If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Invalid memory access in DOM Inspector

RESOLVED DUPLICATE of bug 111361

Status

Other Applications
DOM Inspector
--
critical
RESOLVED DUPLICATE of bug 111361
16 years ago
10 years ago

People

(Reporter: Marcus Fellinger, Assigned: Joe Hewitt (gone))

Tracking

({crash, testcase})

Trunk
x86
Linux
crash, testcase

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

16 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6+) Gecko/20011120
BuildID:    2001112014

Selecting the Margin of an A-Tag in the DOM Inspector crashes Mozilla

Reproducible: Always
Steps to Reproduce:
1. Load the web-page from the above URL in the DOM-Inspector
2. In the tree, open the BODY-node
3. Select the A-node
4. On the right panel, select Box-model
5. In the selection list below, select Margin

Actual Results:  Mozilla will crash. On the console, it will tell you something
about an invalid memory access.

Expected Results:  The DOM Inspector should either display the requested
information, or nothing, if it isn't available. It shouldn't crash

I tried running mozilla in gdb, to get a stack trace. When I get to the point
where it should actually crash, Mozilla staid up, but my whole X-session became
unresponsive, so I had to restart the X-server.
(Reporter)

Updated

16 years ago
Keywords: crash, testcase
Reporter: Please try a talkback-enabled build:
http://ftp.mozilla.org/pub/mozilla/nightly/latest/mozilla-i686-pc-linux-gnu-sea.tar.gz
(as always, be sure to delete your old Mozilla directory before installing the
new one)

Then, if you get a crash, please post the Talkback ID here.
(you can get the talkback id by running 'talkback' in
<moz-dir>/bin/components/talkback)

Keywords: stackwanted
Alex, that's a really useless piece of advice, seeing as the nightlys don't have
DOM inspector yet....

This is a crash in nsWindowSH::GlobalResolve:

#0  0x417cf395 in nsWindowSH::GlobalResolve (native=0x8911f58, cx=0x8939350, 
    obj=0x87f9930, str=0x8ae1d88, flags=0, did_resolve=0xbfff8eb8)
    at nsDOMClassInfo.cpp:2787
#1  0x417d086e in nsWindowSH::NewResolve (this=0x81cdbd0, wrapper=0x8888988, 
    cx=0x8939350, obj=0x87f9930, id=145628556, flags=0, objp=0xbfff8f1c, 
    _retval=0xbfff8f20) at nsDOMClassInfo.cpp:3000
#2  0x40cdec2a in XPC_WN_Helper_NewResolve (cx=0x8939350, obj=0x87f9930, 
    idval=145628556, flags=0, objp=0xbfff8ff8) at xpcwrappednativejsops.cpp:904
#3  0x400cd614 in _js_LookupProperty (cx=0x8939350, obj=0x87f9930, id=145153712, 
    objp=0xbfff9094, propp=0xbfff9090, file=0x4010e0a0 "jsobj.c", line=2374)
    at jsobj.c:2164
#4  0x400ce6b7 in js_GetProperty (cx=0x8939350, obj=0x87f9930, id=145153712, 
    vp=0xbfff91e0) at jsobj.c:2374
#5  0x400637c1 in JS_GetProperty (cx=0x8939350, obj=0x87f9930, 
    name=0x8a6de9e "CSSValue", vp=0xbfff91e0) at jsapi.c:2331

(gdb) frame 0
#0  0x417cf395 in nsWindowSH::GlobalResolve (native=0x8911f58, cx=0x8939350, 
    obj=0x87f9930, str=0x8ae1d88, flags=0, did_resolve=0xbfff8eb8)
    at nsDOMClassInfo.cpp:2787
2787          if (ci_data && !ci_data->mHasClassInterface) {
(gdb) p ci_data
$2 = (nsDOMClassInfoData *) 0x52f3be0c
(gdb) p ci_data->mHasClassInterface
Cannot access memory at address 0x52f3be0c
(gdb) p name_struct->mDOMClassInfoID
$3 = 10452645

That last value looks pretty suspicious....
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: stackwanted
Created attachment 58648 [details]
full stack
This just got fixed by the checkin for bug 111361 (I tested with that patch and
this crash is gone).  Marking duplicate.

*** This bug has been marked as a duplicate of 111361 ***
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE
Product: Core → Other Applications
QA Contact: timeless → dom-inspector
You need to log in before you can comment on or make changes to this bug.