Closed
Bug 101710
Opened 23 years ago
Closed 23 years ago
Find crashes in frames [@ nsContentIterator::NextNode]
Categories
(Core :: DOM: Editor, defect)
Core
DOM: Editor
Tracking
()
VERIFIED
FIXED
mozilla0.9.5
People
(Reporter: ccarlen, Assigned: jesup)
References
()
Details
(Keywords: crash, regression, topcrash)
Crash Data
Attachments
(2 files)
2.81 KB,
patch
|
Details | Diff | Splinter Review | |
3.37 KB,
patch
|
sfraser_bugs
:
review+
kinmoz
:
superreview+
|
Details | Diff | Splinter Review |
Go to the given URL. Search for the word "Carbon" Crash. It crashes here: http://lxr.mozilla.org/mozilla/source/content/base/src/nsContentIterator.cpp#711 This broke recently.
Reporter | ||
Comment 1•23 years ago
|
||
Just noticed this was on the console after crash if that helps. !!! ASSERTION: ContentIterator stack underflow: 'aIndexes->Count() > 0', file d:\moz\mozilla\content\base\src\nsContentIterator.cpp, line 705 !!! ASSERTION: ContentIterator stack underflow: 'aIndexes->Count() > 0', file d:\moz\mozilla\content\base\src\nsContentIterator.cpp, line 705 !!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().: 'mRawPtr != 0', file ..\..\..\dist\include\nsCOMPtr.h, line 649
Comment 2•23 years ago
|
||
WFM If I use 2001092308, [before the find patch landed]. So its a regression one. I don't know if it is related but when searching with my version, the search code never stops. I.e. when doing 'Search', I end up doing a loop over the text (going on the left frame and coming back to the main one), never reaching a End of text reached. I don't know if this is related to the frames. Is this normal behavior?
Reporter | ||
Comment 3•23 years ago
|
||
> I.e. when doing 'Search', I end up doing a loop over the text (going on the > left frame and coming back to the main one), never reaching a End of text > reached. That's an unrelated problem but, since you mention it, it bug 92102.
Assignee | ||
Comment 4•23 years ago
|
||
This is definitely caused by 31770. I'm going to try my older patch and see if the same thing happens. In any case, I believe there is an easy solution if this is a index stack underflow.
Assignee | ||
Comment 5•23 years ago
|
||
Verified that this bug does not occur with the last patch I posted to bug 31770, so it must be part of jfrancis' rewrite (I must have missed it in review). I'll look at it more closely after lunch.
Assignee | ||
Comment 6•23 years ago
|
||
I have a patch that appears to fix the bug, though it's probably not minimal. I'll attach it shortly.
Updated•23 years ago
|
Keywords: regression
Assignee | ||
Comment 7•23 years ago
|
||
Assignee | ||
Comment 8•23 years ago
|
||
Tested with Linux and FreeBSD on the site given. Still may do more than absolutely required, but I think all the changes are good. Looking for r/sr, also suggesting for nsbranch because 31770 was suggested for nsbranch. Adding dependency
Comment 9•23 years ago
|
||
*** Bug 101737 has been marked as a duplicate of this bug. ***
Keywords: topcrash
Summary: Find crashes in frames → Find crashes in frames [@ nsContentIterator::NextNode]
Comment 10•23 years ago
|
||
Marking nsbranch-. 31770 was marked nsbranch-.
Comment 11•23 years ago
|
||
- Appending dummy zeros to mIndexes should not be necessary since we should never go above mCommonParent. - PositionAt() is not implemented for the subtree iterator, so First()/Last() will be broken for the subtree iterator.
Assignee | ||
Comment 12•23 years ago
|
||
After discussion with Kin, new patch coming. Overrides First & Last in the subtree iterator so we can use PositionAt in the content iterator's First/Last. Also removed some unneeded parts of the earlier patch. Tested on BSD/Linux.
Assignee | ||
Comment 13•23 years ago
|
||
Comment 14•23 years ago
|
||
Comment on attachment 50953 [details] [diff] [review] Updated patch sr=kin@netscape.com For the places where you added: + if (aIndexes->Count() > 1) do we want to add asserts to indicate when that isn't true?
Attachment #50953 -
Flags: superreview+
Assignee | ||
Comment 15•23 years ago
|
||
Taking the bug; will commit if I get an r=. I prefer not to assert on those cases. I don't consider that a real bug, and non-bug assertions are very annoying in the source tree. However, I agree that I don't _think_ they'll ever be hit. I'd rather just be safe, since we don't want to take array[-1].
Assignee: jfrancis → rjesup
Comment 16•23 years ago
|
||
Comment on attachment 50953 [details] [diff] [review] Updated patch r=sfraser
Attachment #50953 -
Flags: review+
Assignee | ||
Comment 17•23 years ago
|
||
Fix checked in
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 18•23 years ago
|
||
*** Bug 101889 has been marked as a duplicate of this bug. ***
Comment 20•22 years ago
|
||
I might be seing a version of this bug with BuildId 2002030616 on RedHat Linux. Reproducible: always. To reproduce: 0) Get Mozilla with spellchecker (see http://spellchecker.mozdev.org/ or bug 56301) 1) Compose a message with a word "misteke" on a line by itself. 2) Spellcheck it. 3) When spellchecker highlights "misteke" and proposes "mistake", click on "Change". "misteke misteke" does not cause the crash. Stack trace: #0 0x40e1fa99 in nsContentIterator::NextNode () from /usr/lib/mozilla/components/libgkcontent.so #1 0x40e20161 in nsContentIterator::Next () from /usr/lib/mozilla/components/libgkcontent.so #2 0x4274fea8 in nsTextServicesDocument::FirstTextNodeInNextBlock () from /usr/lib/mozilla/components/libtxtsvc.so #3 0x42750084 in nsTextServicesDocument::GetFirstTextNodeInNextBlock () from /usr/lib/mozilla/components/libtxtsvc.so #4 0x42748b9c in nsTextServicesDocument::FirstBlock () from /usr/lib/mozilla/components/libtxtsvc.so #5 0x427597b8 in mozSpellChecker::SetupDoc () from /usr/lib/mozilla/components/libspellchecker.so #6 0x427586bb in mozSpellChecker::NextMisspelledWord () from /usr/lib/mozilla/components/libspellchecker.so #7 0x4272bf6c in nsEditorShell::GetNextMisspelledWord () from /usr/lib/mozilla/components/libcomposer.so #8 0x40185fa2 in XPTC_InvokeByIndex () from /usr/lib/libxpcom.so ... Does this look like the same bug, or a different one? P.S. This bug was initially discovered by kaskalis@uom.gr
Updated•13 years ago
|
Crash Signature: [@ nsContentIterator::NextNode]
You need to log in
before you can comment on or make changes to this bug.
Description
•