119428 - middle-click to load js link in new tabs results in crash

Status: VERIFIED WORKSFORME

(SeaMonkey :: Tabbed Browser, defect)

Description

[sairuh (rarely reading bugmail)]

found this using a verif comm build on linux rh7.2 [2002.01.09.08], as well as a
debug mozilla build [linux] from tonight. couldn't find an existing bug for
this, but do dup as needed.

i was testing js links, and was loading them from my test page [which i'll
attach] into new tabs. i frequently ran into crashes --the recipe isn't exact,
but eventually i do end up crashing.

0. make sure you have the pref "middle-click loads web pages into tabs" turned on.
1. load the test page, http://hopey.mcom.com/tests/js-links.html [or, click the
attached page].
2. try the following:
  a. middle-click the links one by one, starting w/test #1. you'll need to
return to the first tab to click each link, o'course.
  b. you might crash when trying to return to the first tab, too.
  b. if you haven't crashed after loading each test in a separate tab, close
them one by one [starting with the most recently opened one]. you might crash
while closing a tab, too [i used ctrl+W, fwiw].

the talkback traces annoyingly vary, but they all contain [iirc]
nsView::HandleEvent(). here are a bunch of talkback report links:

http://climate.mcom.com/reports/SingleIncidentInfo.cfm?dynamicBBID=1508779
http://climate.mcom.com/reports/SingleIncidentInfo.cfm?dynamicBBID=1508407
http://climate.mcom.com/reports/SingleIncidentInfo.cfm?dynamicBBID=1508386
http://climate.mcom.com/reports/SingleIncidentInfo.cfm?dynamicBBID=1508357
http://climate.mcom.com/reports/SingleIncidentInfo.cfm?dynamicBBID=1508335
http://climate.mcom.com/reports/SingleIncidentInfo.cfm?dynamicBBID=1508307


here is the gdb trace [unsure how helpful it is]:

#0  0x086d669b in ?? ()
#1  0x420de762 in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libgkview.so
#2  0x420eb1af in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libgkview.so
#3  0x420de091 in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libgkview.so
#4  0x40863436 in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libwidget_gtk.so
#5  0x4086315e in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libwidget_gtk.so
#6  0x408631dc in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libwidget_gtk.so
#7  0x40869671 in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libwidget_gtk.so
#8  0x40869505 in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libwidget_gtk.so
#9  0x419c618e in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libjsdom.so
#10 0x401e5dee in XPTC_InvokeByIndex (that=0x84a127c, methodIndex=63, 
    paramCount=0, params=0xbfffe990) at xptcinvoke_unixish_x86.cpp:153
#11 0x409794d0 in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libxpconnect.so
#12 0x40983d71 in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libxpconnect.so
#13 0x4009cd95 in js_Invoke (cx=0x8229788, argc=0, flags=0) at jsinterp.c:832
#14 0x400a76af in js_Interpret (cx=0x8229788, result=0xbfffeeb4)
    at jsinterp.c:2798
#15 0x4009d2fc in js_Execute (cx=0x8229788, chain=0x8110c80, script=0x86e4048, 
    down=0x0, special=0, result=0xbfffeeb4) at jsinterp.c:1012
#16 0x4007af0d in JS_EvaluateUCScriptForPrincipals (cx=0x8229788, 
    obj=0x8110c80, principals=0x81abb2c, chars=0x85a58b0, length=23, 
    filename=0x884b160
"chrome://global/content/bindings/tabbrowser.xml#tabbrowser.updateCurrentBrowser()",
lineno=56, rval=0xbfffeeb4) at jsapi.c:3356
#17 0x419b25fa in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libjsdom.so
#18 0x419d582d in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libjsdom.so
#19 0x419d6773 in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libjsdom.so
#20 0x401c2faf in nsTimerImpl::Process (this=0x86f3eb8) at nsTimerImpl.cpp:241
#21 0x401c3092 in handleMyEvent (event=0x884b1b8) at nsTimerImpl.cpp:278
#22 0x401ba559 in PL_HandleEvent (self=0x884b1b8) at plevent.c:590
---Type <return> to continue, or q <return> to quit---
#23 0x401ba3c7 in PL_ProcessPendingEvents (self=0x80e0fa8) at plevent.c:520
#24 0x401bc64a in nsEventQueueImpl::ProcessPendingEvents (this=0x8095a78)
    at nsEventQueue.cpp:388
#25 0x4085022a in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libwidget_gtk.so
#26 0x4084fe75 in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libwidget_gtk.so
#27 0x40431f9e in ?? () from /usr/lib/libglib-1.2.so.0
#28 0x40433773 in ?? () from /usr/lib/libglib-1.2.so.0
#29 0x40433d39 in ?? () from /usr/lib/libglib-1.2.so.0
#30 0x40433eec in ?? () from /usr/lib/libglib-1.2.so.0
#31 0x4034e333 in ?? () from /usr/lib/libgtk-1.2.so.0
#32 0x40850d66 in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libwidget_gtk.so
#33 0x4080c3ae in ?? ()
   from /home/orca/lizard/mozilla/dist/bin/components/libnsappshell.so
#34 0x080583aa in main1 (argc=1, argv=0xbffff604, nativeApp=0x8092650)
    at ../../dist/include/xpcom/nsCOMPtr.h:650
#35 0x080591f3 in main (argc=1, argv=0xbffff604) at nsAppRunner.cpp:1594
#36 0x40579507 in ?? () from /lib/i686/libc.so.6

Comment 1

[sairuh (rarely reading bugmail)]

oops, i meant to initially assign this to tabbed browser...but if it should
really belong in event handling, do reassign.

Comment 2

[sairuh (rarely reading bugmail)]

Attachment: test page w/js links

Comment 3

[sairuh (rarely reading bugmail)]

side note: middle-clicking to open these links in a new browser window [rather
than tabs] so far has not crashed for me.

Comment 4

[sairuh (rarely reading bugmail)]

bryner/jag, either of you see this?

Comment 5

[sairuh (rarely reading bugmail)]

was able to repro this on Mac OS 9.1, but instead of middle-clicking [single
there's only a 1-button mouse at the machine am at], Cmd-clicking did the trick.
tested using mozilla 2002.01.11.08 verif bits.

Macsbug trace:

 Calling chain using A6/R1 links
  Back chain  ISA  Caller
  00000000    PPC  3D8AA570  
  15449B60    PPC  3D894EC8  main+00138
  15449B00    PPC  3D8943A4  main1(int, char**, nsISupports*)+00AE4
  15449990    PPC  3D6ADDC8  nsAppShellService::Run()+00018
  15449950    PPC  3D3F8158  nsAppShell::Run()+00048
  15449910    PPC  3D3F8ADC  nsMacMessagePump::DoMessagePump()+0003C
  154498C0    PPC  3D3F8F24  nsMacMessagePump::DispatchEvent(int,
EventRecord*)+00154
  15449880    PPC  3D3D0B10  Repeater::DoRepeaters(const EventRecord&)+00030
  15449840    PPC  3D3E568C  nsMacNSPREventQueueHandler::RepeatAction(const
EventRecord&)+000
0C
  15449800    PPC  3D3E58C8  nsMacNSPREventQueueHandler::ProcessPLEventQueue()+00058
  154497B0    PPC  3D737EE8  nsEventQueueImpl::ProcessPendingEvents()+00038
  15449750    PPC  3D78FC48  PL_ProcessPendingEvents+00088
  15449710    PPC  3D78FDDC  PL_HandleEvent+0001C
  154496D0    PPC  3D7C4050  handleMyEvent(MyEventType*)+00010
  15449690    PPC  3D7C3F94  nsTimerImpl::Process()+00044
  15449650    PPC  3CE1B2DC  GlobalWindowImpl::TimerCallback(nsITimer*, void*)+0002C
  15449610    PPC  3CE1A840  GlobalWindowImpl::RunTimeout(nsTimeoutImpl*)+00340
  15449470    PPC  3CE04F90  nsJSContext::EvaluateString(const nsAString&,
void*, nsIPrincipa
l*, const char*, unsigned int, const char*, nsAString&, int*)+004D0
  154493A0    PPC  3D620928  JS_EvaluateUCScriptForPrincipals+00048
  15449350    PPC  3D63FABC  js_Execute+001DC
  15449290    PPC  3D647680  js_Interpret+073C0
  154490F0    PPC  3D63F5C8  js_Invoke+00588
  15449010    PPC  3D5F6608  XPC_WN_CallMethod(JSContext*, JSObject*, unsigned
int, long*, lo
ng*)+00138
  15448F40    PPC  3D5F01CC  XPCWrappedNative::CallMethod(XPCCallContext&,
XPCWrappedNative::
CallMode)+00C4C
  15448D10    PPC  3D75C09C  XPTC_InvokeByIndex+0000C
  15448CD0    PPC  3D75C1A8  _XPTC_InvokeByIndex+000CC
  15448C20    PPC  3CE10F0C  GlobalWindowImpl::Focus()+0011C
  15448BC0    PPC  3D3E0CE4  nsWindow::SetFocus(int)+00014
  15448B80    PPC  3D3F278C  nsMacEventDispatchHandler::SetFocus(nsWindow*)+0005C
  15448B40    PPC  3D3F25DC 
nsMacEventDispatchHandler::DispatchGuiEvent(nsWindow*, unsigned 
int)+0005C
  15448AD0    PPC  3D3E39D8  nsWindow::DispatchWindowEvent(nsGUIEvent&)+00018
  15448A90    PPC  3D3E3900  nsWindow::DispatchEvent(nsGUIEvent*,
nsEventStatus&)+00090
  15448A40    PPC  3C938CD4  HandleEvent(nsGUIEvent*)+00044
  154489F0    PPC  3C9433C4  nsViewManager::DispatchEvent(nsGUIEvent*,
nsEventStatus*)+00874
  154488B0    PPC  3C939640  nsView::HandleEvent(nsGUIEvent*, unsigned int,
nsEventStatus*, i
nt, int&)+00060
 Closing log

Comment 6

[David Hyatt]

Reassigning to new component owner.

Comment 7

[jag (Peter Annema)]

se, do you still crash on this?

Comment 8

[sairuh (rarely reading bugmail)]

yes, still getting a crash --tested using 2002.01.22.08 on linux and
2002.01.18.08 on mac os x.

interesting to note:
* this doesn't seem to occur on win2k.
* on linux and mac os x, if i also turn on the "load links [in tabs] in the
background" pref, i don't crash.

Comment 9

[greer]

FWIW, se's last two incidents to talkback show the stack to be one frame longer
with a signature at nsViewManager::GetViewObserver (Incidents 2002006 and 2002007).

Comment 10

[sairuh (rarely reading bugmail)]

here's more debug trace info --from a mozilla debug build from last night:

#0  0x084f1b57 in ?? ()
#1  0x420bb532 in nsView::HandleEvent (this=0x87f7d38, event=0xbfffe5ec, 
    aEventFlags=0, aStatus=0xbfffe4e8, aForceHandle=1, aHandled=@0xbfffe450)
    at ../../dist/include/xpcom/nsCOMPtr.h:1076
#2  0x420c7d0b in nsViewManager::DispatchEvent (this=0x869abe8, 
    aEvent=0xbfffe5ec, aStatus=0xbfffe4e8) at nsViewManager.cpp:1907
#3  0x420bae61 in HandleEvent (aEvent=0xbfffe5ec) at nsView.cpp:80
#4  0x4088cc92 in nsWidget::DispatchEvent (this=0x86c8ef0, aEvent=0xbfffe5ec, 
    aStatus=@0xbfffe5a8) at nsWidget.cpp:1409
#5  0x4088c9ba in nsWidget::DispatchWindowEvent (this=0x86c8ef0, 
    event=0xbfffe5ec) at nsWidget.cpp:1300
#6  0x4088ca38 in nsWidget::DispatchFocus (this=0x86c8ef0, aEvent=@0xbfffe5ec)
    at nsWidget.cpp:1322
#7  0x40892e95 in nsWindow::DispatchLostFocusEvent (this=0x86c8ef0)
    at nsWindow.cpp:1362
#8  0x40892d36 in nsWindow::SetFocus (this=0x87f7bf8, aRaise=1)
    at nsWindow.cpp:1278
#9  0x419aee9d in GlobalWindowImpl::Focus (this=0x85431c8)
    at ../../../dist/include/xpcom/nsCOMPtr.h:650
#10 0x401e0f42 in XPTC_InvokeByIndex (that=0x85431cc, methodIndex=65, 
    paramCount=0, params=0xbfffe9b0) at xptcinvoke_unixish_x86.cpp:153
#11 0x409620c8 in ?? ()
   from /export/builds/lizard/mozilla/dist/bin/components/libxpconnect.so
#12 0x4096c8e1 in ?? ()
   from /export/builds/lizard/mozilla/dist/bin/components/libxpconnect.so
#13 0x4009cb1d in js_Invoke (cx=0x82613f8, argc=0, flags=0) at jsinterp.c:832
#14 0x400a746f in js_Interpret (cx=0x82613f8, result=0xbfffeee4)
    at jsinterp.c:2798
#15 0x4009d084 in js_Execute (cx=0x82613f8, chain=0x810f080, script=0x86cc288, 
    down=0x0, special=0, result=0xbfffeee4) at jsinterp.c:1012
#16 0x4007ae9d in JS_EvaluateUCScriptForPrincipals (cx=0x82613f8, 
    obj=0x810f080, principals=0x81aab34, chars=0x84be408, length=23, 
    filename=0x877df28
"chrome://global/content/bindings/tabbrowser.xml#tabbrowser.updateCurrentBrowser()",
lineno=56, rval=0xbfffeee4) at jsapi.c:3356
#17 0x4199b242 in nsJSContext::EvaluateString (this=0x82ee438, 
    aScript=@0xbffff0b0, aScopeObject=0x810f080, aPrincipal=0x81aab30, 
    aURL=0x877df28
"chrome://global/content/bindings/tabbrowser.xml#tabbrowser.updateCurrentBrowser()",
aLineNo=56, aVersion=0x400dec87 "default", 
    aRetValue=@0xbffff010, aIsUndefined=0xbffff008)
    at ../../../dist/include/string/nsPromiseFlatString.h:165
#18 0x419be10d in GlobalWindowImpl::RunTimeout (this=0x828efa8, 
    aTimeout=0x875b878) at ../../../dist/include/xpcom/nsCOMPtr.h:650
#19 0x419bf053 in GlobalWindowImpl::TimerCallback (aTimer=0x87d83d8, 
    aClosure=0x875b878) at nsGlobalWindow.cpp:4184
#20 0x401bfe67 in nsTimerImpl::Process (this=0x87d83d8) at nsTimerImpl.cpp:246
#21 0x401bff4e in handleMyEvent (event=0x8807e10) at nsTimerImpl.cpp:286
#22 0x401b73f1 in PL_HandleEvent (self=0x8807e10) at plevent.c:590
#23 0x401b725f in PL_ProcessPendingEvents (self=0x80df380) at plevent.c:520
#24 0x401b94e2 in nsEventQueueImpl::ProcessPendingEvents (this=0x80df358)
    at nsEventQueue.cpp:388
#25 0x4087a36a in event_processor_callback (data=0x80df358, source=7, 
    condition=GDK_INPUT_READ) at nsAppShell.cpp:184
#26 0x40879fb5 in our_gdk_io_invoke (source=0x82f3d48, condition=G_IO_IN, 
    data=0x82f1660) at nsAppShell.cpp:77
#27 0x40426f9e in ?? () from /usr/lib/libglib-1.2.so.0
#28 0x40428773 in ?? () from /usr/lib/libglib-1.2.so.0
#29 0x40428d39 in ?? () from /usr/lib/libglib-1.2.so.0
#30 0x40428eec in ?? () from /usr/lib/libglib-1.2.so.0
#31 0x40343333 in ?? () from /usr/lib/libgtk-1.2.so.0
#32 0x4087aea6 in nsAppShell::Run (this=0x80d08c8) at nsAppShell.cpp:364
#33 0x4083637e in ?? ()
   from /export/builds/lizard/mozilla/dist/bin/components/libnsappshell.so
#34 0x08056367 in main1 (argc=1, argv=0xbffff634, nativeApp=0x80906f8)
    at ../../dist/include/xpcom/nsCOMPtr.h:650
#35 0x08057157 in main (argc=1, argv=0xbffff634) at nsAppRunner.cpp:1625
#36 0x4056e507 in ?? () from /lib/i686/libc.so.6

Comment 11

[Anthony DeRobertis]

WFM 2002072204 Linux

With both background loading on and off.

Comment 12

[sairuh (rarely reading bugmail)]

ditto, i haven't encountered this recently. marking wfm (but reopen if it's
still an issue.)

Comment 13

[sairuh (rarely reading bugmail)]

v.