Closed
Bug 314543
Opened 19 years ago
Closed 19 years ago
Evil xul testcase, tree:hover{display:inline;}, crashes Mozilla
Categories
(Core :: Widget: Win32, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: martijn.martijn, Assigned: emaijala+moz)
References
Details
(Keywords: crash, regression, testcase)
Attachments
(3 files, 2 obsolete files)
433 bytes,
application/vnd.mozilla.xul+xml
|
Details | |
25.99 KB,
text/plain
|
Details | |
1.12 KB,
patch
|
roc
:
review+
roc
:
superreview+
|
Details | Diff | Splinter Review |
See upcoming testcase. When hovering over the content area, Mozilla crashes. This seems a recent regression, 2005-10-17 build doesn't crash 2005-10-18 build does crash. I've also tried a 1.5 branch build of 2005-10-23, it doesn't crash. http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2005-10-17+06%3A00%3A00&maxdate=2005-10-18+13%3A00%3A00&cvsroot=%2Fcvsroot I've no idea which bug could be responsible
Reporter | ||
Comment 1•19 years ago
|
||
Reporter | ||
Comment 2•19 years ago
|
||
This is the backtrace from the assertion I get prior to the crash: ###!!! ASSERTION: no scroll bar: 'mScrollbar', file c:/mozilla/mozilla/layout/xu l/base/src/tree/src/nsTreeBodyFrame.cpp, line 782 Break: at file c:/mozilla/mozilla/layout/xul/base/src/tree/src/nsTreeBodyFrame.c pp, line 782 After that, the backtrace of the sigsegv follows.
Comment 3•19 years ago
|
||
> I've no idea which bug could be responsible Based on the crash stack, bug 307678. This doesn't crash on Linux.
Assignee | ||
Updated•19 years ago
|
Assignee: win32 → emaijala
Assignee | ||
Comment 4•19 years ago
|
||
Use only weak refs to nsWindow in mouse trailer to avoid all kinds of problems such as re-entry to nsWindow destructor.
Attachment #201543 -
Flags: review?(roc)
Assignee | ||
Comment 5•19 years ago
|
||
Comment on attachment 201543 [details] [diff] [review] Patch v1 Oops. A very flawed patch here...
Attachment #201543 -
Attachment is obsolete: true
Attachment #201543 -
Flags: review?(roc)
Assignee | ||
Comment 6•19 years ago
|
||
Second try. Use weak refs but don't use NS_IF_RELEASE to get there to avoid nullifying the pointers.
Attachment #201546 -
Flags: review?(roc)
+ // We're not going to hold a reference to the window. nsWindow just + // needs to do the right thing (nullify this if necessary) in its destructor. + if (topWin) { + topWin->Release(); + } if (mHoldMouseWindow != topWin && mTimer) { // Make sure TimerProc is fired at least once for the old window TimerProc(nsnull, nsnull); } - NS_IF_RELEASE(mHoldMouseWindow); mHoldMouseWindow = topWin; Is it possible for the TimerProc call to cause topWin to be destroyed? If so this would leave a dangling reference in mHoldMouseWindow.
Assignee | ||
Comment 8•19 years ago
|
||
Comment on attachment 201546 [details] [diff] [review] Patch v1.1 I have to assume it's possible (and it is of course). Which leads to a situation I'm not sure how to handle: if we don't hold the ref, we'll have a dangling pointer, if we do, we might hold the last ref to it and cause a horrible loop when releasing it. Roc, how about just backing out the patch from bug 307678 and going for TrackMouseEvent?
Attachment #201546 -
Attachment is obsolete: true
Attachment #201546 -
Flags: review?(roc)
Yeah, I think that's the way to go on trunk. And we won't do anything about 307678 for branch, OK?
Assignee | ||
Comment 10•19 years ago
|
||
Yes, unless someone finds a critical problem with that version too. This is a patch to backout the patch of bug 307678.
Attachment #201595 -
Flags: superreview?(roc)
Attachment #201595 -
Flags: review?(roc)
Attachment #201595 -
Flags: superreview?(roc)
Attachment #201595 -
Flags: superreview+
Attachment #201595 -
Flags: review?(roc)
Attachment #201595 -
Flags: review+
Assignee | ||
Comment 11•19 years ago
|
||
Patch checked in. Work will continue in bug 312566.
Verified FIXED using build 2005-11-07-10 of SeaMonkey trunk on Windows XP; no crash.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•