Closed Bug 17362 Opened 25 years ago Closed 25 years ago

SIGSEV in viewer while processing a form.

Categories

(Core Graveyard :: Viewer App, defect, P3)

Product:
Core Graveyard
Component:
Viewer App
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 17431

People

(Reporter: dejong, Assigned: pollmann)

Details

I was runing viewer on a RedHat 5.2 (Intel) Linux system.
I built from the CVS on Wed Oct 27. I then
went to the bugzilla query page and typed my email
address into the Reporter entry box. Finally,
I pressed the button to submit the query. After
doing that viewer crashed with at the following place.


layout/html/forms/src/nsFormFrame.cpp : line 741
nsFormFrame::ProcessAsURLEncoded

736          encoder = nsnull;
737
738       // collect and encode the data from the children controls
739       for (PRUint32 childX = 0; childX < numChildren; childX++) {
740         nsIFormControlFrame* child = (nsIFormControlFrame*)
mFormControls.ElementAt(childX);
741         if (child && child->IsSuccessful(aFrame)) {
742           PRInt32 numValues = 0;
743           PRInt32 maxNumValues = child->GetMaxNumValues();
744           if (0 >= maxNumValues) {
745             continue;


(gdb) print child
$1 = (nsIFormControlFrame *) 0x8351138

(gdb) print aFrame
$2 = (nsIFormControlFrame *) 0x84e14b8

(gdb) call child->IsSuccessful(aFrame)
Cannot access memory at address 0x2c.


The problem seems to be in the inlined method.

From nsListControlFrame.cpp : crash on line 1287.

1283	PRBool
1284	nsListControlFrame::IsSuccessful(nsIFormControlFrame* aSubmitter)
1285	{
1286	  nsAutoString name;
1287	  return (NS_CONTENT_ATTR_HAS_VALUE == GetName(&name));    <--- CRASH
1288	}


It is crashing inside GetName().

From nsListControlFrame.cpp : crash on line 1359.

1354	nsListControlFrame::GetName(nsString* aResult)
1355	{
1356	  nsresult result = NS_FORM_NOTOK;
1357	  if (mContent) {
1358	    nsIHTMLContent* formControl = nsnull;
1359	    result =
mContent->QueryInterface(nsCOMTypeInfo<nsIHTMLContent>::GetIID(),(void**)&formControl);
1360	    if (NS_SUCCEEDED(result) && formControl) {
1361	      nsHTMLValue value;
1362	      result = formControl->GetHTMLAttribute(nsHTMLAtoms::name, value);
1363	      if (NS_CONTENT_ATTR_HAS_VALUE == result) {
1364	        if (eHTMLUnit_String == value.GetUnit()) {
1365	          value.GetStringValue(*aResult);
1366	        }
1367	      }
1368	      NS_RELEASE(formControl);
1369	    }
1370	  }
1371	  return result;
1372	}




Here is the stack trace:

#0  0x40e446e8 in nsFormFrame::ProcessAsURLEncoded (this=0x81f6840,
    aFormProcessor=0x80b0d50, isPost=0, aData=@0xbfffecb0, aFrame=0x84e14b8)
    at ../../../../../layout/html/forms/src/nsFormFrame.cpp:741
#1  0x40e435d5 in nsFormFrame::OnSubmit (this=0x81f6840,
    aPresContext=0x8462f90, aFrame=0x84e1480)
    at ../../../../../layout/html/forms/src/nsFormFrame.cpp:505
#2  0x40e55afd in nsHTMLButtonControlFrame::MouseClicked (this=0x84e1480,
    aPresContext=0x8462f90)
    at ../../../../../layout/html/forms/src/nsHTMLButtonControlFrame.cpp:290
#3  0x40e4864e in nsGfxButtonControlFrame::HandleEvent (this=0x84e1480,
    aPresContext=@0x8462f90, aEvent=0xbfffed90, aEventStatus=@0xbffff1d8)
    at ../../../../../layout/html/forms/src/nsGfxButtonControlFrame.cpp:219
#4  0x40d27cbe in nsEventStateManager::CheckForAndDispatchClick (
    this=0x8212578, aPresContext=@0x8462f90, aEvent=0xbffff2c8,
    aStatus=@0xbffff1d8)
    at ../../../../layout/events/src/nsEventStateManager.cpp:996
#5  0x40d26974 in nsEventStateManager::PostHandleEvent (this=0x8212578,
    aPresContext=@0x8462f90, aEvent=0xbffff2c8, aTargetFrame=0x84e1480,
    aStatus=@0xbffff1d8, aView=0x8356878)
    at ../../../../layout/events/src/nsEventStateManager.cpp:467
#6  0x40d73305 in PresShell::HandleEvent (this=0x846b1a8, aView=0x8356878,
    aEvent=0xbffff2c8, aEventStatus=@0xbffff1d8)
    at ../../../../../layout/html/base/src/nsPresShell.cpp:2214
#7  0x4108d7d7 in nsView::HandleEvent (this=0x8356878, event=0xbffff2c8,
    aEventFlags=8, aStatus=@0xbffff1d8, aHandled=@0xbffff17c)
    at ../../../view/src/nsView.cpp:833
#8  0x4108d769 in nsView::HandleEvent (this=0x821ad10, event=0xbffff2c8,
    aEventFlags=8, aStatus=@0xbffff1d8, aHandled=@0xbffff17c)
    at ../../../view/src/nsView.cpp:817
#9  0x4108d769 in nsView::HandleEvent (this=0x8208498, event=0xbffff2c8,
    aEventFlags=8, aStatus=@0xbffff1d8, aHandled=@0xbffff17c)
    at ../../../view/src/nsView.cpp:817
#10 0x4108d769 in nsView::HandleEvent (this=0x843a518, event=0xbffff2c8,
    aEventFlags=28, aStatus=@0xbffff1d8, aHandled=@0xbffff17c)
    at ../../../view/src/nsView.cpp:817
#11 0x410992b3 in nsViewManager::DispatchEvent (this=0x8442430,
    aEvent=0xbffff2c8, aStatus=@0xbffff1d8)
    at ../../../view/src/nsViewManager.cpp:1737
#12 0x4108b8f8 in HandleEvent (aEvent=0xbffff2c8)
    at ../../../view/src/nsView.cpp:62
#13 0x4057aa74 in nsWidget::DispatchEvent (this=0x821ad78, aEvent=0xbffff2c8,
    aStatus=@0xbffff270) at ../../../../widget/src/gtk/nsWidget.cpp:1277
#14 0x4057a80c in nsWidget::DispatchWindowEvent (this=0x821ad78,
    event=0xbffff2c8) at ../../../../widget/src/gtk/nsWidget.cpp:1188
#15 0x4057ab28 in nsWidget::DispatchMouseEvent (this=0x821ad78,
    aEvent=@0xbffff2c8) at ../../../../widget/src/gtk/nsWidget.cpp:1304
#16 0x4057bc7b in nsWidget::OnButtonReleaseSignal (this=0x821ad78,
    aGdkButtonEvent=0x81772f0) at ../../../../widget/src/gtk/nsWidget.cpp:1915
#17 0x4057c92e in nsWidget::ButtonReleaseSignal (aWidget=0x8238048,
    aGdkButtonEvent=0x81772f0, aData=0x821ad78)
    at ../../../../widget/src/gtk/nsWidget.cpp:2360
#18 0x402d4a99 in gtk_marshal_BOOL__POINTER (object=0x8238048,
    func=0x4057c850 <nsWidget::ButtonReleaseSignal(_GtkWidget *, _GdkEventButton
*, void *)>, func_data=0x821ad78, args=0xbffff3e0) at gtkmarshal.c:30
#19 0x40299c52 in gtk_handlers_run (handlers=0x813feb0, signal=0xbffff39c,
    object=0x8238048, params=0xbffff3e0, after=0) at gtksignal.c:1909
#20 0x40299158 in gtk_signal_real_emit (object=0x8238048, signal_id=21,
    params=0xbffff3e0) at gtksignal.c:1469
#21 0x40297468 in gtk_signal_emit (object=0x8238048, signal_id=21)
    at gtksignal.c:552
#22 0x402cc110 in gtk_widget_event (widget=0x8238048, event=0x81772f0)
    at gtkwidget.c:2790
#23 0x4026c13d in gtk_propagate_event (widget=0x8238048, event=0x81772f0)
    at gtkmain.c:1296
#24 0x4026b472 in gtk_main_do_event (event=0x81772f0) at gtkmain.c:753
#25 0x40310ed6 in gdk_event_dispatch (source_data=0x0,
    current_time=0xbffff760, user_data=0x0) at gdkevents.c:2098
#26 0x4033cc8f in g_main_dispatch (current_time=0xbffff760) at gmain.c:652
#27 0x4033d277 in g_main_iterate (block=1, dispatch=1) at gmain.c:870
#28 0x4033d3f9 in g_main_run (loop=0x81bfe40) at gmain.c:928
#29 0x4026aedf in gtk_main () at gtkmain.c:475
#30 0x40564fb3 in nsAppShell::Run (this=0x809d280)
    at ../../../../widget/src/gtk/nsAppShell.cpp:388
#31 0x806fb9e in nsNativeViewerApp::Run (this=0x80add20)
    at ../../../../../../webshell/tests/viewer/unix/gtk/nsGtkMain.cpp:45
#32 0x806fe86 in main (argc=1, argv=0xbffff854)
    at ../../../../../../webshell/tests/viewer/unix/gtk/nsGtkMain.cpp:165
Assignee: rickg → pollmann
Eric -- one for you, me thinks.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
Thanks for dejong for the analysis!

*** This bug has been marked as a duplicate of 17431 ***
Status: RESOLVED → VERIFIED
marking Verified as a dup.
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.