:_ZN17nsJSEventListener15cycleCollection9TraceImplEPvPFvS1_PKcS1_ES1_
fun:_ZL13TraceJSHolderPvRP20nsScriptObjectTracerS_
fun:_ZN15nsBaseHashtableI12nsPtrHashKeyIvEP20nsScriptObjectTracerS3_E10s_EnumStubEP12PLDHashTableP15PLDHashEntryHdrjPv
fun:PL_DHashTableEnumerate
fun:_ZN12XPCJSRuntime19TraceXPConnectRootsEP8JSTracer
fun:_ZN12XPCJSRuntime11TraceGrayJSEP8JSTracerPv
fun:_ZN2js2gc15BufferGrayRootsEPNS_8GCMarkerE
fun:_ZL14BeginMarkPhaseP9JSRuntime
fun:_ZL23IncrementalCollectSliceP9JSRuntimexN2JS8gcreason6ReasonEN2js18JSGCInvocationKindE
fun:_ZL7GCCycleP9JSRuntimebxN2js18JSGCInvocationKindEN2JS8gcreason6ReasonE
fun:_ZL7CollectP9JSRuntimebxN2js18JSGCInvocationKindEN2JS8gcreason6ReasonE
fun:_ZN2js7GCSliceEP9JSRuntimeNS_18JSGCInvocationKindEN2JS8gcreason6ReasonEx
fun:_ZN2JS13IncrementalGCEP9JSRuntimeNS_8gcreason6ReasonEx
fun:_ZN11nsJSContext17GarbageCollectNowEN2JS8gcreason6ReasonENS_13IsIncrementalENS_13IsCompartmentENS_11IsShrinkingEx
fun:_Z12GCTimerFiredP8nsITimerPv
fun:_ZN11nsTimerImpl4FireEv
fun:_ZN12nsTimerEvent3RunEv
fun:_ZN8nsThread16ProcessNextEventEbPb
fun:NS_InvokeByIndex_P
fun:_ZN16CallMethodHelper4CallEv
fun:_ZN16XPCWrappedNative10CallMethodER14XPCCallContextNS_8CallModeE
fun:_Z17XPC_WN_CallMethodP9JSContextjPN2JS5ValueE
}
Program
/home/ishikawa/TB-NEW/TB-3HG/objdir-tb3/mozilla/dist/bin/thunderbird-bin (pid =
18357) received signal 11.
[COMMENT: Below is the stack trace dumpbed by TB itself.
It was converted into using symbolic values by
${MOZ_SRCDIR}/mozilla/tools/rb/fix-linux-stack.pl ]
Stack:
__restore_rt (sigaction.c:0)
TraceJSObject
(/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/XPCJSRuntime.cpp:385)
[Comment: This TraceJSObject calls GCThingTraceKind()
(this isinlined), and in there there is a check
using JS_ASSERT() and TB bombed out.]
static void
TraceJSObject(void *aScriptThing, const char *name, void *aClosure)
{
385=> JS_CALL_TRACER(static_cast<JSTracer*>(aClosure), aScriptThing,
js::GCThingTraceKind(aScriptThing), name);
}
nsJSEventListener::cycleCollection::TraceImpl(void*, void (*)(void*, char const*, void*), void*)
(/TB-NEW/TB-3HG/new-src/mozilla/dom/src/events/nsJSEventListener.cpp:107)
NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN(nsJSEventListener)
==> NS_IMPL_CYCLE_COLLECTION_TRACE_JS_MEMBER_CALLBACK(mScopeObject)
NS_IMPL_CYCLE_COLLECTION_TRACE_END
TraceJSHolder
(/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/XPCJSRuntime.cpp:395)
static PLDHashOperator
TraceJSHolder(void *holder, nsScriptObjectTracer *&tracer, void *arg)
{
tracer->Trace(holder, TraceJSObject, arg);
return PL_DHASH_NEXT;
}
nsBaseHashtable<nsPtrHashKey<void>, nsScriptObjectTracer*, nsScriptObjectTracer*>::s_EnumStub(PLDHashTable*,
PLDHashEntryHdr*, unsigned int, void*)
(/TB-NEW/TB-3HG/objdir-tb3/mozilla/js/xpconnect/src/../../../dist/include/nsBaseHashtable.h:420)
PL_DHashTableEnumerate
(/TB-NEW/TB-3HG/objdir-tb3/mozilla/xpcom/build/pldhash.cpp:717)
~XPCAutoLock (/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/xpcprivate.h:377)
XPCJSRuntime::TraceGrayJS(JSTracer*, void*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/XPCJSRuntime.cpp:380)
js::gc::BufferGrayRoots(js::GCMarker*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/gc/RootMarking.cpp:791)
BeginMarkPhase (/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsgc.cpp:2816)
IncrementalCollectSlice (/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsgc.cpp:4158)
GCCycle (/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsgc.cpp:4344)
Collect (/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsgc.cpp:4470)
js::GCSlice(JSRuntime*, js::JSGCInvocationKind, JS::gcreason::Reason, long long)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsgc.cpp:4507)
JS::IncrementalGC(JSRuntime*, JS::gcreason::Reason, long long)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsfriendapi.cpp:188)
nsJSContext::GarbageCollectNow(JS::gcreason::Reason, nsJSContext::IsIncremental, nsJSContext::IsCompartment,
nsJSContext::IsShrinking, long long) (/TB-NEW/TB-3HG/new-src/mozilla/dom/base/nsJSEnvironment.cpp:2605)
GCTimerFired(nsITimer*, void*)
(/TB-NEW/TB-3HG/new-src/mozilla/dom/base/nsJSEnvironment.cpp:2905)
nsTimerImpl::Fire()
(/TB-NEW/TB-3HG/new-src/mozilla/xpcom/threads/nsTimerImpl.cpp:504)
nsTimerEvent::Run()
(/TB-NEW/TB-3HG/new-src/mozilla/xpcom/threads/nsTimerImpl.cpp:586)
nsThread::ProcessNextEvent(bool, bool*)
(/TB-NEW/TB-3HG/new-src/mozilla/xpcom/threads/nsThread.cpp:625)
NS_InvokeByIndex_P (/TB-NEW/TB-3HG/objdir-tb3/mozilla/dist/bin/libxul.so)
CallMethodHelper::Invoke()
(/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:3084)
XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode)
(/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:2384)
XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1488)
js::CallJSNative(JSContext*, int (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jscntxtinlines.h:327)
js::InvokeKernel(JSContext*, JS::CallArgs, js::MaybeConstruct)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:377)
js::Interpret(JSContext*, js::StackFrame*, js::InterpMode)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:2363)
js::RunScript(JSContext*, js::StackFrame*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:334)
js::InvokeKernel(JSContext*, JS::CallArgs, js::MaybeConstruct)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:391)
js::CallArgsList::setInactive()
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/vm/Stack.h:187)
js::BaseProxyHandler::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsproxy.cpp:272)
js::Wrapper::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jswrapper.cpp:284)
js::CrossCompartmentWrapper::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jswrapper.cpp:616)
js::Proxy::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsproxy.cpp:2458)
proxy_Call (/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsproxy.cpp:3015)
js::CallJSNative(JSContext*, int (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jscntxtinlines.h:327)
js::InvokeKernel(JSContext*, JS::CallArgs, js::MaybeConstruct)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:370)
js::Interpret(JSContext*, js::StackFrame*, js::InterpMode)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:2363)
js::RunScript(JSContext*, js::StackFrame*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:334)
js::InvokeKernel(JSContext*, JS::CallArgs, js::MaybeConstruct)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:391)
js::CallArgsList::setInactive()
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/vm/Stack.h:187)
js::CallJSNative(JSContext*, int (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jscntxtinlines.h:327)
js::InvokeKernel(JSContext*, JS::CallArgs, js::MaybeConstruct)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:377)
js::CallArgsList::setInactive()
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/vm/Stack.h:187)
js::BaseProxyHandler::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsproxy.cpp:272)
js::Wrapper::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jswrapper.cpp:284)
js::CrossCompartmentWrapper::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jswrapper.cpp:616)
js::Proxy::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsproxy.cpp:2458)
proxy_Call (/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsproxy.cpp:3015)
js::CallJSNative(JSContext*, int (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jscntxtinlines.h:327)
js::InvokeKernel(JSContext*, JS::CallArgs, js::MaybeConstruct)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:370)
js::Interpret(JSContext*, js::StackFrame*, js::InterpMode)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:2363)
js::RunScript(JSContext*, js::StackFrame*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:334)
js::InvokeKernel(JSContext*, JS::CallArgs, js::MaybeConstruct)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:391)
js::CallArgsList::setInactive()
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/vm/Stack.h:187)
js::BaseProxyHandler::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsproxy.cpp:272)
js::Wrapper::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jswrapper.cpp:284)
js::CrossCompartmentWrapper::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jswrapper.cpp:616)
js::Proxy::call(JSContext*, JSObject*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsproxy.cpp:2458)
proxy_Call (/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsproxy.cpp:3015)
js::CallJSNative(JSContext*, int (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jscntxtinlines.h:327)
js::InvokeKernel(JSContext*, JS::CallArgs, js::MaybeConstruct)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:370)
js::Interpret(JSContext*, js::StackFrame*, js::InterpMode)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:2363)
js::RunScript(JSContext*, js::StackFrame*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:334)
js::ExecuteKernel(JSContext*, JS::Handle<JSScript*>, JSObject&, JS::Value const&, js::ExecuteType, js::AbstractFramePtr,
JS::Value*) (/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:522)
~GuardObjectNotificationReceiver
(/TB-NEW/TB-3HG/objdir-tb3/mozilla/js/src/./../../dist/include/mozilla/GuardObjects.h:100)
JS::Evaluate(JSContext*, JS::Handle<JSObject*>, JS::CompileOptions, unsigned short const*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsapi.cpp:5542)
xpc_EvalInSandbox(JSContext*, JSObject*, nsAString_internal const&, char const*, int, JSVersion, bool, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/XPCComponents.cpp:3930)
nsXPCComponents_Utils::EvalInSandbox(nsAString_internal const&, JS::Value const&, JS::Value const&, JS::Value const&,
int, JSContext*, unsigned char, JS::Value*) (/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/XPCComponents.cpp:3858)
NS_InvokeByIndex_P (/TB-NEW/TB-3HG/objdir-tb3/mozilla/dist/bin/libxul.so)
CallMethodHelper::Invoke()
(/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:3084)
XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode)
(/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/XPCWrappedNative.cpp:2384)
XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1488)
js::CallJSNative(JSContext*, int (*)(JSContext*, unsigned int, JS::Value*), JS::CallArgs const&)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jscntxtinlines.h:327)
js::InvokeKernel(JSContext*, JS::CallArgs, js::MaybeConstruct)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:377)
js::Interpret(JSContext*, js::StackFrame*, js::InterpMode)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:2363)
js::RunScript(JSContext*, js::StackFrame*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:334)
js::InvokeKernel(JSContext*, JS::CallArgs, js::MaybeConstruct)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsinterp.cpp:391)
js::CallArgsList::setInactive()
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/vm/Stack.h:187)
JS_CallFunctionValue(JSContext*, JSObject*, JS::Value, unsigned int, JS::Value*, JS::Value*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/src/jsapi.cpp:5723)
nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS*, unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/XPCWrappedJSClass.cpp:1432)
nsXPCWrappedJS::CallMethod(unsigned short, XPTMethodDescriptor const*, nsXPTCMiniVariant*)
(/TB-NEW/TB-3HG/new-src/mozilla/js/xpconnect/src/XPCWrappedJS.cpp:579)
PrepareAndDispatch
(/TB-NEW/TB-3HG/new-src/mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_gcc_x86_unix.cpp:60)
nsInputStreamPump::OnStateTransfer()
(/TB-NEW/TB-3HG/new-src/mozilla/netwerk/base/src/nsInputStreamPump.cpp:484)
nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*)
(/TB-NEW/TB-3HG/new-src/mozilla/netwerk/base/src/nsInputStreamPump.cpp:373)
nsCOMPtr<nsIInputStreamCallback>::operator=(nsIInputStreamCallback*)
(/TB-NEW/TB-3HG/objdir-tb3/mozilla/xpcom/io/../../dist/include/nsCOMPtr.h:624)
nsThread::ProcessNextEvent(bool, bool*)
(/TB-NEW/TB-3HG/new-src/mozilla/xpcom/threads/nsThread.cpp:625)
NS_ProcessNextEvent_P(nsIThread*, bool)
(/TB-NEW/TB-3HG/objdir-tb3/mozilla/xpcom/build/nsThreadUtils.cpp:238)
mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)
(/TB-NEW/TB-3HG/new-src/mozilla/ipc/glue/MessagePump.cpp:82)
MessageLoop::RunInternal()
(/TB-NEW/TB-3HG/new-src/mozilla/ipc/chromium/src/base/message_loop.cc:216)
MessageLoop::RunHandler()
(/TB-NEW/TB-3HG/new-src/mozilla/ipc/chromium/src/base/message_loop.cc:209)
MessageLoop::Run()
(/TB-NEW/TB-3HG/new-src/mozilla/ipc/chromium/src/base/message_loop.cc:182)
nsBaseAppShell::Run()
(/TB-NEW/TB-3HG/new-src/mozilla/widget/xpwidgets/nsBaseAppShell.cpp:165)
nsAppStartup::Run()
(/TB-NEW/TB-3HG/new-src/mozilla/toolkit/components/startup/nsAppStartup.cpp:289)
XREMain::XRE_mainRun()
(/TB-NEW/TB-3HG/new-src/mozilla/toolkit/xre/nsAppRunner.cpp:3826)
XREMain::XRE_main(int, char**, nsXREAppData const*)
(/TB-NEW/TB-3HG/new-src/mozilla/toolkit/xre/nsAppRunner.cpp:3893)
XRE_main (/TB-NEW/TB-3HG/new-src/mozilla/toolkit/xre/nsAppRunner.cpp:4096)
do_main (/TB-NEW/TB-3HG/new-src/mail/app/nsMailApp.cpp:111)
__libc_start_main
(/build/buildd-eglibc_2.13-37-i386-XPf1lI/eglibc-2.13/csu/libc-start.c:260)
Sleeping for 300 seconds.
Type 'gdb /home/ishikawa/TB-NEW/TB-3HG/objdir-tb3/mozilla/dist/bin/thunderbird-bin 18357' to attach your debugger to
this thread.
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
Done sleeping...
==18357==
==18357== HEAP SUMMARY:
==18357== in use at exit: 38,919,537 bytes in 217,253 blocks
==18357== total heap usage: 1,102,802 allocs, 885,549 frees, 485,639,819
bytes allocated
==18357==
==18357== 64 bytes in 1 blocks are definitely lost in loss record 28,534 of
49,721
==18357== at 0x40273B8: malloc (vg_replace_malloc.c:270)
==18357== by 0x40126CA: dl_open_worker (dl-open.c:457)
==18357== by 0x400DDE5: _dl_catch_error (dl-error.c:178)
==18357== by 0x4011B05: _dl_open (dl-open.c:633)
==18357== by 0x4068C2A: dlopen_doit (dlopen.c:67)
==18357== by 0x400DDE5: _dl_catch_error (dl-error.c:178)
==18357== by 0x40690BB: _dlerror_run (dlerror.c:164)
==18357== by 0x4068B60: dlopen@@GLIBC_2.1 (dlopen.c:88)
==18357== by 0x471309C: pr_LoadLibraryByPathname (prlink.c:803)
==18357== by 0x47135E1: PR_LoadLibraryWithFlags (prlink.c:418)
==18357== by 0xADBAB46:
nsNativeModuleLoader::LoadModule(mozilla::FileLocation&)
(nsNativeComponentLoader.cpp:147)
==18357== by 0xADB36F5:
nsComponentManagerImpl::ManifestBinaryComponent(nsComponentManagerImpl::ManifestProcessingContext&, int, char* const*)
(nsComponentManager.cpp:542)
==18357== by 0xADB9A5E: ParseManifest(NSLocationType,
mozilla::FileLocation&, char*, bool) (ManifestParser.cpp:646)
==18357== by 0xADAF564: nsComponentManagerImpl::RegisterManifest(NSLocationType, mozilla::FileLocation&, bool)
(nsComponentManager.cpp:505)
==18357== by 0xADAF6D2: nsComponentManagerImpl::ManifestManifest(nsComponentManagerImpl::ManifestProcessingContext&,
int, char* const*) (nsComponentManager.cpp:518)
==18357== by 0xADB9A5E: ParseManifest(NSLocationType,
mozilla::FileLocation&, char*, bool) (ManifestParser.cpp:646)
==18357== by 0xADAF564: nsComponentManagerImpl::RegisterManifest(NSLocationType, mozilla::FileLocation&, bool)
(nsComponentManager.cpp:505)
==18357== by 0xADAF665: nsComponentManagerImpl::RereadChromeManifests(bool)
(nsComponentManager.cpp:673)
==18357== by 0xADB51E4: nsComponentManagerImpl::Init()
(nsComponentManager.cpp:364)
==18357== by 0xAD51F0A: NS_InitXPCOM2_P (nsXPComInit.cpp:446)
==18357== by 0x8B1CE2E: ScopedXPCOMStartup::Initialize()
(nsAppRunner.cpp:1186)
==18357== by 0x8B28E44: XREMain::XRE_main(int, char**, nsXREAppData const*)
(nsAppRunner.cpp:3889)
==18357== by 0x8B29232: XRE_main (nsAppRunner.cpp:4096)
==18357== by 0x8049AC0: main (nsMailApp.cpp:111)
==18357==
{
<insert_a_suppression_name_here>
Memcheck:Leak
match-leak-kinds: definite
fun:malloc
fun:dl_open_worker
fun:_dl_catch_error
fun:_dl_open
fun:dlopen_doit
fun:_dl_catch_error
fun:_dlerror_run
fun:dlopen@@GLIBC_2.1
fun:pr_LoadLibraryByPathname
fun:PR_LoadLibraryWithFlags
fun:_ZN20nsNativeModuleLoader10LoadModuleERN7mozilla12FileLocationE
fun:_ZN22nsComponentManagerImpl23ManifestBinaryComponentERNS_25ManifestProcessingContextEiPKPc
fun:_Z13ParseManifest14NSLocationTypeRN7mozilla12FileLocationEPcb
fun:_ZN22nsComponentManagerImpl16RegisterManifestE14NSLocationTypeRN7mozilla12FileLocationEb
fun:_ZN22nsComponentManagerImpl16ManifestManifestERNS_25ManifestProcessingContextEiPKPc
fun:_Z13ParseManifest14NSLocationTypeRN7mozilla12FileLocationEPcb
fun:_ZN22nsComponentManagerImpl16RegisterManifestE14NSLocationTypeRN7mozilla12FileLocationEb
fun:_ZN22nsComponentManagerImpl21RereadChromeManifestsEb
fun:_ZN22nsComponentManagerImpl4InitEv
fun:NS_InitXPCOM2_P
fun:_ZN18ScopedXPCOMStartup10InitializeEv
fun:_ZN7XREMain8XRE_mainEiPPcPK12nsXREAppData
fun:XRE_main
fun:main
}
==18357== 69 bytes in 1 blocks are definitely lost in loss record 28,973 of
49,721
ishikawa@debian-vm:~/bin/TAMAGO-DIR$
TIA
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
