Invalid memory access in DOM Inspector

RESOLVED DUPLICATE of bug 111361

Status

--
critical
RESOLVED DUPLICATE of bug 111361
18 years ago
12 years ago

People

(Reporter: marcus, Assigned: hewitt)

Tracking

({crash, testcase})

Trunk
x86
Linux
crash, testcase

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

18 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6+) Gecko/20011120
BuildID:    2001112014

Selecting the Margin of an A-Tag in the DOM Inspector crashes Mozilla

Reproducible: Always
Steps to Reproduce:
1. Load the web-page from the above URL in the DOM-Inspector
2. In the tree, open the BODY-node
3. Select the A-node
4. On the right panel, select Box-model
5. In the selection list below, select Margin

Actual Results:  Mozilla will crash. On the console, it will tell you something
about an invalid memory access.

Expected Results:  The DOM Inspector should either display the requested
information, or nothing, if it isn't available. It shouldn't crash

I tried running mozilla in gdb, to get a stack trace. When I get to the point
where it should actually crash, Mozilla staid up, but my whole X-session became
unresponsive, so I had to restart the X-server.
(Reporter)

Updated

18 years ago
Keywords: crash, testcase
Reporter: Please try a talkback-enabled build:
http://ftp.mozilla.org/pub/mozilla/nightly/latest/mozilla-i686-pc-linux-gnu-sea.tar.gz
(as always, be sure to delete your old Mozilla directory before installing the
new one)

Then, if you get a crash, please post the Talkback ID here.
(you can get the talkback id by running 'talkback' in
<moz-dir>/bin/components/talkback)

Keywords: stackwanted
Alex, that's a really useless piece of advice, seeing as the nightlys don't have
DOM inspector yet....

This is a crash in nsWindowSH::GlobalResolve:

#0  0x417cf395 in nsWindowSH::GlobalResolve (native=0x8911f58, cx=0x8939350, 
    obj=0x87f9930, str=0x8ae1d88, flags=0, did_resolve=0xbfff8eb8)
    at nsDOMClassInfo.cpp:2787
#1  0x417d086e in nsWindowSH::NewResolve (this=0x81cdbd0, wrapper=0x8888988, 
    cx=0x8939350, obj=0x87f9930, id=145628556, flags=0, objp=0xbfff8f1c, 
    _retval=0xbfff8f20) at nsDOMClassInfo.cpp:3000
#2  0x40cdec2a in XPC_WN_Helper_NewResolve (cx=0x8939350, obj=0x87f9930, 
    idval=145628556, flags=0, objp=0xbfff8ff8) at xpcwrappednativejsops.cpp:904
#3  0x400cd614 in _js_LookupProperty (cx=0x8939350, obj=0x87f9930, id=145153712, 
    objp=0xbfff9094, propp=0xbfff9090, file=0x4010e0a0 "jsobj.c", line=2374)
    at jsobj.c:2164
#4  0x400ce6b7 in js_GetProperty (cx=0x8939350, obj=0x87f9930, id=145153712, 
    vp=0xbfff91e0) at jsobj.c:2374
#5  0x400637c1 in JS_GetProperty (cx=0x8939350, obj=0x87f9930, 
    name=0x8a6de9e "CSSValue", vp=0xbfff91e0) at jsapi.c:2331

(gdb) frame 0
#0  0x417cf395 in nsWindowSH::GlobalResolve (native=0x8911f58, cx=0x8939350, 
    obj=0x87f9930, str=0x8ae1d88, flags=0, did_resolve=0xbfff8eb8)
    at nsDOMClassInfo.cpp:2787
2787          if (ci_data && !ci_data->mHasClassInterface) {
(gdb) p ci_data
$2 = (nsDOMClassInfoData *) 0x52f3be0c
(gdb) p ci_data->mHasClassInterface
Cannot access memory at address 0x52f3be0c
(gdb) p name_struct->mDOMClassInfoID
$3 = 10452645

That last value looks pretty suspicious....
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: stackwanted
This just got fixed by the checkin for bug 111361 (I tested with that patch and
this crash is gone).  Marking duplicate.

*** This bug has been marked as a duplicate of 111361 ***
Status: NEW → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → DUPLICATE
Product: Core → Other Applications
QA Contact: timeless → dom-inspector
You need to log in before you can comment on or make changes to this bug.