Closed
Bug 5484
Opened 25 years ago
Closed 25 years ago
1999-04-26-08 verification build dies when throbber is clicked.
Categories
(Core Graveyard :: Tracking, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
M5
People
(Reporter: donm, Assigned: mjudge)
References
Details
#0 0x4050546c in nsContentIterator::NextNode ()
#1 0x4050595a in nsContentIterator::Next ()
#2 0x4050323b in nsRangeList::selectFrames ()
#3 0x40503db7 in nsRangeList::Collapse ()
#4 0x405033ea in nsRangeList::TakeFocus ()
#5 0x403dfdb4 in nsFrame::HandlePress ()
#6 0x403dfc0d in nsFrame::HandleEvent ()
#7 0x404dfb4f in nsTitledButtonFrame::HandleEvent ()
#8 0x403f7fc3 in PresShell::HandleEvent ()
#9 0x40c0f362 in nsView::HandleEvent ()
#10 0x40c16b61 in nsViewManager::DispatchEvent ()
#11 0x40c0de4e in HandleEvent ()
#12 0x400880c6 in nsWidget::DispatchEvent ()
#13 0x4008801d in nsWidget::DispatchWindowEvent ()
#14 0x40088143 in nsWidget::DispatchMouseEvent ()
#15 0x4008858c in nsWidget::OnButtonPressSignal ()
#16 0x40088883 in nsWidget::ButtonPressSignal ()
#17 0x80bb67c in gtk_marshal_BOOL__POINTER (object=0x826d900,
func=0x4008884c <nsWidget::ButtonPressSignal(_GtkWidget *, _GdkEventButton
*, void *)>, func_data=0x826d778, args=0xbffff740) at gtkmarshal.c:30
#18 0x80964e3 in gtk_handlers_run (handlers=0x81c6450, signal=0xbffff6fc,
object=0x826d900, params=0xbffff740, after=0) at gtksignal.c:1909
#19 0x8095b76 in gtk_signal_real_emit (object=0x826d900, signal_id=20,
params=0xbffff740) at gtksignal.c:1469
#20 0x8094326 in gtk_signal_emit (object=0x826d900, signal_id=20)
at gtksignal.c:552
#21 0x80b44ec in gtk_widget_event (widget=0x826d900, event=0x8270d48)
at gtkwidget.c:2784
#22 0x80813b1 in gtk_propagate_event (widget=0x826d900, event=0x8270d48)
at gtkmain.c:1295
#23 0x8080986 in gtk_main_do_event (event=0x8270d48) at gtkmain.c:752
#24 0x80c9a3f in gdk_event_dispatch (source_data=0x0, current_time=0xbffffa88,
user_data=0x0) at gdkevents.c:2086
#25 0x80dc7ec in g_main_dispatch (current_time=0xbffffa88) at gmain.c:647
#26 0x80dcc67 in g_main_iterate (block=1, dispatch=1) at gmain.c:854
#27 0x80dcd81 in g_main_run (loop=0x81a3b90) at gmain.c:912
#28 0x80804bf in gtk_main () at gtkmain.c:475
#29 0x4007eb49 in nsAppShell::Run ()
#30 0x40014e4a in nsAppShellService::Run ()
#31 0x80511b9 in main ()
attached macsbug call.
It appears that what is happening is that we are iterating through the content at
nsContentIterator::Next(), and one of the elements is empty and nil. This causes
a crash as something in ::Next() tries to do something useful with nil.
PowerPC unmapped memory exception at 0A1B5CB0
Calling chain using A6/R1 links
Back chain ISA Caller
00000000 PPC 0A4FEEAC
0AEDE180 PPC 0A4FDE30 main+006E4
0AEDDFE0 PPC 0A31E1E0 nsAppShellService::Run()+00018
0AEDDFA0 PPC 09ECAA1C nsAppShell::Run()+00038
0AEDDF20 PPC 09ECB350 nsMacMessagePump::DoMessagePump()+0003C
0AEDDED0 PPC 09ECB4D0 nsMacMessagePump::DispatchEvent(int, EventRecord*)+
0005C
0AEDDE80 PPC 09ECB7A8 nsMacMessagePump::DoMouseDown(EventRecord&)+000A8
0AEDDDF0 PPC 09ECBE14
nsMacMessagePump::DispatchOSEventToRaptor(EventRecord&, GrafPort
*)+00044
0AEDDDA0 PPC 09EC6390 nsMacMessageSink::DispatchOSEvent(EventRecord&,
GrafPort*)+00038
0AEDDD60 PPC 09EC2230 nsMacWindow::HandleOSEvent(EventRecord&)+00020
0AEDDD00 PPC 09EC257C nsMacEventHandler::HandleOSEvent(EventRecord&)+00084
0AEDDCC0 PPC 09EC31F4 nsMacEventHandler::HandleMouseDownEvent(EventRecord&
)+00184
0AEDDC20 PPC 09EAD2B4 nsWindow::DispatchMouseEvent(nsMouseEvent&)+00058
0AEDDBC0 PPC 09EAD1FC nsWindow::DispatchWindowEvent(nsGUIEvent&)+00018
0AEDDB80 PPC 09EAD128 nsWindow::DispatchEvent(nsGUIEvent*, nsEventStatus&
)+00090
0AEDDB30 PPC 09DB60F8 HandleEvent(nsGUIEvent*)+00058
0AEDDAE0 PPC 09DB3A10 nsViewManager::DispatchEvent(nsGUIEvent*,
nsEventStatus&)+005C0
0AEDD9A0 PPC 09DB7C08 nsView::HandleEvent(nsGUIEvent*, unsigned int,
nsEventStatus&)+0
0194
0AEDD920 PPC 09F7C128 PresShell::HandleEvent(nsIView*, nsGUIEvent*,
nsEventStatus&)+00
1EC
0AEDD8B0 PPC 0A1A7E30 nsTitledButtonFrame::HandleEvent(nsIPresContext&,
nsGUIEvent*, n
sEventStatus&)+00020
0AEDD860 PPC 09F715F8 nsFrame::HandleEvent(nsIPresContext&, nsGUIEvent*,
nsEventStatus
&)+00130
0AEDD810 PPC 09F71820 nsFrame::HandlePress(nsIPresContext&, nsGUIEvent*,
nsEventStatus
&)+001B0
0AEDD740 PPC 0A15F694 nsRangeList::TakeFocus(nsIContent*, unsigned int,
int)+00224
0AEDD590 PPC 0A160BB0 nsRangeList::Collapse(nsIDOMNode*, int)+001A8
0AEDD500 PPC 0A15F318 nsRangeList::selectFrames(nsIDOMRange*, int)+001C0
0AEDD440 PPC 0A174998 nsContentIterator::Next()+00064
Disassembling PowerPC code from 0a174998
nsContentIterator::Next()
+0003C 0A174970 lwz r0,0x0010(r4) |
80040010
+00040 0A174974 cmplw r3,r0 |
7C030040
+00044 0A174978 bne nsContentIterator::Next()+0005C ; 0x0A174990 |
40820018
+00048 0A17497C li r0,0x0001 |
38000001
+0004C 0A174980 lis r3,-0x8000 |
3C608000
+00050 0A174984 stw r0,0x0018(r4) |
90040018
+00054 0A174988 addi r3,r3,0x4005 |
38634005
+00058 0A17498C b nsContentIterator::Next()+00068 ; 0x0A17499C |
48000010
+0005C 0A174990 addi r3,r4,0x0000 |
38640000
+00060 0A174994 addi r4,r4,0x0008 |
38840008
+00064 0A174998 bl NS_NewNameSpaceManager(nsINameSpaceManager**)+
01E10 ; 0x0A1
73DBC |
4BFFF425
+00068 0A17499C lwz r0,0x0058(SP) |
80010058
+0006C 0A1749A0 addi SP,SP,0x0050 |
38210050
+00070 0A1749A4 mtlr r0 ; LR = 0x0008 |
7C0803A6
+00074 0A1749A8 blr |
4E800020
nsContentIterator::Prev()
+00000 0A1749DC mflr r0 ; LR = 0x0008 |
7C0802A6
+00004 0A1749E0 stw r0,0x0008(SP) |
90010008
+00008 0A1749E4 stwu SP,-0x0050(SP) |
9421FFB0
+0000C 0A1749E8 lwz r0,0x0018(r3) |
80030018
PowerPC 740/750 Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 0A1B5CB0 CR 0010 0010 0000 0000 0000 1000 0010 1000
LR = 0A174084 <>=O XEVO
CTR = 0A260318
MSR = 00000000 SOC Compare Count
Int = 0 XER 001 00 00 MQ = 4A400828
R0 = 00000000 R8 = 00000000 R16 = 00000000 R24 = 0A538194
SP = 0AEDD2F0 R9 = 00000000 R17 = 00000000 R25 = 00000000
TOC = 0AB28F70 R10 = 00000020 R18 = 00000000 R26 = 00000000
R3 = 00000000 R11 = 0026C8BC R19 = 00000000 R27 = 0AEDD4E0
R4 = 0A681E20 R12 = 4E750891 R20 = 00000000 R28 = 00000000
R5 = 0AEDD3C4 R13 = 00000000 R21 = 0AEDE1B8 R29 = 0AEDD3D0
R6 = 00000000 R14 = 00000000 R22 = 00000000 R30 = 0A8D50CC
R7 = 00000000 R15 = 00000000 R23 = 0A538154 R31 = 0A8D50D4
Disassembling PowerPC code from 0A1B5C88
No procedure name
0A1B5C88 lwz r0,0x0000(r12) |
800C0000
0A1B5C8C lwz RTOC,0x0004(r12) |
804C0004
0A1B5C90 mtctr r0 ; CTR = 0x0009 |
7C0903A6
0A1B5C94 bctr |
4E800420
0A1B5C98 lwz r12,-0x7CD0(RTOC) |
81828330
0A1B5C9C stw RTOC,0x0014(SP) |
90410014
0A1B5CA0 lwz r0,0x0000(r12) |
800C0000
0A1B5CA4 lwz RTOC,0x0004(r12) |
804C0004
0A1B5CA8 mtctr r0 ; CTR = 0x0009 |
7C0903A6
0A1B5CAC bctr |
4E800420
0A1B5CB0 *lwz r0,0x0000(r12) |
800C0000
0A1B5CB4 stw RTOC,0x0014(SP) |
90410014
0A1B5CB8 mtctr r0 ; CTR = 0x0009 |
7C0903A6
0A1B5CBC lwz RTOC,0x0004(r12) |
804C0004
0A1B5CC0 bctr |
4E800420
0A1B5CC4 subfic SP,r0,0x0040 |
20200040
0A1B5CC8 dozi r11,r16,0x0020 |
25700020
0A1B5CCC rlmi. r22,r27,r13,0x05,0x12 |
5B766965
0A1B5CD0 andis. r29,r25,0x2570 |
773D2570
0A1B5CD4 rlwnm r0,r8,r4,0x01,0x18 |
5D002070
Closing log
|
||
Comment 2•25 years ago
|
||
This happens when you press "Reload", also.
|
||
Comment 4•25 years ago
|
||
[Actually, this happens with any toolbar button in the top row of toolbar buttons --- e.g. forward, backwards, print, etc.]
|
||
Updated•25 years ago
|
Assignee: radha → mjudge
|
|
||
Comment 6•25 years ago
|
||
This is selection-related. Reassign to mjudge.
|
|
||
Comment 7•25 years ago
|
||
[Mike, please do be aware that the Browser QA team cannot test new builds until this is fixed. Or, at least, I can't, and I assume everyone else is equally blocked. Thanks!]
|
|
||
Comment 8•25 years ago
|
||
[I take that back --- the menu items under the "Go" menu do actually work.]
|
||
Comment 9•25 years ago
|
||
lets see if we can fix this one before we make M5 candidates on Tuesday morning...
|
|
||
Comment 10•25 years ago
|
||
lets see if we can fix this one before we make M5 candidates on Tuesday morning...
|
|
||
Comment 11•25 years ago
|
||
lets see if we can fix this one before we make M5 candidates on Tuesday morning...
|
Assignee | |
Comment 12•25 years ago
|
||
should be fixed now
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 13•25 years ago
|
||
should be fixed now
|
|
||
Comment 14•25 years ago
|
||
*** Bug 5614 has been marked as a duplicate of this bug. ***
|
||
Comment 15•25 years ago
|
||
Verified.
|
|
||
Comment 16•25 years ago
|
||
Moving all Apprunner bugs past and present to Other component temporarily whilst don and I set correct component. Apprunner component will be deleted/retired shortly.
|
||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•