Closed
Bug 25339
Opened 25 years ago
Closed 25 years ago
crash in nsXULTreeElement::SetCurrentItem
Categories
(Core Graveyard :: Profile: BackEnd, defect, P3)
Tracking
(Not tracked)
VERIFIED
FIXED
M14
People
(Reporter: sspitzer, Assigned: sspitzer)
Details
if I have multiple 4.x profiles, and I remove Users50 and mozregistry.dat and start up 5.0, I get this crash, caused by deferencing null. here's the stack nsXULTreeElement::SetCurrentItem(nsIDOMXULElement * 0x00000000) line 793 + 44 bytes nsXULTreeElement::SelectItem(nsXULTreeElement * const 0x01e89208, nsIDOMXULElement * 0x00000000) line 174 XULTreeElementSelectItem(JSContext * 0x01d3a530, JSObject * 0x00d98ba0, unsigned int 1, long * 0x00d43d40, long * 0x0012d650) line 277 + 24 bytes js_Invoke(JSContext * 0x01d3a530, unsigned int 1, unsigned int 0) line 666 + 26 bytes js_Interpret(JSContext * 0x01d3a530, long * 0x0012decc) line 2262 + 15 bytes js_Invoke(JSContext * 0x01d3a530, unsigned int 0, unsigned int 0) line 682 + 13 bytes js_Interpret(JSContext * 0x01d3a530, long * 0x0012e704) line 2262 + 15 bytes js_Invoke(JSContext * 0x01d3a530, unsigned int 0, unsigned int 0) line 682 + 13 bytes js_Interpret(JSContext * 0x01d3a530, long * 0x0012ef3c) line 2262 + 15 bytes js_Invoke(JSContext * 0x01d3a530, unsigned int 1, unsigned int 2) line 682 + 13 bytes js_InternalInvoke(JSContext * 0x01d3a530, JSObject * 0x00d25e48, long 13846472, unsigned int 0, unsigned int 1, long * 0x0012f0c4, long * 0x0012f070) line 759 + 19 bytes JS_CallFunctionValue(JSContext * 0x01d3a530, JSObject * 0x00d25e48, long 13846472, unsigned int 1, long * 0x0012f0c4, long * 0x0012f070) line 2771 + 31 bytes nsJSContext::CallEventHandler(nsJSContext * const 0x01d3a6c0, void * 0x00d25e48, void * 0x00d347c8, unsigned int 1, void * 0x0012f0c4, int * 0x0012f0c0) line 562 + 33 bytes nsJSEventListener::HandleEvent(nsIDOMEvent * 0x01eab3d4) line 128 + 57 bytes nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x01e52410, nsIDOMEvent * 0x01eab3d4, unsigned int 1) line 680 + 19 bytes nsEventListenerManager::HandleEvent(nsIPresContext * 0x01d3af10, nsEvent * 0x0012fad8, nsIDOMEvent * * 0x0012f4c0, unsigned int 7, nsEventStatus * 0x0012fb18) line 1231 + 31 bytes GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x01d3ad24, nsIPresContext * 0x01d3af10, nsEvent * 0x0012fad8, nsIDOMEvent * * 0x0012f4c0, unsigned int 1, nsEventStatus * 0x0012fb18) line 3350 nsWebShell::OnEndDocumentLoad(nsWebShell * const 0x019629a0, nsIDocumentLoader * 0x01960a20, nsIChannel * 0x01d35720, unsigned int 0) line 3141 + 34 bytes nsDocLoaderImpl::FireOnEndDocumentLoad(nsDocLoaderImpl * 0x01960a20, nsIChannel * 0x01d35720, unsigned int 0) line 834 nsDocLoaderImpl::DocLoaderIsEmpty(unsigned int 0) line 725 nsDocLoaderImpl::OnStopRequest(nsDocLoaderImpl * const 0x01960a24, nsIChannel * 0x01f36c00, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x00000000) line 669 nsLoadGroup::RemoveChannel(nsLoadGroup * const 0x019667b0, nsIChannel * 0x01f36c00, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x00000000) line 535 + 42 bytes nsFileChannel::OnStopRequest(nsFileChannel * const 0x01f36c04, nsIChannel * 0x01f367d0, nsISupports * 0x00000000, unsigned int 0, const unsigned short * 0x00000000) line 455 nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x01f33400) line 279 nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x01f374d0) line 93 + 12 bytes PL_HandleEvent(PLEvent * 0x01f374d0) line 526 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00c74b90) line 487 + 9 bytes _md_EventReceiverProc(HWND__ * 0x0087014c, unsigned int 49434, unsigned int 0, long 13061008) line 975 + 9 bytes USER32! 77e71820() 00c74b90()
Assignee | ||
Comment 1•25 years ago
|
||
here's a bulletproofing patch to prevent the error. hyatt, can you review? I think the main problem is that unmigrate profiles are showing up in the tree, but there may be js that is trying to select an element in the tree. I need to look at the profile. maybe ben knows off the top of his head. I think the "unmigrated profiles not showing up" is a known bug. but if I can't find it, I'll log it. Index: content/src/nsXULTreeElement.cpp =================================================================== RCS file: /cvsroot/mozilla/rdf/content/src/nsXULTreeElement.cpp,v retrieving revision 1.36 diff -r1.36 nsXULTreeElement.cpp 153a154,156 > NS_ASSERTION(aTreeItem, "trying to select a null tree item"); > if (!aTreeItem) return NS_OK; > 253a257,259 > NS_ASSERTION(aTreeItem,"attepting to add a null tree item to the selection") ; > if (!aTreeItem) return; >
Comment 2•25 years ago
|
||
We should make it so that this doesn't crash, but someone must have changed the JS to pass me null. Why are people trying to select null?
Status: NEW → ASSIGNED
Target Milestone: M14
Assignee | ||
Comment 3•25 years ago
|
||
I'll consider that a review from hyatt. I'll check in (to prevent the crash) and then we'll look at why we are trying to select null.
Assignee | ||
Comment 4•25 years ago
|
||
patch checked in. now it long longer crashes. in addition to how I reproduced the problem, runnning with -ProfileManager with no profiles would cause the same problem. I think the problem is in profileSelection.js we get the current profile from the profile service, and call selectItem. my guess is that in the cases I describe, there is no current profile, but we fail silently, and never check before calling selectItem. verifying my theory now, and if so, I'll fix the js.
Assignee | ||
Comment 5•25 years ago
|
||
yep, that was it. here's the diff that I'm checking in: Index: profileSelection.js =================================================================== RCS file: /cvsroot/mozilla/profile/resources/content/profileSelection.js,v retrieving revision 1.9 diff -r1.9 profileSelection.js 51,53c51,58 < var currentProfileItem = document.getElementById( ( "profileName_" + curre ntProfile ) ); < var profileList = document.getElementById( "profiles" ); < profileList.selectItem( currentProfileItem ); --- > if (currentProfile) { > var currentProfileItem = document.getElementById( ( "profileName_" + cur rentProfile ) ); > var profileList = document.getElementById( "profiles" ); > profileList.selectItem( currentProfileItem ); > } > else { > dump("no current profile, can't highlight anything\n"); > } taking bug from hyatt.
Assignee: hyatt → sspitzer
Status: ASSIGNED → NEW
Assignee | ||
Comment 6•25 years ago
|
||
ben beat me to it, and fixed the js. marking fixed.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•