Closed
Bug 5484
Opened 25 years ago
Closed 25 years ago
1999-04-26-08 verification build dies when throbber is clicked.
Categories
(Core Graveyard :: Tracking, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
M5
People
(Reporter: donm, Assigned: mjudge)
References
Details
#0 0x4050546c in nsContentIterator::NextNode () #1 0x4050595a in nsContentIterator::Next () #2 0x4050323b in nsRangeList::selectFrames () #3 0x40503db7 in nsRangeList::Collapse () #4 0x405033ea in nsRangeList::TakeFocus () #5 0x403dfdb4 in nsFrame::HandlePress () #6 0x403dfc0d in nsFrame::HandleEvent () #7 0x404dfb4f in nsTitledButtonFrame::HandleEvent () #8 0x403f7fc3 in PresShell::HandleEvent () #9 0x40c0f362 in nsView::HandleEvent () #10 0x40c16b61 in nsViewManager::DispatchEvent () #11 0x40c0de4e in HandleEvent () #12 0x400880c6 in nsWidget::DispatchEvent () #13 0x4008801d in nsWidget::DispatchWindowEvent () #14 0x40088143 in nsWidget::DispatchMouseEvent () #15 0x4008858c in nsWidget::OnButtonPressSignal () #16 0x40088883 in nsWidget::ButtonPressSignal () #17 0x80bb67c in gtk_marshal_BOOL__POINTER (object=0x826d900, func=0x4008884c <nsWidget::ButtonPressSignal(_GtkWidget *, _GdkEventButton *, void *)>, func_data=0x826d778, args=0xbffff740) at gtkmarshal.c:30 #18 0x80964e3 in gtk_handlers_run (handlers=0x81c6450, signal=0xbffff6fc, object=0x826d900, params=0xbffff740, after=0) at gtksignal.c:1909 #19 0x8095b76 in gtk_signal_real_emit (object=0x826d900, signal_id=20, params=0xbffff740) at gtksignal.c:1469 #20 0x8094326 in gtk_signal_emit (object=0x826d900, signal_id=20) at gtksignal.c:552 #21 0x80b44ec in gtk_widget_event (widget=0x826d900, event=0x8270d48) at gtkwidget.c:2784 #22 0x80813b1 in gtk_propagate_event (widget=0x826d900, event=0x8270d48) at gtkmain.c:1295 #23 0x8080986 in gtk_main_do_event (event=0x8270d48) at gtkmain.c:752 #24 0x80c9a3f in gdk_event_dispatch (source_data=0x0, current_time=0xbffffa88, user_data=0x0) at gdkevents.c:2086 #25 0x80dc7ec in g_main_dispatch (current_time=0xbffffa88) at gmain.c:647 #26 0x80dcc67 in g_main_iterate (block=1, dispatch=1) at gmain.c:854 #27 0x80dcd81 in g_main_run (loop=0x81a3b90) at gmain.c:912 #28 0x80804bf in gtk_main () at gtkmain.c:475 #29 0x4007eb49 in nsAppShell::Run () #30 0x40014e4a in nsAppShellService::Run () #31 0x80511b9 in main ()
attached macsbug call. It appears that what is happening is that we are iterating through the content at nsContentIterator::Next(), and one of the elements is empty and nil. This causes a crash as something in ::Next() tries to do something useful with nil. PowerPC unmapped memory exception at 0A1B5CB0 Calling chain using A6/R1 links Back chain ISA Caller 00000000 PPC 0A4FEEAC 0AEDE180 PPC 0A4FDE30 main+006E4 0AEDDFE0 PPC 0A31E1E0 nsAppShellService::Run()+00018 0AEDDFA0 PPC 09ECAA1C nsAppShell::Run()+00038 0AEDDF20 PPC 09ECB350 nsMacMessagePump::DoMessagePump()+0003C 0AEDDED0 PPC 09ECB4D0 nsMacMessagePump::DispatchEvent(int, EventRecord*)+ 0005C 0AEDDE80 PPC 09ECB7A8 nsMacMessagePump::DoMouseDown(EventRecord&)+000A8 0AEDDDF0 PPC 09ECBE14 nsMacMessagePump::DispatchOSEventToRaptor(EventRecord&, GrafPort *)+00044 0AEDDDA0 PPC 09EC6390 nsMacMessageSink::DispatchOSEvent(EventRecord&, GrafPort*)+00038 0AEDDD60 PPC 09EC2230 nsMacWindow::HandleOSEvent(EventRecord&)+00020 0AEDDD00 PPC 09EC257C nsMacEventHandler::HandleOSEvent(EventRecord&)+00084 0AEDDCC0 PPC 09EC31F4 nsMacEventHandler::HandleMouseDownEvent(EventRecord& )+00184 0AEDDC20 PPC 09EAD2B4 nsWindow::DispatchMouseEvent(nsMouseEvent&)+00058 0AEDDBC0 PPC 09EAD1FC nsWindow::DispatchWindowEvent(nsGUIEvent&)+00018 0AEDDB80 PPC 09EAD128 nsWindow::DispatchEvent(nsGUIEvent*, nsEventStatus& )+00090 0AEDDB30 PPC 09DB60F8 HandleEvent(nsGUIEvent*)+00058 0AEDDAE0 PPC 09DB3A10 nsViewManager::DispatchEvent(nsGUIEvent*, nsEventStatus&)+005C0 0AEDD9A0 PPC 09DB7C08 nsView::HandleEvent(nsGUIEvent*, unsigned int, nsEventStatus&)+0 0194 0AEDD920 PPC 09F7C128 PresShell::HandleEvent(nsIView*, nsGUIEvent*, nsEventStatus&)+00 1EC 0AEDD8B0 PPC 0A1A7E30 nsTitledButtonFrame::HandleEvent(nsIPresContext&, nsGUIEvent*, n sEventStatus&)+00020 0AEDD860 PPC 09F715F8 nsFrame::HandleEvent(nsIPresContext&, nsGUIEvent*, nsEventStatus &)+00130 0AEDD810 PPC 09F71820 nsFrame::HandlePress(nsIPresContext&, nsGUIEvent*, nsEventStatus &)+001B0 0AEDD740 PPC 0A15F694 nsRangeList::TakeFocus(nsIContent*, unsigned int, int)+00224 0AEDD590 PPC 0A160BB0 nsRangeList::Collapse(nsIDOMNode*, int)+001A8 0AEDD500 PPC 0A15F318 nsRangeList::selectFrames(nsIDOMRange*, int)+001C0 0AEDD440 PPC 0A174998 nsContentIterator::Next()+00064 Disassembling PowerPC code from 0a174998 nsContentIterator::Next() +0003C 0A174970 lwz r0,0x0010(r4) | 80040010 +00040 0A174974 cmplw r3,r0 | 7C030040 +00044 0A174978 bne nsContentIterator::Next()+0005C ; 0x0A174990 | 40820018 +00048 0A17497C li r0,0x0001 | 38000001 +0004C 0A174980 lis r3,-0x8000 | 3C608000 +00050 0A174984 stw r0,0x0018(r4) | 90040018 +00054 0A174988 addi r3,r3,0x4005 | 38634005 +00058 0A17498C b nsContentIterator::Next()+00068 ; 0x0A17499C | 48000010 +0005C 0A174990 addi r3,r4,0x0000 | 38640000 +00060 0A174994 addi r4,r4,0x0008 | 38840008 +00064 0A174998 bl NS_NewNameSpaceManager(nsINameSpaceManager**)+ 01E10 ; 0x0A1 73DBC | 4BFFF425 +00068 0A17499C lwz r0,0x0058(SP) | 80010058 +0006C 0A1749A0 addi SP,SP,0x0050 | 38210050 +00070 0A1749A4 mtlr r0 ; LR = 0x0008 | 7C0803A6 +00074 0A1749A8 blr | 4E800020 nsContentIterator::Prev() +00000 0A1749DC mflr r0 ; LR = 0x0008 | 7C0802A6 +00004 0A1749E0 stw r0,0x0008(SP) | 90010008 +00008 0A1749E4 stwu SP,-0x0050(SP) | 9421FFB0 +0000C 0A1749E8 lwz r0,0x0018(r3) | 80030018 PowerPC 740/750 Registers CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7 PC = 0A1B5CB0 CR 0010 0010 0000 0000 0000 1000 0010 1000 LR = 0A174084 <>=O XEVO CTR = 0A260318 MSR = 00000000 SOC Compare Count Int = 0 XER 001 00 00 MQ = 4A400828 R0 = 00000000 R8 = 00000000 R16 = 00000000 R24 = 0A538194 SP = 0AEDD2F0 R9 = 00000000 R17 = 00000000 R25 = 00000000 TOC = 0AB28F70 R10 = 00000020 R18 = 00000000 R26 = 00000000 R3 = 00000000 R11 = 0026C8BC R19 = 00000000 R27 = 0AEDD4E0 R4 = 0A681E20 R12 = 4E750891 R20 = 00000000 R28 = 00000000 R5 = 0AEDD3C4 R13 = 00000000 R21 = 0AEDE1B8 R29 = 0AEDD3D0 R6 = 00000000 R14 = 00000000 R22 = 00000000 R30 = 0A8D50CC R7 = 00000000 R15 = 00000000 R23 = 0A538154 R31 = 0A8D50D4 Disassembling PowerPC code from 0A1B5C88 No procedure name 0A1B5C88 lwz r0,0x0000(r12) | 800C0000 0A1B5C8C lwz RTOC,0x0004(r12) | 804C0004 0A1B5C90 mtctr r0 ; CTR = 0x0009 | 7C0903A6 0A1B5C94 bctr | 4E800420 0A1B5C98 lwz r12,-0x7CD0(RTOC) | 81828330 0A1B5C9C stw RTOC,0x0014(SP) | 90410014 0A1B5CA0 lwz r0,0x0000(r12) | 800C0000 0A1B5CA4 lwz RTOC,0x0004(r12) | 804C0004 0A1B5CA8 mtctr r0 ; CTR = 0x0009 | 7C0903A6 0A1B5CAC bctr | 4E800420 0A1B5CB0 *lwz r0,0x0000(r12) | 800C0000 0A1B5CB4 stw RTOC,0x0014(SP) | 90410014 0A1B5CB8 mtctr r0 ; CTR = 0x0009 | 7C0903A6 0A1B5CBC lwz RTOC,0x0004(r12) | 804C0004 0A1B5CC0 bctr | 4E800420 0A1B5CC4 subfic SP,r0,0x0040 | 20200040 0A1B5CC8 dozi r11,r16,0x0020 | 25700020 0A1B5CCC rlmi. r22,r27,r13,0x05,0x12 | 5B766965 0A1B5CD0 andis. r29,r25,0x2570 | 773D2570 0A1B5CD4 rlwnm r0,r8,r4,0x01,0x18 | 5D002070 Closing log
Comment 2•25 years ago
|
||
This happens when you press "Reload", also.
Comment 4•25 years ago
|
||
[Actually, this happens with any toolbar button in the top row of toolbar buttons --- e.g. forward, backwards, print, etc.]
Updated•25 years ago
|
Assignee: radha → mjudge
Comment 6•25 years ago
|
||
This is selection-related. Reassign to mjudge.
Comment 7•25 years ago
|
||
[Mike, please do be aware that the Browser QA team cannot test new builds until this is fixed. Or, at least, I can't, and I assume everyone else is equally blocked. Thanks!]
Comment 8•25 years ago
|
||
[I take that back --- the menu items under the "Go" menu do actually work.]
Comment 9•25 years ago
|
||
lets see if we can fix this one before we make M5 candidates on Tuesday morning...
Comment 10•25 years ago
|
||
lets see if we can fix this one before we make M5 candidates on Tuesday morning...
Comment 11•25 years ago
|
||
lets see if we can fix this one before we make M5 candidates on Tuesday morning...
Assignee | ||
Comment 12•25 years ago
|
||
should be fixed now
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 13•25 years ago
|
||
should be fixed now
Comment 14•25 years ago
|
||
*** Bug 5614 has been marked as a duplicate of this bug. ***
Comment 15•25 years ago
|
||
Verified.
Comment 16•25 years ago
|
||
Moving all Apprunner bugs past and present to Other component temporarily whilst don and I set correct component. Apprunner component will be deleted/retired shortly.
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•