Closed Bug 224644 Opened 21 years ago Closed 21 years ago

crash (pressing backspace) [@ nsTypeAheadFind::BackOneChar]

Categories

(Core :: Disability Access APIs, defect)

Product:
Core
Component:
Disability Access APIs
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

look before leaping
886 bytes, patch
caillon
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review 
My guess is that
      mFocusedDocSelection->GetRangeAt(0, getter_AddRefs(mStartFindRange));
crashed (null mFocusedDocSelection). Based on what I was doing at the time
(going back pages), it doesn't seem very unreasonable

nsTypeAheadFind::BackOneChar
[c:/builds/seamonkey/mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp,
line 778]
XPTC_InvokeByIndex
[c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp,
line 102]
XPCWrappedNative::CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2019]
XPC_WN_CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp,
line 1270]
js_Invoke
[c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 914]
js_Interpret
[c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 2934]
js_Invoke
[c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 930]
js_InternalInvoke
[c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 1007]
JS_CallFunctionValue
[c:/builds/seamonkey/mozilla/js/src/jsapi.c, line 3573]
nsJSContext::CallEventHandler
[c:/builds/seamonkey/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1222]
nsJSEventListener::HandleEvent
[c:/builds/seamonkey/mozilla/dom/src/events/nsJSEventListener.cpp, line 182]
nsXBLPrototypeHandler::ExecuteHandler
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp, line 462]
nsXBLWindowHandler::WalkHandlersInternal
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLWindowHandler.cpp, line 312]
nsXBLWindowKeyHandler::WalkHandlers
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLWindowKeyHandler.cpp, line 162]
nsXBLWindowKeyHandler::KeyPress
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLWindowKeyHandler.cpp, line 178]
DispatchToInterface
[c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp, line
129]
nsEventListenerManager::HandleEvent
[c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp, line
1512]
nsXULDocument::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/document/src/nsXULDocument.cpp, line 1267]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp, line 3195]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp, line 3187]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp, line 3187]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp, line 3187]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp, line 3187]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp, line 3187]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp, line 3187]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp, line 3187]
nsXULElement::HandleChromeEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp, line 4305]
GlobalWindowImpl::HandleDOMEvent
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp, line 868]
nsDocument::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsDocument.cpp, line 3557]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp, line 1996]
PresShell::HandleEventInternal
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp, line 6211]
PresShell::HandleEvent
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp, line 6111]
nsViewManager::HandleEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp, line 2253]
nsView::HandleEvent
[c:/builds/seamonkey/mozilla/view/src/nsView.cpp, line 298]
nsViewManager::DispatchEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp, line 2042]
HandleEvent
[c:/builds/seamonkey/mozilla/view/src/nsView.cpp, line 79]
nsWindow::DispatchEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 1054]
nsWindow::DispatchWindowEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 1071]
nsWindow::DispatchKeyEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 2923]
nsWindow::OnChar
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 3109]
nsWindow::ProcessMessage
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 3819]
nsWindow::WindowProc
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 1334]
USER32.dll + 0x3eb0 (0x77e13eb0)
USER32.dll + 0x401a (0x77e1401a)
USER32.dll + 0x3f0f (0x77e13f0f)
nsAppShellService::Run
[c:/builds/seamonkey/mozilla/xpfe/appshell/src/nsAppShellService.cpp, line 484]
main1
[c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1302]
main
[c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1682]
WinMain
[c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1704]
WinMainCRTStartup()
KERNEL32.DLL + 0x7903 (0x77e87903)

    
  

        Attachment #134812 -
        Flags: superreview?(darin)

        Attachment #134812 -
        Flags: review?(caillon)

    
    

    
  
is this patch wallpaper or is it a real fix?  can you explain?  also, any idea
what steps to reproduce?  i'm really happy to hear that this crash may be
finally explained.  will review later tonight or tomorrow...

    
    

    
  
Comment on attachment 134812 [details] [diff] [review]
look before leaping

please add a NS_ERROR or NS_NOTREACHED since we think the author didn't intend
this situation to be possible.

        Attachment #134812 -
        Flags: superreview?(darin) → superreview+

    
    

    
  
the way i use mozilla, i load pages and press backspace a lot to go back pages.
i believe that i managed to trigger a backspace which was caught and processed
by typeahead after the page it was monitoring had gone away.

i'm fairly certain that i've caught the cause, unfortunately i crashed in a
release build, it's still in my debugger, but i'm not sure i can really get
anything useful from it (e.g. a js stack trace, which is really the only thing
anyone would want when they see a trace like this).

darin was nice enough to check for the js caller (such an obvious thing to do,
why didn't i think of that?), there's only one...

BrowserHandleBackspace() => typeAhead.backOneChar()

Based on the caller, we definitely want to return false, so my code is right
from a what should happen perspective. I'll add an NS_ERROR so someone else can
consider the nullness of this field.
Status: NEW → ASSIGNED

        Attachment #134812 -
        Flags: review?(caillon) → review+

    
    

    
  
checked in without the error because the code gets hit more often than just for
the crash case.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Crash Signature: [@ nsTypeAheadFind::BackOneChar]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: