Closed Bug 7801 Opened 25 years ago Closed 25 years ago

Regression: Crash when select the bullet icon from compose window

Categories

(Core :: DOM: Editor, defect, P3)

Product:
Core
Component:
DOM: Editor
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: fenella, Assigned: mozeditor)

Details

RE: Win32 and Mac (1999-06-08-08 m7)
1. Run apprunner, open messenger from Task
2. Click on the New Msg button to open a compose window
3. Enter email address in the To: field and enter text in the Subject field, no
problem
3. Click on the bullet icon, crash occurs here.
On Mac, this crashes the system
On Win_nt 4.0, apprunner crashes
Unable to test Linux
Talkback will follow.
Summary: Regression: Crash when select the bullet icon from compose window → Regression: Crash when select the bullet icon from compose window
Fenella, does the regular Editor (from browser window, choose Tasks | Editor)
also have this problem?  If so, pls change the product to Browser and component
to Editor.
Thanks.
Assignee: phil → ducarroz
Target Milestone: M7
Reassign to ducarroz, cc buster. M7 since it's a regression.
Target Milestone: M7
Lisa, when I use the editor to click on the bullet or number icon, it does not
crash.
The crash occurs in the compose window only.  It also occurs when I click on the
number icon.  However, if I type some text in the body first, and then click on
the bullet or the number icon, apprunner won't crash.
Component: Back End → XPConnect
I can't reproduce this in either the editor or the mail compose window.
This also occurs on Linux.  Crash is consistently reproducible.
In order for it to crash, you must click on the Bullet icon or the Number List
Item icon first. If you type anything in the Body first, then click on these
icons, it won't crash.

Here is the Linux stack trace:

#0  0x40acc441 in nsRangeList::Extend ()
#1  0x40d34911 in nsAutoSelectionReset::~nsAutoSelectionReset ()
#2  0x40d45cb5 in nsHTMLEditor::InsertList ()
#3  0x40739189 in nsEditorAppCore::InsertList ()
#4  0x4074324d in NS_NewScriptDOMPropsCore ()
#5  0x40350fe2 in js_Invoke ()
#6  0x40356c36 in js_Interpret ()
#7  0x40351030 in js_Invoke ()
#8  0x40356c36 in js_Interpret ()
#9  0x40351030 in js_Invoke ()
#10 0x403511d5 in js_CallFunctionValue ()
#11 0x4033c089 in JS_CallFunctionValue ()
#12 0x402e3128 in nsJSEventListener::HandleEvent ()
#13 0x4098e2c1 in nsEventListenerManager::HandleEvent ()
#14 0x407adfd0 in RDFElementImpl::HandleDOMEvent ()
#15 0x4098fd66 in nsEventStateManager::CheckForAndDispatchClick ()
#16 0x4098f2dc in nsEventStateManager::PostHandleEvent ()
#17 0x409b61c9 in PresShell::HandleEvent ()
#18 0x40c0549d in nsView::HandleEvent ()
#19 0x40c0cd11 in nsViewManager::DispatchEvent ()
#20 0x40c03f4e in _init ()
#21 0x400b4596 in nsWidget::DispatchEvent ()
#22 0x400b44ed in nsWidget::DispatchWindowEvent ()
---Type <return> to continue, or q <return> to quit---
#23 0x400b4613 in nsWidget::DispatchMouseEvent ()
#24 0x400b4c2f in nsWidget::OnButtonReleaseSignal ()
#25 0x400b4eff in nsWidget::ButtonReleaseSignal ()
#26 0x80c39a4 in gtk_window_set_default_size ()
#27 0x809c7ff in gtk_signal_connect_object ()
#28 0x809be86 in gtk_signal_connect_object ()
#29 0x809a5c2 in gtk_selection_data_set ()
#30 0x80bc0ec in gtk_widget_size_request ()
#31 0x8085741 in gtk_get_current_event ()
#32 0x8084ce2 in gtk_main_iteration_do ()
#33 0x80d33b7 in gdk_input_add ()
#34 0x80e633c in g_list_length ()
#35 0x80e67b7 in g_list_length ()
#36 0x80e68d1 in g_main_iteration ()
#37 0x80847f7 in gtk_main ()
#38 0x400aa587 in nsAppShell::Run ()
#39 0x40018fd6 in nsAppShellService::Run ()
#40 0x805156a in main ()
FYI -- Using jun8 build I'm seeing a crash on Linux when using the indent or
text alignment buttons also.
I forgot to mention the build for Linux's crash (1999-06-08-08 M7)
On win_nt, here is the Incident ID for the crash
9621690
9621687
Talkback stack trace as follows:

   raptorhtml.dll + 0xc0ff (0x016ec0ff)
   ender.dll + 0x5e9c (0x02635e9c)
   appcores.dll + 0xddd5 (0x0167ddd5)
   appcores.dll + 0x10114 (0x01680114)
   js3250.dll + 0x1333d (0x0032333d)
   js3250.dll + 0x16d08 (0x00326d08)
   js3250.dll + 0x1337a (0x0032337a)
   js3250.dll + 0x16d08 (0x00326d08)
   js3250.dll + 0x1337a (0x0032337a)
   js3250.dll + 0x134aa (0x003234aa)
   js3250.dll + 0x384a (0x0031384a)
   jsdom.dll + 0x12fb8 (0x013b2fb8)
   raptorhtml.dll + 0x819cd (0x017619cd)
   rdf.dll + 0x1b7e7 (0x016bb7e7)
   raptorhtml.dll + 0x825e6 (0x017625e6)
   raptorhtml.dll + 0x820a0 (0x017620a0)
   raptorhtml.dll + 0x23bae (0x01703bae)
   raptorview.dll + 0x1d4b (0x018f1d4b)
   raptorview.dll + 0x63b7 (0x018f63b7)
   raptorview.dll + 0x23fa (0x018f23fa)
   raptorwidget.dll + 0x4617 (0x01454617)
   raptorwidget.dll + 0x68ec (0x014568ec)
   raptorwidget.dll + 0x6b18 (0x01456b18)
   raptorwidget.dll + 0x46e7 (0x014546e7)
   USER32.dll + 0x13ed (0x77e713ed)

When I do a search of raptorhtml.dll+++0xc0ff+(0x016ec0ff)+bc302c57 on
Http://lxr.mozilla.org, I got this message.  Hope this helps.

       ** Fatal: /raptorhtml.dll+++0xc0ff+(0x016ec0ff)+bc302c57/: nested *?+ in
regexp at /opt/webtools/lxr.mozilla.org/find line 60, chunk 1.
Status: NEW → ASSIGNED
Target Milestone: M7
Assignee: ducarroz → sfraser
Status: ASSIGNED → NEW
I can reproduce the crash with Editor as well, just open the editor and right
away when the page is full loaded and drawn, select the bullet icon.

Before the crash , I get the following assert message:

preCondition: "You can't dereference a NULL nsCOMPtr with operator->()."
(mRawPtr != 0) at file nsCOMPtr.h line 477

the stack is (on Mac):
XPTC_InvokeByIndex+0012C
nsEditorShell::InsertList(...)+000D0
nsHTMLEditor::InsertList(...)+004C0
nsAutoSelectionReset::~nsAutoSelectionReset()+000C8
nsRangeList::Extend(...)+000D8
nsDebug::PreCondition(...)+00040
A bug for Joe.
Assignee: sfraser → jfrancis
Product: MailNews → Browser
Target Milestone: M7 → M8
change product to browser; move to M8 per 6/15/99 meeting
Component: XPConnect → Editor
change component to editor
<Will update verah to add to M7 release notes>
I see this, too, on Linux (bring up editor and click on the unordered list
icon).  Stack trace is:
#0  0x40f33a35 in nsRangeList::Extend (this=0x81767b8, aParentNode=0x0,
    aOffset=1074230926) at nsRangeList.cpp:1841
#1  0x40929ca4 in nsAutoSelectionReset::~nsAutoSelectionReset (
    this=0xbfffde94, __in_chrg=2) at nsEditor.cpp:4050
#2  0x4094a991 in nsHTMLEditor::InsertList (this=0x8251740,
    aListType=@0xbfffdf80) at nsHTMLEditor.cpp:1741
#3  0x4095f010 in nsEditorShell::InsertList (this=0x82b9698,
    listType=0x822b628) at nsEditorShell.cpp:1653
Note that aParentNode is null.

Joe says that using the nsAutoSelectionReset probably isn't appropriate in
InsertList anyway.  I'm investigating.
For M7, I've checked in a fix for the crash (solution: don't use
nsAutoSelectionReset in InsertList).  Leaving the bug open since we need to
investigate alternate ways of setting the selection at the end of InsertList.
It also gives an ugly JS error if there's no selection; I assume that's covered
by other bugs on the focus handling issues.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
InsertList has been reworked and no longer has this bug.  Marking fixed.
Is your fix for M7 or M8 (which this bug is marked for target milestone)?
Mac and Win32 (1999-06-17-08 m7)
Selecting the bullet icon no longer crashes.
Unable to verify on Linux, today's build is broken
Status: RESOLVED → VERIFIED
Verify that the problem has been fixed on Linux (1999-06-18-09 m7)
You need to log in before you can comment on or make changes to this bug.