Closed
Bug 616288
Opened 14 years ago
Closed 13 years ago
crash [@ nsAutoCompleteController::StartSearch ] when typing things too rapidly inside the location bar
Categories
(Toolkit :: Autocomplete, defect)
Toolkit
Autocomplete
Tracking
()
RESOLVED
FIXED
mozilla2.0b11
People
(Reporter: scoobidiver, Assigned: ehsan.akhgari)
References
Details
(Keywords: crash, Whiteboard: [sg:dos][STR in comment 23])
Crash Data
Attachments
(1 file, 1 obsolete file)
2.26 KB,
patch
|
Gavin
:
approval2.0+
dveditz
:
approval1.9.2.17+
dveditz
:
approval1.9.1.19+
|
Details | Diff | Splinter Review |
It is a residual crash signature that exists in 3.6 and the trunk builds. It is #35 top crasher on Linux in 4.0b8pre for the last week. Comments say: "Logging into my email at mail.live.com" "Encountered the problem when I was going to comcast.net to check my email. Had many tabs open. Not sure of the interaction, however!" "tried to access gmail.com and the browser blew up on me." "entered a https url, pressed enter and firefox crashed." "again. the https url lets firefox crash." Signature nsAutoCompleteController::StartSearch UUID 045823ff-776a-40bb-a222-78ee12101202 Time 2010-12-02 07:28:02.985205 Uptime 2214 Last Crash 2240 seconds (37.3 minutes) before submission Install Age 3052 seconds (50.9 minutes) since version was first installed. Product Firefox Version 4.0b8pre Build ID 20101202030316 Branch 2.0 OS Linux OS Version 0.0.0 Linux 2.6.32-22-generic #36-Ubuntu SMP Thu Jun 3 22:02:19 UTC 2010 i686 CPU x86 CPU Info GenuineIntel family 15 model 3 stepping 4 Crash Reason SIGSEGV Crash Address 0x4 Frame Module Signature [Expand] Source 0 libxul.so nsAutoCompleteController::StartSearch nsCOMPtr.h:577 1 libxul.so nsAutoCompleteController::Notify nsAutoCompleteController.cpp:722 2 libxul.so nsTimerImpl::Fire nsTimerImpl.cpp:428 3 libxul.so nsTimerEvent::Run nsTimerImpl.cpp:517 4 libxul.so nsThread::ProcessNextEvent nsThread.cpp:626 5 libxul.so NS_ProcessNextEvent_P nsThreadUtils.cpp:250 6 libxul.so mozilla::ipc::MessagePump::Run MessagePump.cpp:110 7 libxul.so MessageLoop::RunInternal message_loop.cc:219 8 libxul.so MessageLoop::Run message_loop.cc:202 9 libxul.so nsBaseAppShell::Run nsBaseAppShell.cpp:192 10 libxul.so nsAppStartup::Run nsAppStartup.cpp:191 11 @0x1ebb32f 12 libxul.so XRE_main nsAppRunner.cpp:3691 13 firefox-bin main nsBrowserApp.cpp:158 14 libc-2.12.1.so libc-2.12.1.so@0x16ce6 15 firefox-bin firefox-bin@0x1390 16 firefox-bin Output nsBrowserApp.cpp:77 17 @0x0 More reports at: http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=&range_value=4&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=nsAutoCompleteController%3A%3AStartSearch
Comment 2•14 years ago
|
||
It sounds like bug 620226 is the same bug for Windows.
OS: Linux → All
Hardware: x86 → All
Comment 3•14 years ago
|
||
(In reply to comment #0) > It is a residual crash signature that exists in 3.6 and the trunk builds. > It is #35 top crasher on Linux in 4.0b8pre for the last week. I have some troubles to use the crash stats tool and I wasn't able to find the 3.6 signature. Can you point to it?
Comment 4•14 years ago
|
||
Windows crashes: http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=&range_value=4&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=nsRefPtr%3CnsDOMStringList%3E%3A%3AnsRefPtr%3CnsDOMStringList%3E%28nsDOMStringList*%29%20|%20nsAutoCompleteController%3A%3AStartSearch%28%29 I double-checked it, this is new: there is no similar stack in 3.6.* (contrary to what is said in comment 1). Actually, I think it might be a regression caused by Places given that the first occurrences of this crash are in December (mid-December (16) and two crashes earlier which could come from the Places branch). Does that sound possible, Shawn?
Comment 5•14 years ago
|
||
Marco, could that be a Places regression? (sound to be a good candidate to me)
Comment 6•14 years ago
|
||
I find it rather unlikely that the Places branch merge causes this. We didn't touch this code at all, nor did we change how we call it in any way.
Comment 7•14 years ago
|
||
(In reply to comment #6) > I find it rather unlikely that the Places branch merge causes this. We didn't > touch this code at all, nor did we change how we call it in any way. But Places changed how we access to the history, right? It looks like this crash happens when the user type in the awesome bar.
Comment 8•14 years ago
|
||
(In reply to comment #7) > But Places changed how we access to the history, right? It looks like this > crash happens when the user type in the awesome bar. We only changed how we query the database, not how we interact with the AutoComplete API
Reporter | ||
Comment 9•14 years ago
|
||
> there is no similar stack in 3.6.* (contrary to what is said in comment 1). It happens rarely in 3.6.13 (not the ratio between trunk and 3.6.13 users). See: bp-58e972bc-692f-4a79-8f5e-4e5df2101231 > the first occurrences of this crash are in December (mid-December (16) and two > crashes earlier which could come from the Places branch). If we consider mid-december as the first occurrence, the regression range is: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=f11f7ed625ba&tochange=a5413c3c1013
Keywords: regression
Comment 10•14 years ago
|
||
(In reply to comment #9) If it's happening in 3.6, it doesn't seem like it's a regression in trunk (apart from it happening more often)
Assignee | ||
Comment 12•14 years ago
|
||
I got this when I opened a new tab and immediately typed into the location bar and pressed enter. I think the crash happened before anything appeared in the location bar. bp-5ddd2b61-1041-4e4e-9ccb-795882110109
Assignee | ||
Comment 13•13 years ago
|
||
I caught this under gdb: (gdb) info args this = (nsAutoCompleteController *) 0x128379640 (gdb) info locals search = { mRawPtr = 0x15742b510 } result = (Cannot access memory at address 0x0 (gdb) p *this $16 = (nsAutoCompleteController) { <nsIAutoCompleteController> = { <nsISupports> = { _vptr$nsISupports = 0x116ca02d0 }, <No data fields>}, <nsIAutoCompleteObserver> = { <nsISupports> = { _vptr$nsISupports = 0x116ca04c8 }, <No data fields>}, <nsITimerCallback> = { <nsISupports> = { _vptr$nsISupports = 0x116ca0500 }, <No data fields>}, <nsITreeView> = { <nsISupports> = { _vptr$nsISupports = 0x116ca0530 }, <No data fields>}, members of nsAutoCompleteController: mRefCnt = { mTagged = 0x145e305a8 }, _mOwningThread = { mThread = 0x100c13750 }, static _cycleCollectorGlobal = { <nsXPCOMCycleCollectionParticipant> = { <nsScriptObjectTracer> = { <nsCycleCollectionParticipant> = { _vptr$nsCycleCollectionParticipant = 0x116ca0670 }, <No data fields>}, <No data fields>}, <No data fields>}, mInput = { mRawPtr = 0x0 }, mSearches = { <nsCOMArray_base> = { <nsCOMArray_base> = { mArray = { mImpl = 0x141c247a0 } }, <No data fields>}, mResults = { <nsCOMArray_base> = { mArray = { mImpl = 0x141d59e00 } }, <No data fields>}, mMatchCounts = { <nsTArray_base<nsTArrayDefaultAllocator>> = { mHdr = 0x1009b78a8 }, <No data fields>}, mTimer = { mRawPtr = 0x0 }, mSelection = { mRawPtr = 0x15a4d2b60 }, mTree = { mRawPtr = 0x0 }, mSearchString = { <nsAString_internal> = { mData = 0x15773bd48, mLength = 12, mFlags = 5 }, <No data fields>}, mDefaultIndexCompleted = 0 '\0', mBackspaced = 0 '\0', mPopupClosedByCompositionStart = 0 '\0', mIsIMEComposing = 0 '\0', mIgnoreHandleText = 0 '\0', mIsOpen = 0, mSearchStatus = 3, mRowCount = 0, mSearchesOngoing = 0, mFirstSearchResult = 1 }
Assignee | ||
Comment 14•13 years ago
|
||
Seems like the underlying nsVoidArray for mSearches is empty: (gdb) p *mSearches.mArray.mImpl $20 = { mBits = 2147483650, mCount = 0, mArray = {0x141c1d190} } Which justifies this assertion right before the crash: ###!!! ASSERTION: nsVoidArray::FastElementAt: index out of range: '0 <= aIndex && aIndex < Count()', file ../../dist/include/nsVoidArray.h, line 74
Assignee | ||
Comment 15•13 years ago
|
||
BTW, this is where the crash happens: <http://mxr.mozilla.org/mozilla-central/source/toolkit/components/autocomplete/src/nsAutoCompleteController.cpp#1022>
Assignee | ||
Comment 16•13 years ago
|
||
One curious fact is this: (gdb) p input $21 = { mRawPtr = 0x1585b1b10 } (gdb) p mInput $22 = { mRawPtr = 0x0 } As far as I can see, the only place where mInput is modified is in nsAutoCompleteController::SetInput, which explains why the mSearches array would be empty too. Verifying all of the |this| members seems to confirm this theory.
Assignee: nobody → ehsan
Assignee | ||
Comment 17•13 years ago
|
||
The theory being SetInput(null) getting called, that is.
Assignee | ||
Comment 18•13 years ago
|
||
To verify my theory, I ran Firefox under gdb with special debugging hooks which log SetInput(nsnull) calls inside StartSearch, and here's the stack showing this happen in practice: Breakpoint 1, nsAutoCompleteController::SetInput (this=0x127a4c000, aInput=0x0) at /Users/ehsanakhgari/moz/mozilla-central/toolkit/components/autocomplete/src/nsAutoCompleteController.cpp:123 #0 nsAutoCompleteController::SetInput (this=0x127a4c000, aInput=0x0) at /Users/ehsanakhgari/moz/mozilla-central/toolkit/components/autocomplete/src/nsAutoCompleteController.cpp:123 #1 0x0000000100928695 in NS_InvokeByIndex_P (that=0x127a4c000, methodIndex=4, paramCount=1, params=0x7fff5fbd73c0) at /Users/ehsanakhgari/moz/mozilla-central/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:208 #1 0x0000000100928695 in NS_InvokeByIndex_P (that=0x127a4c000, methodIndex=4, paramCount=1, params=0x7fff5fbd73c0) at /Users/ehsanakhgari/moz/mozilla-central/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:208 #2 0x0000000114806ff5 in CallMethodHelper::Invoke (this=0x7fff5fbd7380) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappednative.cpp:3072 #3 0x00000001148098cb in CallMethodHelper::Call (this=0x7fff5fbd7380) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappednative.cpp:2334 #4 0x0000000114802f1e in XPCWrappedNative::CallMethod (ccx=@0x7fff5fbd7620, mode=XPCWrappedNative::CALL_SETTER) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappednative.cpp:2298 #5 0x000000011481401f in XPCWrappedNative::SetAttribute (ccx=@0x7fff5fbd7620) at xpcprivate.h:2646 #6 0x000000011480efed in XPC_WN_GetterSetter (cx=0x1216e90e0, argc=1, vp=0x117949c70) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1635 #7 0x00000001001bb445 in js::CallJSNative (cx=0x1216e90e0, native=0x11480ecfd <XPC_WN_GetterSetter(JSContext*, unsigned int, jsval_layout*)>, argc=1, vp=0x117949c70) at jscntxtinlines.h:692 #8 0x00000001001bfc92 in js::Invoke (cx=0x1216e90e0, argsRef=@0x7fff5fbd78b0, flags=0) at jsinterp.cpp:700 #9 0x00000001001c06dd in js::ExternalInvoke (cx=0x1216e90e0, thisv=@0x7fff5fbd7940, fval=@0x7fff5fbd79f0, argc=1, argv=0x7fff5fbd86c0, rval=0x7fff5fbd86c0) at jsinterp.cpp:858 #10 0x00000001001c077d in js::ExternalInvoke (cx=0x1216e90e0, obj=0x11e6069a0, fval=@0x7fff5fbd79f0, argc=1, argv=0x7fff5fbd86c0, rval=0x7fff5fbd86c0) at jsinterp.h:961 #11 0x00000001001c07f0 in js::ExternalGetOrSet (cx=0x1216e90e0, obj=0x11e6069a0, id={asBits = 4695527616}, fval=@0x7fff5fbd79f0, mode=JSACC_WRITE, argc=1, argv=0x7fff5fbd86c0, rval=0x7fff5fbd86c0) at jsinterp.cpp:898 #12 0x00000001001ea338 in js::Shape::set (this=0x13b668c20, cx=0x1216e90e0, obj=0x11e6069a0, vp=0x7fff5fbd86c0) at jsscopeinlines.h:266 #13 0x00000001001d8063 in js_NativeSet (cx=0x1216e90e0, obj=0x11e6069a0, shape=0x13b668c20, added=false, vp=0x7fff5fbd86c0) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsobj.cpp:5199 #14 0x00000001001de36a in js_SetPropertyHelper (cx=0x1216e90e0, obj=0x11e6069a0, id={asBits = 4695527616}, defineHow=1, vp=0x7fff5fbd86c0, strict=0) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsobj.cpp:5674 #15 0x00000001001a8d32 in js::Interpret () at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsinterp.cpp:4477 #16 0x00000001001bf084 in js::RunScript (cx=0x1216e90e0, script=0x13ed13f00, fp=0x117949ba0) at jsinterp.cpp:657 #17 0x00000001001bfe9e in js::Invoke (cx=0x1216e90e0, argsRef=@0x7fff5fbd8f80, flags=0) at jsinterp.cpp:737 #18 0x00000001001c06dd in js::ExternalInvoke (cx=0x1216e90e0, thisv=@0x7fff5fbd9010, fval=@0x7fff5fbd9048, argc=1, argv=0x137c4ba20, rval=0x7fff5fbd91d0) at jsinterp.cpp:858 #19 0x00000001000eb71b in js::ExternalInvoke (cx=0x1216e90e0, obj=0x121edb9a0, fval=@0x7fff5fbd9048, argc=1, argv=0x137c4ba20, rval=0x7fff5fbd91d0) at jsinterp.h:961 #20 0x00000001000eb856 in JS_CallFunctionValue (cx=0x1216e90e0, obj=0x121edb9a0, fval={asBits = 18445477441429963280, debugView = {payload47 = 5115609616, tag = JSVAL_TAG_OBJECT}, s = {payload = {i32 = 820642320, u32 = 820642320, why = 820642320, word = 18445477441429963280}}, asDouble = -nan(0xb800130ea0210), asPtr = 0xfffb800130ea0210}, argc=1, argv=0x137c4ba20, rval=0x7fff5fbd91d0) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsapi.cpp:5019 #21 0x000000011424b3f3 in nsJSContext::CallEventHandler (this=0x1216e9080, aTarget=0x12d0c8560, aScope=0x12bab1750, aHandler=0x130ea0210, aargv=0x141dee040, arv=0x7fff5fbd9440) at /Users/ehsanakhgari/moz/mozilla-central/dom/base/nsJSEn vironment.cpp:2005 #22 0x00000001142db531 in nsJSEventListener::HandleEvent (this=0x11a86a8d0, aEvent=0x141d85120) at /Users/ehsanakhgari/moz/mozilla-central/dom/src/events/nsJSEventListener.cpp:228 #23 0x00000001141f827d in nsXBLPrototypeHandler::ExecuteHandler (this=0x11962cc60, aTarget=0x12d0c8560, aEvent=0x141d85120) at /Users/ehsanakhgari/moz/mozilla-central/content/xbl/src/nsXBLPrototypeHandler.cpp:332 #24 0x00000001141f20fa in nsXBLEventHandler::HandleEvent (this=0x121608300, aEvent=0x141d85120) at /Users/ehsanakhgari/moz/mozilla-central/content/xbl/src/nsXBLEventHandler.cpp:88 #25 0x0000000114028998 in nsEventListenerManager::HandleEventSubType (this=0x12d0c85e0, aListenerStruct=0x10120b660, aListener=0x121608300, aDOMEvent=0x141d85120, aCurrentTarget=0x12d0c8560, aPhaseFlags=4, aPusher=0x7fff5fbd9cd0) at /U sers/ehsanakhgari/moz/mozilla-central/content/events/src/nsEventListenerManager.cpp:1114 #26 0x0000000114028e13 in nsEventListenerManager::HandleEventInternal (this=0x12d0c85e0, aPresContext=0x1222b1000, aEvent=0x7fff5fbd9db0, aDOMEvent=0x7fff5fbd9cb0, aCurrentTarget=0x12d0c8560, aFlags=4, aEventStatus=0x7fff5fbd9cb8, aPus her=0x7fff5fbd9cd0) at /Users/ehsanakhgari/moz/mozilla-central/content/events/src/nsEventListenerManager.cpp:1209 #27 0x00000001140592cf in nsEventListenerManager::HandleEvent (this=0x12d0c85e0, aPresContext=0x1222b1000, aEvent=0x7fff5fbd9db0, aDOMEvent=0x7fff5fbd9cb0, aCurrentTarget=0x12d0c8560, aFlags=4, aEventStatus=0x7fff5fbd9cb8, aPusher=0x7fff5fbd9cd0) at nsEventListenerManager.h:146 #28 0x000000011405947a in nsEventTargetChainItem::HandleEvent (this=0x11a75e770, aVisitor=@0x7fff5fbd9ca0, aFlags=4, aMayHaveNewListenerManagers=0, aPusher=0x7fff5fbd9cd0) at /Users/ehsanakhgari/moz/mozilla-central/content/events/src/n sEventDispatcher.cpp:212 #29 0x0000000114057778 in nsEventTargetChainItem::HandleEventTargetChain (this=0x11a75e3f0, aVisitor=@0x7fff5fbd9ca0, aFlags=6, aCallback=0x0, aMayHaveNewListenerManagers=0, aPusher=0x7fff5fbd9cd0) at /Users/ehsanakhgari/moz/mozilla-ce ntral/content/events/src/nsEventDispatcher.cpp:311 #30 0x0000000114058522 in nsEventDispatcher::Dispatch (aTarget=0x12d017d20, aPresContext=0x1222b1000, aEvent=0x7fff5fbd9db0, aDOMEvent=0x0, aEventStatus=0x0, aCallback=0x0, aTargets=0x0) at /Users/ehsanakhgari/moz/mozilla-central/conte nt/events/src/nsEventDispatcher.cpp:628 #31 0x0000000114261c4c in FocusBlurEvent::Run (this=0x1215b85c0) at /Users/ehsanakhgari/moz/mozilla-central/dom/base/nsFocusManager.cpp:1795 #32 0x0000000113ec9b3d in nsContentUtils::AddScriptRunner (aRunnable=0x1215b85c0) at /Users/ehsanakhgari/moz/mozilla-central/content/base/src/nsContentUtils.cpp:4747 #33 0x0000000114258d75 in nsFocusManager::SendFocusOrBlurEvent (this=0x100c55e20, aType=1301, aPresShell=0x12eace180, aDocument=0x12e721000, aTarget=0x12d017d20, aFocusMethod=1, aWindowRaised=0, aIsRefocus=0) at /Users/ehsanakhgari/moz /mozilla-central/dom/base/nsFocusManager.cpp:1844 #34 0x0000000114259cbb in nsFocusManager::Blur (this=0x100c55e20, aWindowToClear=0x1216e8d40, aAncestorWindowToFocus=0x1216e8d40, aIsLeavingDocument=1, aAdjustWidgets=1) at /Users/ehsanakhgari/moz/mozilla-central/dom/base/nsFocusManage r.cpp:1524 #35 0x000000011425f406 in nsFocusManager::SetFocusInner (this=0x100c55e20, aNewContent=0x143d3d450, aFlags=0, aFocusChanged=0, aAdjustWidget=1) at /Users/ehsanakhgari/moz/mozilla-central/dom/base/nsFocusManager.cpp:1188 #36 0x000000011425fcce in nsFocusManager::SetFocus (this=0x100c55e20, aElement=0x143d3d4b8, aFlags=0) at /Users/ehsanakhgari/moz/mozilla-central/dom/base/nsFocusManager.cpp:445 #37 0x000000011454611f in nsXULElement::Focus (this=0x143d3d450) at /Users/ehsanakhgari/moz/mozilla-central/content/xul/content/src/nsXULElement.cpp:2074 #38 0x000000011482bbbe in nsIDOMXULElement_Focus (cx=0x1216e90e0, argc=0, vp=0x117949b78) at dom_quickstubs.cpp:25330 #39 0x00000001001bb445 in js::CallJSNative (cx=0x1216e90e0, native=0x11482bb15 <nsIDOMXULElement_Focus(JSContext*, unsigned int, jsval_layout*)>, argc=0, vp=0x117949b78) at jscntxtinlines.h:692 #40 0x00000001001aaa57 in js::Interpret () at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsinterp.cpp:4780 #41 0x00000001001bf084 in js::RunScript (cx=0x1216e90e0, script=0x13cfb3a80, fp=0x117949a98) at jsinterp.cpp:657 #42 0x00000001001bfe9e in js::Invoke (cx=0x1216e90e0, argsRef=@0x7fff5fbdb700, flags=0) at jsinterp.cpp:737 #43 0x000000010016eb1c in js_fun_apply (cx=0x1216e90e0, argc=2, vp=0x117949a58) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsfun.cpp:2182 #44 0x00000001001bb445 in js::CallJSNative (cx=0x1216e90e0, native=0x10016e7fa <js_fun_apply(JSContext*, unsigned int, js::Value*)>, argc=2, vp=0x117949a58) at jscntxtinlines.h:692 #45 0x00000001001aaa57 in js::Interpret () at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsinterp.cpp:4780 #46 0x00000001001bf084 in js::RunScript (cx=0x1216e90e0, script=0x1216512c0, fp=0x117949950) at jsinterp.cpp:657 #47 0x00000001001bfe9e in js::Invoke (cx=0x1216e90e0, argsRef=@0x7fff5fbdcb80, flags=0) at jsinterp.cpp:737 #48 0x00000001001c06dd in js::ExternalInvoke (cx=0x1216e90e0, thisv=@0x7fff5fbdcc10, fval=@0x7fff5fbdcc48, argc=0, argv=0x7fff5fbdd2c8, rval=0x7fff5fbdcec0) at jsinterp.cpp:858 #49 0x00000001000eb71b in js::ExternalInvoke (cx=0x1216e90e0, obj=0x121edb9a0, fval=@0x7fff5fbdcc48, argc=0, argv=0x7fff5fbdd2c8, rval=0x7fff5fbdcec0) at jsinterp.h:961 #50 0x00000001000eb856 in JS_CallFunctionValue (cx=0x1216e90e0, obj=0x121edb9a0, fval={asBits = 18445477441178260600, debugView = {payload47 = 4863906936, tag = JSVAL_TAG_OBJECT}, s = {payload = {i32 = 568939640, u32 = 568939640, why = 568939640, word = 18445477441178260600}}, asDouble = -nan(0xb800121e95478), asPtr = 0xfffb800121e95478}, argc=0, argv=0x7fff5fbdd2c8, rval=0x7fff5fbdcec0) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsapi.cpp:5019 #51 0x00000001147f61ad in nsXPCWrappedJSClass::CallMethod (this=0x141d77650, wrapper=0x141d77750, methodIndex=36, info=0x1021b3e30, nativeParams=0x7fff5fbdd420) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrapped jsclass.cpp:1700 #52 0x00000001147ed128 in nsXPCWrappedJS::CallMethod (this=0x141d77750, methodIndex=36, info=0x1021b3e30, params=0x7fff5fbdd420) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappedjs.cpp:588 #53 0x0000000100929cce in PrepareAndDispatch (self=0x141d777d0, methodIndex=36, args=0x7fff5fbdd5a0, gpregs=0x7fff5fbdd520, fpregs=0x7fff5fbdd550) at /Users/ehsanakhgari/moz/mozilla-central/xpcom/reflect/xptcall/src/md/unix/xptcstubs_x 86_64_darwin.cpp:153 #54 0x0000000100928743 in SharedStub () at xpt_struct.h:332 #55 0x0000000116d17539 in nsAutoCompleteController::EnterMatch (this=0x127a4c000, aIsPopupSelection=1) at /Users/ehsanakhgari/moz/mozilla-central/toolkit/components/autocomplete/src/nsAutoCompleteController.cpp:1187 #56 0x0000000116d176a6 in nsAutoCompleteController::HandleEnter (this=0x127a4c000, aIsPopupSelection=1, _retval=0x7fff5fbddae8) at /Users/ehsanakhgari/moz/mozilla-central/toolkit/components/autocomplete/src/nsAutoCompleteController.cpp :288 #57 0x0000000100928695 in NS_InvokeByIndex_P (that=0x127a4c000, methodIndex=10, paramCount=2, params=0x7fff5fbddad0) at /Users/ehsanakhgari/moz/mozilla-central/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:208 #58 0x0000000114806ff5 in CallMethodHelper::Invoke (this=0x7fff5fbdda90) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappednative.cpp:3072 #59 0x00000001148098cb in CallMethodHelper::Call (this=0x7fff5fbdda90) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappednative.cpp:2334 #60 0x0000000114802f1e in XPCWrappedNative::CallMethod (ccx=@0x7fff5fbddd10, mode=XPCWrappedNative::CALL_METHOD) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappednative.cpp:2298 #61 0x000000011480f32a in XPC_WN_CallMethod (cx=0x1216e90e0, argc=1, vp=0x117949928) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1593 #62 0x00000001001bb445 in js::CallJSNative (cx=0x1216e90e0, native=0x11480f084 <XPC_WN_CallMethod(JSContext*, unsigned int, jsval_layout*)>, argc=1, vp=0x117949928) at jscntxtinlines.h:692 #63 0x00000001001bfc92 in js::Invoke (cx=0x1216e90e0, argsRef=@0x7fff5fbddfa0, flags=0) at jsinterp.cpp:700 #64 0x00000001001c06dd in js::ExternalInvoke (cx=0x1216e90e0, thisv=@0x117949888, fval=@0x12962bc10, argc=1, argv=0x117949890, rval=0x7fff5fbde048) at jsinterp.cpp:858 #65 0x0000000100229d35 in js::JSProxyHandler::call (this=0x100551910, cx=0x1216e90e0, proxy=0x12962bbb0, argc=1, vp=0x117949880) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsproxy.cpp:248 #66 0x000000010028c4ec in JSWrapper::call (this=0x100551910, cx=0x1216e90e0, wrapper=0x12962bbb0, argc=1, vp=0x117949880) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jswrapper.cpp:235 #67 0x000000010028c685 in JSCrossCompartmentWrapper::call (this=0x100551910, cx=0x1216e90e0, wrapper=0x12962bbb0, argc=1, vp=0x117949880) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jswrapper.cpp:601 #68 0x000000010022b063 in js::JSProxy::call (cx=0x1216e90e0, proxy=0x12962bbb0, argc=1, vp=0x117949880) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsproxy.cpp:810 #69 0x000000010022b0d3 in js::proxy_Call (cx=0x1216e90e0, argc=1, vp=0x117949880) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsproxy.cpp:1062 #70 0x00000001001bb445 in js::CallJSNative (cx=0x1216e90e0, native=0x10022b077 <js::proxy_Call(JSContext*, unsigned int, js::Value*)>, argc=1, vp=0x117949880) at jscntxtinlines.h:692 #71 0x00000001001bfc08 in js::Invoke (cx=0x1216e90e0, argsRef=@0x7fff5fbde6b0, flags=0) at jsinterp.cpp:693 #72 0x00000001001aabab in js::Interpret () at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsinterp.cpp:4791 #73 0x00000001001bf084 in js::RunScript (cx=0x1216e90e0, script=0x119689a90, fp=0x117949820) at jsinterp.cpp:657 #74 0x00000001001bfe9e in js::Invoke (cx=0x1216e90e0, argsRef=@0x7fff5fbdf740, flags=0) at jsinterp.cpp:737 #75 0x00000001001c06dd in js::ExternalInvoke (cx=0x1216e90e0, thisv=@0x117949768, fval=@0x13b8c9748, argc=1, argv=0x117949770, rval=0x7fff5fbdf7e8) at jsinterp.cpp:858 #76 0x0000000100229d35 in js::JSProxyHandler::call (this=0x100551910, cx=0x1216e90e0, proxy=0x13b8c96e8, argc=1, vp=0x117949760) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsproxy.cpp:248 #77 0x000000010028c4ec in JSWrapper::call (this=0x100551910, cx=0x1216e90e0, wrapper=0x13b8c96e8, argc=1, vp=0x117949760) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jswrapper.cpp:235 #78 0x000000010028c685 in JSCrossCompartmentWrapper::call (this=0x100551910, cx=0x1216e90e0, wrapper=0x13b8c96e8, argc=1, vp=0x117949760) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jswrapper.cpp:601 #79 0x000000010022b063 in js::JSProxy::call (cx=0x1216e90e0, proxy=0x13b8c96e8, argc=1, vp=0x117949760) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsproxy.cpp:810 #80 0x000000010022b0d3 in js::proxy_Call (cx=0x1216e90e0, argc=1, vp=0x117949760) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsproxy.cpp:1062 #81 0x00000001001bb445 in js::CallJSNative (cx=0x1216e90e0, native=0x10022b077 <js::proxy_Call(JSContext*, unsigned int, js::Value*)>, argc=1, vp=0x117949760) at jscntxtinlines.h:692 #82 0x00000001001bfc08 in js::Invoke (cx=0x1216e90e0, argsRef=@0x7fff5fbdfb90, flags=0) at jsinterp.cpp:693 #83 0x00000001001c06dd in js::ExternalInvoke (cx=0x1216e90e0, thisv=@0x7fff5fbdfc20, fval=@0x7fff5fbdfc58, argc=1, argv=0x7fff5fbe02d8, rval=0x7fff5fbdfed0) at jsinterp.cpp:858 #84 0x00000001000eb71b in js::ExternalInvoke (cx=0x1216e90e0, obj=0x121edb9a0, fval=@0x7fff5fbdfc58, argc=1, argv=0x7fff5fbe02d8, rval=0x7fff5fbdfed0) at jsinterp.h:961 #85 0x00000001000eb856 in JS_CallFunctionValue (cx=0x1216e90e0, obj=0x121edb9a0, fval={asBits = 18445477441608390376, debugView = {payload47 = 5294036712, tag = JSVAL_TAG_OBJECT}, s = {payload = {i32 = 999069416, u32 = 999069416, why = 999069416, word = 18445477441608390376}}, asDouble = -nan(0xb80013b8c96e8), asPtr = 0xfffb80013b8c96e8}, argc=1, argv=0x7fff5fbe02d8, rval=0x7fff5fbdfed0) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsapi.cpp:5019 #86 0x00000001147f61ad in nsXPCWrappedJSClass::CallMethod (this=0x12466b130, wrapper=0x13b904d20, methodIndex=3, info=0x102112518, nativeParams=0x7fff5fbe0430) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappedj sclass.cpp:1700 #87 0x00000001147ed128 in nsXPCWrappedJS::CallMethod (this=0x13b904d20, methodIndex=3, info=0x102112518, params=0x7fff5fbe0430) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappedjs.cpp:588 #88 0x0000000100929cce in PrepareAndDispatch (self=0x13b904da0, methodIndex=3, args=0x7fff5fbe05b0, gpregs=0x7fff5fbe0530, fpregs=0x7fff5fbe0560) at /Users/ehsanakhgari/moz/mozilla-central/xpcom/reflect/xptcall/src/md/unix/xptcstubs_x8 6_64_darwin.cpp:153 #89 0x0000000100928743 in SharedStub () at xpt_struct.h:332 #90 0x0000000114028998 in nsEventListenerManager::HandleEventSubType (this=0x12d0c85e0, aListenerStruct=0x10120b750, aListener=0x13b904da0, aDOMEvent=0x13ea6c220, aCurrentTarget=0x12d0c8560, aPhaseFlags=4, aPusher=0x7fff5fbe0b30) at /U sers/ehsanakhgari/moz/mozilla-central/content/events/src/nsEventListenerManager.cpp:1114 #91 0x0000000114028e13 in nsEventListenerManager::HandleEventInternal (this=0x12d0c85e0, aPresContext=0x1222b1000, aEvent=0x7fff5fbe1400, aDOMEvent=0x7fff5fbe0b10, aCurrentTarget=0x12d0c8560, aFlags=4, aEventStatus=0x7fff5fbe0b18, aPus her=0x7fff5fbe0b30) at /Users/ehsanakhgari/moz/mozilla-central/content/events/src/nsEventListenerManager.cpp:1209 #92 0x00000001140592cf in nsEventListenerManager::HandleEvent (this=0x12d0c85e0, aPresContext=0x1222b1000, aEvent=0x7fff5fbe1400, aDOMEvent=0x7fff5fbe0b10, aCurrentTarget=0x12d0c8560, aFlags=4, aEventStatus=0x7fff5fbe0b18, aPusher=0x7f ff5fbe0b30) at nsEventListenerManager.h:146 #93 0x000000011405947a in nsEventTargetChainItem::HandleEvent (this=0x11a75eaf0, aVisitor=@0x7fff5fbe0b00, aFlags=4, aMayHaveNewListenerManagers=0, aPusher=0x7fff5fbe0b30) at /Users/ehsanakhgari/moz/mozilla-central/content/events/src/n sEventDispatcher.cpp:212 #94 0x0000000114057778 in nsEventTargetChainItem::HandleEventTargetChain (this=0x11a75ee38, aVisitor=@0x7fff5fbe0b00, aFlags=6, aCallback=0x7fff5fbe0c40, aMayHaveNewListenerManagers=0, aPusher=0x7fff5fbe0b30) at /Users/ehsanakhgari/moz /mozilla-central/content/events/src/nsEventDispatcher.cpp:311 #95 0x0000000114058522 in nsEventDispatcher::Dispatch (aTarget=0x12d017d20, aPresContext=0x1222b1000, aEvent=0x7fff5fbe1400, aDOMEvent=0x0, aEventStatus=0x7fff5fbe0f1c, aCallback=0x7fff5fbe0c40, aTargets=0x0) at /Users/ehsanakhgari/moz /mozilla-central/content/events/src/nsEventDispatcher.cpp:628 #96 0x0000000113c18ef7 in PresShell::HandleEventInternal (this=0x12eace180, aEvent=0x7fff5fbe1400, aView=0x12eac7010, aStatus=0x7fff5fbe0f1c) at /Users/ehsanakhgari/moz/mozilla-central/layout/base/nsPresShell.cpp:6988 #97 0x0000000113c29054 in PresShell::HandleEvent (this=0x12eace180, aView=0x12eac7010, aEvent=0x7fff5fbe1400, aDontRetargetEvents=0, aEventStatus=0x7fff5fbe0f1c) at /Users/ehsanakhgari/moz/mozilla-central/layout/base/nsPresShell.cpp:67 35 #98 0x0000000114233e55 in nsViewManager::HandleEvent (this=0x12eac6fa0, aView=0x12eac7010, aEvent=0x7fff5fbe1400) at /Users/ehsanakhgari/moz/mozilla-central/view/src/nsViewManager.cpp:1095 #99 0x0000000114237e69 in nsViewManager::DispatchEvent (this=0x12eac6fa0, aEvent=0x7fff5fbe1400, aView=0x12eac7010, aStatus=0x7fff5fbe112c) at /Users/ehsanakhgari/moz/mozilla-central/view/src/nsViewManager.cpp:1073 #100 0x00000001142314bc in HandleEvent (aEvent=0x7fff5fbe1400) at /Users/ehsanakhgari/moz/mozilla-central/view/src/nsView.cpp:161 #101 0x00000001139149cd in nsChildView::DispatchEvent (this=0x12eac7090, event=0x7fff5fbe1400, aStatus=@0x7fff5fbe124c) at /Users/ehsanakhgari/moz/mozilla-central/widget/src/cocoa/nsChildView.mm:1797 #102 0x0000000113910950 in nsChildView::DispatchWindowEvent (this=0x12eac7090, event=@0x7fff5fbe1400) at /Users/ehsanakhgari/moz/mozilla-central/widget/src/cocoa/nsChildView.mm:1807 #103 0x0000000113919a7c in -[ChildView processKeyDownEvent:] (self=0x12eac7200, _cmd=0x1018206b0, theEvent=0x13ea6acf0) at /Users/ehsanakhgari/moz/mozilla-central/widget/src/cocoa/nsChildView.mm:5232 #104 0x000000011391972a in -[ChildView keyDown:] (self=0x12eac7200, _cmd=0x7fff88ec7400, theEvent=0x13ea6acf0) at /Users/ehsanakhgari/moz/mozilla-central/widget/src/cocoa/nsChildView.mm:5501 #105 0x00007fff888c706f in -[NSWindow sendEvent:] () #106 0x000000011390450f in -[ToolbarWindow sendEvent:] (self=0x1216e6210, _cmd=0x7fff88ec1a10, anEvent=0x13ea6acf0) at /Users/ehsanakhgari/moz/mozilla-central/widget/src/cocoa/nsCocoaWindow.mm:2439 #107 0x00007fff887fba86 in -[NSApplication sendEvent:] () #108 0x00000001138ff272 in nsAppShell::ProcessNextNativeEvent (this=0x100c76210, aMayWait=0) at /Users/ehsanakhgari/moz/mozilla-central/widget/src/cocoa/nsAppShell.mm:653 #109 0x000000011395251e in nsBaseAppShell::DoProcessNextNativeEvent (this=0x100c76210, mayWait=0) at /Users/ehsanakhgari/moz/mozilla-central/widget/src/xpwidgets/nsBaseAppShell.cpp:176 #110 0x0000000113953161 in nsBaseAppShell::OnProcessNextEvent (this=0x100c76210, thr=0x1018111b0, mayWait=1, recursionDepth=3) at /Users/ehsanakhgari/moz/mozilla-central/widget/src/xpwidgets/nsBaseAppShell.cpp:318 #111 0x00000001138fece2 in nsAppShell::OnProcessNextEvent (this=0x100c76210, aThread=0x1018111b0, aMayWait=1, aRecursionDepth=3) at /Users/ehsanakhgari/moz/mozilla-central/widget/src/cocoa/nsAppShell.mm:839 #112 0x0000000100905a8c in nsThread::ProcessNextEvent (this=0x1018111b0, mayWait=1, result=0x7fff5fbe2128) at /Users/ehsanakhgari/moz/mozilla-central/xpcom/threads/nsThread.cpp:597 #113 0x0000000100928695 in NS_InvokeByIndex_P (that=0x1018111b0, methodIndex=8, paramCount=2, params=0x7fff5fbe2110) at /Users/ehsanakhgari/moz/mozilla-central/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:208 #114 0x0000000114806ff5 in CallMethodHelper::Invoke (this=0x7fff5fbe20d0) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappednative.cpp:3072 #115 0x00000001148098cb in CallMethodHelper::Call (this=0x7fff5fbe20d0) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappednative.cpp:2334 #116 0x0000000114802f1e in XPCWrappedNative::CallMethod (ccx=@0x7fff5fbe2350, mode=XPCWrappedNative::CALL_METHOD) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappednative.cpp:2298 #117 0x000000011480f32a in XPC_WN_CallMethod (cx=0x10183f2a0, argc=1, vp=0x117949710) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1593 #118 0x00000001001bb445 in js::CallJSNative (cx=0x10183f2a0, native=0x11480f084 <XPC_WN_CallMethod(JSContext*, unsigned int, jsval_layout*)>, argc=1, vp=0x117949710) at jscntxtinlines.h:692 #119 0x00000001001aaa57 in js::Interpret () at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsinterp.cpp:4780 #120 0x00000001001bf084 in js::RunScript (cx=0x10183f2a0, script=0x1258dfa00, fp=0x1179493f8) at jsinterp.cpp:657 #121 0x00000001001bfe9e in js::Invoke (cx=0x10183f2a0, argsRef=@0x7fff5fbe3850, flags=0) at jsinterp.cpp:737 #122 0x00000001001c06dd in js::ExternalInvoke (cx=0x10183f2a0, thisv=@0x7fff5fbe38e0, fval=@0x7fff5fbe3918, argc=4, argv=0x7fff5fbe3f98, rval=0x7fff5fbe3b90) at jsinterp.cpp:858 #123 0x00000001000eb71b in js::ExternalInvoke (cx=0x10183f2a0, obj=0x126534410, fval=@0x7fff5fbe3918, argc=4, argv=0x7fff5fbe3f98, rval=0x7fff5fbe3b90) at jsinterp.h:961 #124 0x00000001000eb856 in JS_CallFunctionValue (cx=0x10183f2a0, obj=0x126534410, fval={asBits = 18445477441252316456, debugView = {payload47 = 4937962792, tag = JSVAL_TAG_OBJECT}, s = {payload = {i32 = 642995496, u32 = 642995496, why = 642995496, word = 18445477441252316456}}, asDouble = -nan(0xb800126535528), asPtr = 0xfffb800126535528}, argc=4, argv=0x7fff5fbe3f98, rval=0x7fff5fbe3b90) at /Users/ehsanakhgari/moz/mozilla-central/js/src/jsapi.cpp:5019 #125 0x00000001147f61ad in nsXPCWrappedJSClass::CallMethod (this=0x1216cf720, wrapper=0x126942280, methodIndex=3, info=0x1021b3890, nativeParams=0x7fff5fbe40f0) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrapped jsclass.cpp:1700 #126 0x00000001147ed128 in nsXPCWrappedJS::CallMethod (this=0x126942280, methodIndex=3, info=0x1021b3890, params=0x7fff5fbe40f0) at /Users/ehsanakhgari/moz/mozilla-central/js/src/xpconnect/src/xpcwrappedjs.cpp:588 #127 0x0000000100929cce in PrepareAndDispatch (self=0x126942300, methodIndex=3, args=0x7fff5fbe4270, gpregs=0x7fff5fbe41f0, fpregs=0x7fff5fbe4220) at /Users/ehsanakhgari/moz/mozilla-central/xpcom/reflect/xptcall/src/md/unix/xptcstubs_x 86_64_darwin.cpp:153 #128 0x0000000100928743 in SharedStub () at xpt_struct.h:332 #129 0x0000000116d17927 in nsAutoCompleteController::StartSearch () at /Users/ehsanakhgari/moz/mozilla-central/toolkit/components/autocomplete/src/nsAutoCompleteController.cpp:1043 #130 0x0000000116d17a27 in nsAutoCompleteController::Notify (this=0x127a4c000, timer=0x143ca5860) at /Users/ehsanakhgari/moz/mozilla-central/toolkit/components/autocomplete/src/nsAutoCompleteController.cpp:722 #131 0x000000010090df8a in nsTimerImpl::Fire (this=0x143ca5860) at /Users/ehsanakhgari/moz/mozilla-central/xpcom/threads/nsTimerImpl.cpp:428 #132 0x000000010090e1e0 in nsTimerEvent::Run (this=0x12ea78d60) at /Users/ehsanakhgari/moz/mozilla-central/xpcom/threads/nsTimerImpl.cpp:517 #133 0x0000000100905c58 in nsThread::ProcessNextEvent (this=0x1018111b0, mayWait=0, result=0x7fff5fbe4614) at /Users/ehsanakhgari/moz/mozilla-central/xpcom/threads/nsThread.cpp:633 #134 0x000000010087cff5 in NS_ProcessPendingEvents_P (thread=0x1018111b0, timeout=20) at nsThreadUtils.cpp:200 #135 0x0000000113952a77 in nsBaseAppShell::NativeEventCallback (this=0x100c76210, aAlwaysBlockNative=0) at /Users/ehsanakhgari/moz/mozilla-central/widget/src/xpwidgets/nsBaseAppShell.cpp:135 #136 0x00000001138ff6d9 in nsAppShell::ProcessGeckoEvents (aInfo=0x100c76210) at /Users/ehsanakhgari/moz/mozilla-central/widget/src/cocoa/nsAppShell.mm:405 ...
Assignee | ||
Comment 19•13 years ago
|
||
So, basically here is a complete analysis of what happens. nsAutoCompleteController::StartSearch calls TagAutoCompleteSearch.startSearch, which calls a generator, which leads us to process thread events. If you quickly type something to trigger a search and then press enter soon enough (or possibly press tab to blur the urlbar, or something to that effect), we end up in a cycle which can lead to calls to SetInput(nsnull) for multiple reasons. The proper fix is to not assume that we're dealing with an attached autocomplete controller after calls into nsIAutoCompleteSearch::StartSearch. Patch to follow up soon.
Assignee | ||
Updated•13 years ago
|
Summary: crash [@ nsAutoCompleteController::StartSearch ] → crash [@ nsAutoCompleteController::StartSearch ] when typing things too rapidly inside the location bar
Assignee | ||
Comment 20•13 years ago
|
||
Attachment #506671 -
Flags: review?(sdwilsh)
Attachment #506671 -
Flags: approval2.0?
Assignee | ||
Comment 21•13 years ago
|
||
Now that a simple and relatively low risk fix is at hand, I think we should consider this for branches. I also think that we should (soft-)block on this for 2.0.
Comment 22•13 years ago
|
||
Doesn't seem to be a regression so I don't think it will block, will happily see that patch approved and landed after review though.
blocking2.0: ? → -
Assignee | ||
Comment 23•13 years ago
|
||
This is very easy to reproduce in a debug build. Here is what I do to trigger it. 1. Open Firefox. A profile with a big places file (such as your main profile) might be helpful here, haven't tried new profiles. 2. Copy an address into the clipboard (I used about:config, but anything should work. 3. Quickly go through these steps: * Cmd+T to open a new tab/Cmd+L to focus the location bar/Cmd+W and Cmd+N to open a new tab in place of the existing one. * Cmd+V to paste. * Enter (you can switch between the three variations of the first step arbitrarily). The key part here seems to be doing this stuff quickly in a sequence. I hit this crash with gdb attached in less than 10 seconds of doing step 3.
Whiteboard: [STR in comment 23]
Comment 24•13 years ago
|
||
Comment on attachment 506671 [details] [diff] [review] Patch (v1) >+ // nsIAutoCompleteSearch::StartSearch might cause us to be detached from >+ // our input field, so it's not safe to assume that it's safe to iterate >+ // over the next iteration. How about this instead: Because of the joy of nested event loops (which can easily happen when some code uses a generator for an asynchronous AutoComplete search), nsIAutoCompleteSearch::StartSearch might cause us to be detached from our input field. The next time we iterate, we'd be touching something that we shouldn't be, and result in a crash. r=sdwilsh
Attachment #506671 -
Flags: review?(sdwilsh) → review+
Assignee | ||
Comment 25•13 years ago
|
||
Done!
Attachment #506671 -
Attachment is obsolete: true
Attachment #507930 -
Flags: approval2.0?
Attachment #506671 -
Flags: approval2.0?
Updated•13 years ago
|
Attachment #507930 -
Flags: approval2.0? → approval2.0+
Assignee | ||
Comment 26•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/7cf9d28a0a40
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b11
Assignee | ||
Updated•13 years ago
|
Attachment #507930 -
Flags: approval1.9.2.15?
Attachment #507930 -
Flags: approval1.9.1.18?
Assignee | ||
Comment 27•13 years ago
|
||
Oops, I just realized that I had changed the wrong comment. This patch fixes that: http://hg.mozilla.org/mozilla-central/rev/a2f4bc829c88
Updated•13 years ago
|
Keywords: regression
Updated•13 years ago
|
Whiteboard: [STR in comment 23] → [sg:dos][STR in comment 23]
Comment 28•13 years ago
|
||
Comment on attachment 507930 [details] [diff] [review] For check-in approved for 1.9.2.15 and 1.9.1.18, a=dveditz for release-drivers
Attachment #507930 -
Flags: approval1.9.2.15?
Attachment #507930 -
Flags: approval1.9.2.15+
Attachment #507930 -
Flags: approval1.9.1.18?
Attachment #507930 -
Flags: approval1.9.1.18+
Assignee | ||
Comment 29•13 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/3422731ea363 http://hg.mozilla.org/releases/mozilla-1.9.1/rev/ab91932fca94
Comment 30•13 years ago
|
||
The "3.6.15" we're releasing today does not fix this bug, the release containing this bug fix has been renamed to "3.6.16" and the bugzilla flags will be updated to reflect that soon. Today's release is a re-release of 3.6.14 plus a fix for a bug that prevented many Java applets from starting up.
Updated•13 years ago
|
Crash Signature: [@ nsAutoCompleteController::StartSearch ]
You need to log in
before you can comment on or make changes to this bug.
Description
•