Closed Bug 49693 Opened 24 years ago Closed 24 years ago

Crash when using ".." button in file picker

Categories

(Core :: XUL, defect, P2)

x86
Linux
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: jwbaker, Assigned: bryner)

References

Details

(Keywords: crash, smoketest, Whiteboard: [dogfood-] [nsbeta3+])

Linux build 2000-08-21-06 crashes when using the XP File Picker.  The crash
seems related to the directories used, but is pretty easy to reproduce:

1) Start Mozilla
2) Click File->Open File
3) Drill down two directory levels
4) Change the filter from "HTML Files" to "All".
5) Click ".."

Mozilla crashes.  I can get this reliably by drilling down to .ddd/sessions in
my home directory.  There are also other ways to crash in the same place:

3) Drill down two directories
4) Go back up to home directory
5) Drill down one directory
6) Go back up.

Same crash, this time without changing the display filter.  I can repeat this
reliably with .dosemu/tmp, ../.., .cddb, ..

Here is the stack trace, edited for sanity:

#0  PR_GetCurrentThread () at ptthread.c:594
#1  0x40124957 in NS_CheckThreadSafe (owningThread=0x8068b68, msg=0x40884589
"nsXULElement not thread-safe") at nsDebug.cpp:487
#2  0x407c5aa4 in nsXULElement::AddRef (this=0x8979230) at nsXULElement.cpp:526
#3  0x407c6410 in nsXULElement::QueryInterface (this=0x8979230, iid=@0x41ad7970,
result=0xbfe02124) at nsXULElement.cpp:621
#4  0x40126b06 in nsQueryInterface::operator() (this=0xbfe02160,
aIID=@0x41ad7970, answer=0xbfe02124) at nsCOMPtr.cpp:32
#5  0x4196ec48 in nsCOMPtr<nsIContent>::assign_from_helper (this=0xbfe0216c,
helper=@0xbfe02160, aIID=@0x41ad7970) at ../../../dist/include/nsCOMPtr.h:856
#6  0x41970379 in nsCOMPtr<nsIContent>::nsCOMPtr (this=0xbfe0216c,
helper=@0xbfe02160) at ../../../dist/include/nsCOMPtr.h:564
#7  0x4197774a in nsCOMPtr<nsIContent>::Assert_NoQueryNeeded (this=0xbfe02260)
at ../../../dist/include/nsCOMPtr.h:499
#8  0x41976a3c in nsGetterAddRefs<nsIContent>::~nsGetterAddRefs
(this=0xbfe0225c, __in_chrg=2) at ../../../dist/include/nsCOMPtr.h:907
#9  0x418b52a6 in nsBoxFrame::GetInsertionPoint (aShell=0x87d8668,
aParent=0x8a4e858, aChild=0x8a4e8f8, aResult=0xbfe02304) at nsBoxFrame.cpp:1743
#10 0x418b5613 in nsBoxFrame::GetInsertionPoint (aShell=0x87d8668,
aParent=0x8a4e858, aChild=0x8a4e8f8, aResult=0xbfe023e4) at nsBoxFrame.cpp:1768
#11 0x418b5613 in nsBoxFrame::GetInsertionPoint (aShell=0x87d8668,
aParent=0x8a4e858, aChild=0x8a4e8f8, aResult=0xbfe024c4) at nsBoxFrame.cpp:1768

#9220 0x418b5613 in nsBoxFrame::GetInsertionPoint (aShell=0x87d8668,
aParent=0x8a4e858, aChild=0x8a4e8f8, aResult=0xbfff9ea4) at nsBoxFrame.cpp:1768
#9221 0x418b5613 in nsBoxFrame::GetInsertionPoint (aShell=0x87d8668,
aParent=0x8a4e858, aChild=0x8a4e8f8, aResult=0xbfff9f2c) at nsBoxFrame.cpp:1768
#9222 0x418b3379 in nsBoxFrame::RemoveFrame (this=0x8a4e858,
aPresContext=0x894ed70, aPresShell=@0x87d8668, aListName=0x0,
aOldFrame=0x8a4e8f8) at nsBoxFrame.cpp:1002
#9223 0x4163d735 in FrameManager::RemoveFrame (this=0x87838e0,
aPresContext=0x894ed70, aPresShell=@0x87d8668, aParentFrame=0x8a4e858,
aListName=0x0, aOldFrame=0x8a4e8f8) at nsFrameManager.cpp:706
#9224 0x417edff5 in nsCSSFrameConstructor::ContentRemoved (this=0x874de70,
aPresContext=0x894ed70, aContainer=0x8979230, aChild=0x89e5090,
aIndexInContainer=0) at nsCSSFrameConstructor.cpp:9259
#9225 0x4196024d in StyleSetImpl::ContentRemoved (this=0x8730b00,
aPresContext=0x894ed70, aContainer=0x8979230, aChild=0x89e5090,
aIndexInContainer=0) at nsStyleSet.cpp:1165
#9226 0x41670331 in PresShell::ContentRemoved (this=0x87d8668,
aDocument=0x8a1ba18, aContainer=0x8979230, aChild=0x89e5090,
aIndexInContainer=0) at nsPresShell.cpp:3473
#9227 0x407e7a04 in nsXULDocument::ContentRemoved (this=0x8a1ba18,
aContainer=0x8979230, aChild=0x89e5090, aIndexInContainer=0) at
nsXULDocument.cpp:1779
#9228 0x407cddbe in nsXULElement::RemoveChildAt (this=0x8979230, aIndex=0,
aNotify=1) at nsXULElement.cpp:2547
#9229 0x407c7f59 in nsXULElement::RemoveChild (this=0x8979230,
aOldChild=0x89e509c, aReturn=0xbfffa5c8) at nsXULElement.cpp:1046
#9230 0x4083317d in nsXULTreeElement::RemoveChild (this=0x87b53a8,
aOldChild=0x89e509c, aReturn=0xbfffa5c8) at nsXULTreeElement.h:51
#9231 0x4054571b in NodeRemoveChild (cx=0x8a0f640, obj=0x87eefa0, argc=1,
argv=0x88dc878, rval=0xbfffa67c) at nsJSNode.cpp:522
#9232 0x401d66c2 in js_Invoke (cx=0x8a0f640, argc=1, flags=0) at jsinterp.c:716
#9233 0x401e7877 in js_Interpret (cx=0x8a0f640, result=0xbfffb048) at
jsinterp.c:2517
#9234 0x401d671f in js_Invoke (cx=0x8a0f640, argc=1, flags=2) at jsinterp.c:732
#9235 0x401d6a74 in js_InternalInvoke (cx=0x8a0f640, obj=0x875d360,
fval=142978120, flags=0, argc=1, argv=0xbfffb2f4, rval=0xbfffb1c4) at jsinterp.c:805
#9236 0x401a8f43 in JS_CallFunctionValue (cx=0x8a0f640, obj=0x875d360,
fval=142978120, argc=1, argv=0xbfffb2f4, rval=0xbfffb1c4) at jsapi.c:2817
#9237 0x404ff849 in nsJSContext::CallEventHandler (this=0x883a9d0,
aTarget=0x875d360, aHandler=0x885ac48, argc=1, argv=0xbfffb2f4,
aBoolResult=0xbfffb244, aReverseReturnResult=0) at nsJSEnvironment.cpp:846
#9238 0x4054aeac in nsJSEventListener::HandleEvent (this=0x8af8f80,
aEvent=0x8ab326c) at nsJSEventListener.cpp:154
#9239 0x416055ab in nsEventListenerManager::HandleEventSubType (this=0x8b723a8,
aListenerStruct=0x8ae2508, aDOMEvent=0x8ab326c, aCurrentTarget=0x884fe50,
aSubType=4, aPhaseFlags=7) at nsEventListenerManager.cpp:788
#9240 0x41605d85 in nsEventListenerManager::HandleEvent (this=0x8b723a8,
aPresContext=0x894ed70, aEvent=0xbfffba6c, aDOMEvent=0xbfffb91c,
aCurrentTarget=0x884fe50, aFlags=7, aEventStatus=0xbfffbed8) at
nsEventListenerManager.cpp:931
#9241 0x407d139a in nsXULElement::HandleDOMEvent (this=0x884fe40,
aPresContext=0x894ed70, aEvent=0xbfffba6c, aDOMEvent=0xbfffb91c, aFlags=1,
aEventStatus=0xbfffbed8) at nsXULElement.cpp:3297
#9242 0x416718c1 in PresShell::HandleEventInternal (this=0x87d8668,
aEvent=0xbfffba6c, aView=0x0, aStatus=0xbfffbed8) at nsPresShell.cpp:4023
#9243 0x4167179c in PresShell::HandleEventWithTarget (this=0x87d8668,
aEvent=0xbfffba6c, aFrame=0x8a4e4ec, aContent=0x884fe40, aStatus=0xbfffbed8) at
nsPresShell.cpp:4004
#9244 0x41610c07 in nsEventStateManager::CheckForAndDispatchClick
(this=0x8854170, aPresContext=0x894ed70, aEvent=0xbfffbfdc, aStatus=0xbfffbed8)
at nsEventStateManager.cpp:1816
#9245 0x4160e0c8 in nsEventStateManager::PostHandleEvent (this=0x8854170,
aPresContext=0x894ed70, aEvent=0xbfffbfdc, aTargetFrame=0x8a4e4ec,
aStatus=0xbfffbed8, aView=0x8800db0) at nsEventStateManager.cpp:897
#9246 0x41671a28 in PresShell::HandleEventInternal (this=0x87d8668,
aEvent=0xbfffbfdc, aView=0x8800db0, aStatus=0xbfffbed8) at nsPresShell.cpp:4043
#9247 0x41671510 in PresShell::HandleEvent (this=0x87d8668, aView=0x8800db0,
aEvent=0xbfffbfdc, aEventStatus=0xbfffbed8, aForceHandle=1,
aHandled=@0xbfffbe7c) at nsPresShell.cpp:3958
#9248 0x41c074eb in nsView::HandleEvent (this=0x8800db0, event=0xbfffbfdc,
aEventFlags=28, aStatus=0xbfffbed8, aForceHandle=1, aHandled=@0xbfffbe7c) at
nsView.cpp:774
#9249 0x41c12235 in nsViewManager2::DispatchEvent (this=0x880c680,
aEvent=0xbfffbfdc, aStatus=0xbfffbed8) at nsViewManager2.cpp:1410
#9250 0x41c04ef4 in HandleEvent (aEvent=0xbfffbfdc) at nsView.cpp:68
#9251 0x4095281c in nsWidget::DispatchEvent (this=0x87f5158, aEvent=0xbfffbfdc,
aStatus=@0xbfffbf74) at nsWidget.cpp:1476
#9252 0x40952458 in nsWidget::DispatchWindowEvent (this=0x87f5158,
event=0xbfffbfdc) at nsWidget.cpp:1367
#9253 0x409528d4 in nsWidget::DispatchMouseEvent (this=0x87f5158,
aEvent=@0xbfffbfdc) at nsWidget.cpp:1503
#9254 0x40954235 in nsWidget::OnButtonReleaseSignal (this=0x87f5158,
aGdkButtonEvent=0x8205280) at nsWidget.cpp:2265
#9255 0x4095afa4 in nsWindow::HandleGDKEvent (this=0x87f5158, event=0x8205280)
at nsWindow.cpp:1354
#9256 0x4094a429 in dispatch_superwin_event (event=0x8205280, window=0x87f5158)
at nsGtkEventHandler.cpp:942
#9257 0x4094a0c7 in handle_gdk_event (event=0x8205280, data=0x0) at
nsGtkEventHandler.cpp:802
#9258 0x40acea36 in gdk_event_dispatch (source_data=0x0,
current_time=0xbfffc214, user_data=0x0) at gdkevents.c:2129
#9259 0x40afb717 in g_main_dispatch (dispatch_time=0xbfffc214) at gmain.c:656
#9260 0x40afbcdb in g_main_iterate (block=1, dispatch=1) at gmain.c:877
#9261 0x40afbd7f in g_main_iteration (block=1) at gmain.c:907
#9262 0x40940c53 in nsAppShell::DispatchNativeEvent (this=0x899f228,
aRealEvent=0, aEvent=0x0) at nsAppShell.cpp:372
#9263 0x4068caca in nsXULWindow::ShowModal (this=0x89b8440) at nsXULWindow.cpp:234
#9264 0x40697ac2 in nsWebShellWindow::ShowModal (this=0x89b8440) at
nsWebShellWindow.cpp:1100
#9265 0x406886c5 in nsChromeTreeOwner::ShowModal (this=0x8819ed0) at
nsChromeTreeOwner.cpp:181
#9266 0x4051ac4a in GlobalWindowImpl::OpenInternal (this=0x80c5968,
cx=0x80c5a78, argv=0x875a8ac, argc=4, aDialog=1, aReturn=0xbfffc888) at
nsGlobalWindow.cpp:2966
#9267 0x40513e4d in GlobalWindowImpl::OpenDialog (this=0x80c5968, cx=0x80c5a78,
argv=0x875a8ac, argc=4, aReturn=0xbfffc888) at nsGlobalWindow.cpp:1812
#9268 0x40506152 in WindowOpenDialog (cx=0x80c5a78, obj=0x815b5c8, argc=4,
argv=0x875a8ac, rval=0xbfffc93c) at nsJSWindow.cpp:2377
#9269 0x401d66c2 in js_Invoke (cx=0x80c5a78, argc=4, flags=0) at jsinterp.c:716
#9270 0x401e7877 in js_Interpret (cx=0x80c5a78, result=0xbfffd308) at
jsinterp.c:2517
#9271 0x401d671f in js_Invoke (cx=0x80c5a78, argc=0, flags=2) at jsinterp.c:732
#9272 0x40c576eb in nsXPCWrappedJSClass::CallMethod (this=0x87488a0,
wrapper=0x8b4cf38, methodIndex=12, info=0x874b484, nativeParams=0xbfffd780) at
xpcwrappedjsclass.cpp:741
#9273 0x40c555a7 in nsXPCWrappedJS::CallMethod (this=0x8b4cf38, methodIndex=12,
info=0x874b484, params=0xbfffd780) at xpcwrappedjs.cpp:318
#9274 0x40137669 in PrepareAndDispatch (self=0x8b4cf38, methodIndex=12,
args=0xbfffd838) at xptcstubs_unixish_x86.cpp:80
#9275 0x40137a12 in nsXPTCStubBase::Stub12 (this=0x8b4cf38) at
../../../../../../dist/include/xptcstubsdef.inc:14
#9276 0x4013710d in XPTC_InvokeByIndex (that=0x8b4cf38, methodIndex=12,
paramCount=1, params=0xbfffd9b0) at xptcinvoke_unixish_x86.cpp:134
#9277 0x40c5d87e in nsXPCWrappedNativeClass::CallWrappedMethod (this=0x8748ef8,
cx=0x80c5a78, wrapper=0x8986be0, desc=0x874c050, callMode=CALL_METHOD, argc=0,
argv=0x875a868, vp=0xbfffdb34) at xpcwrappednativeclass.cpp:915
#9278 0x40c5f99b in WrappedNative_CallMethod (cx=0x80c5a78, obj=0x875ce20,
argc=0, argv=0x875a868, vp=0xbfffdb34) at xpcwrappednativejsops.cpp:226
#9279 0x401d66c2 in js_Invoke (cx=0x80c5a78, argc=0, flags=0) at jsinterp.c:716
#9280 0x401e7877 in js_Interpret (cx=0x80c5a78, result=0xbfffe500) at
jsinterp.c:2517
#9281 0x401d671f in js_Invoke (cx=0x80c5a78, argc=1, flags=2) at jsinterp.c:732
#9282 0x401d6a74 in js_InternalInvoke (cx=0x80c5a78, obj=0x86ac350,
fval=141214616, flags=0, argc=1, argv=0xbfffe7ac, rval=0xbfffe67c) at jsinterp.c:805
#9283 0x401a8f43 in JS_CallFunctionValue (cx=0x80c5a78, obj=0x86ac350,
fval=141214616, argc=1, argv=0xbfffe7ac, rval=0xbfffe67c) at jsapi.c:2817
#9284 0x404ff849 in nsJSContext::CallEventHandler (this=0x80c5a40,
aTarget=0x86ac350, aHandler=0x86ac398, argc=1, argv=0xbfffe7ac,
aBoolResult=0xbfffe6fc, aReverseReturnResult=0) at nsJSEnvironment.cpp:846
#9285 0x4054aeac in nsJSEventListener::HandleEvent (this=0x856c498,
aEvent=0x8802b5c) at nsJSEventListener.cpp:154
#9286 0x416055ab in nsEventListenerManager::HandleEventSubType (this=0x856c440,
aListenerStruct=0x856c4d0, aDOMEvent=0x8802b5c, aCurrentTarget=0x84705e8,
aSubType=8, aPhaseFlags=7
This blocks smoketest B.3
Severity: normal → critical
Keywords: crash, smoketest
*** Bug 49695 has been marked as a duplicate of this bug. ***
->bryner
Assignee: trudelle → bryner
Would not hold tree for this. Putting on [dogfood-] radar.  Adding nsbeta3 
keyword.

jrgm, can you reproduce?  Linux only?
Whiteboard: [dogfood-]
Yes, I can reproduce this with the same mozilla build, 2000082008, but not
using the steps described above. However, if I just keep moving up and down
and changing the filter criteria, I will eventually crash.
This seems quite easy to reproduce.  adding nsbeta3 keyword, marking nsbeta3+,
P2 for M18  
Keywords: nsbeta3
Priority: P3 → P2
Whiteboard: [dogfood-] → [dogfood-] [nsbeta3+]
Target Milestone: --- → M18
Hm, this really doesn't look like a filepicker problem from the stack.

CC'ing waterson and hyatt.  any ideas?
Marking WORKSFORME (confirmed by timeless, endico, and jst on #mozilla).
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WORKSFORME
100% reproduceable on Linux 2000-08-23-21.  Reopening.  Bryner, I can tar up an
example directory that causes this problem and attach it, if you want.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Hm, judging from the length of the stack, I think Box might be getting into some 
sort of infinite recursion.  cc'ing evaughan.
The good news is, I'm not seeing this on the RDF_FILEPICKER_BRANCH, so hopefully
I can resolve this bug when it lands.
need info: How are you reproducing this?  Who is still seeing it? I'm not seeing
it in today's N6 verification build.  From Jeffery Baker's comments, it seems
that there are new requirements for reproducing this, such as using particular
directories.  Please list the exact steps to reproduce using today's build.
Whiteboard: [dogfood-] [nsbeta3+] → [dogfood-] [need info]
I can reproduce this by going into .mozilla/default in my home directory, 
then going down one directory, changing the filter (to some other selection)
and hitting '..' to go back up -- and repeating until at some point I crash.

Unfortunately, I can't find a single set of actions to reproduce, but after
maximum four repeats of down/switch/up, I will crash. 

(This is with today's comm. build, notwithstanding bryner's comment that this 
may already be fixed on a different branch). 
Yeah my questions are: when does the RDF file picker land?; and based on that,
do we care about the current file picker suckage?
nsbeta3+, hopefully fixed by landing rdf_filepicker branch.
Whiteboard: [dogfood-] [need info] → [dogfood-] [nsbeta3+]
Status: REOPENED → ASSIGNED
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → FIXED
Can't make it crash anymore in debug build pulled 2000-09-01-06.  Thanks bryner.
Thanks jwbaker. I can't get this crash anymore either. Marking verified. 
Status: RESOLVED → VERIFIED
*** Bug 51707 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.