129002 - [FIX]crashed when clicking on select box in [@BinarySearchForPosition][@nsRenderingContextPS::GetWidth]

Status: VERIFIED FIXED

(Core :: Print Preview, defect, P1)

Description

[Chu Alan #2]

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9+) Gecko/20020304
BuildID:    

mozilla crashed when clicking on select box in print preview.

Reproducible: Always
Steps to Reproduce:
1.open testcase
2.click on select box
3.see the lizard crash into your computer.



Actual Results:  crash

Expected Results:  doesn't crash and does nothing

Comment 1

[Chu Alan #2]

Attachment: testcase

attached testcase for crash.
Incident ID: TB3653408Z

and ... may be this crash is related to the patch of bug 120745 ?

Comment 2

[Adam Hauner]

From URL: 2002030421 (entered by reporter)

Comment 3

[Chu Alan #2]

oh well ... it's not from URL 2002030421 ... :)
it's just by accident as the lizard had just crashed before i have reported the
bug :)

Comment 4

[Boris Zbarsky [:bzbarsky]]

#0  0x00000000 in ?? ()
#1  0x42623937 in nsRenderingContextPS::GetWidth (this=0x879e660,
aString=0xbfffe80c, 
    aLength=14, aWidth=@0xbfffe3fc, aFontID=0x0) at nsRenderingContextPS.cpp:1019
#2  0x41c165a9 in BinarySearchForPosition (acx=0x879e660, aText=0xbfffe80c, 
    aBaseWidth=196, aBaseInx=0, aStartInx=0, aEndInx=28, aCursorPos=966, 
    aIndex=@0xbfffe4f4, aTextWidth=@0xbfffe4f0) at nsTextFrame.cpp:3309
#3  0x41c16fbd in nsTextFrame::GetPosition (this=0x876557c, aCX=0x854caf0, 
    aPoint=@0xbfffe9a4, aNewContent=0xbfffec84, aContentOffset=@0xbfffec88, 
    aContentOffsetEnd=@0xbfffec8c) at nsTextFrame.cpp:3442
#4  0x41c175f8 in nsTextFrame::GetContentAndOffsetsFromPoint (this=0x876557c, 
    aCX=0x854caf0, aPoint=@0xbfffeb28, aNewContent=0xbfffec84, 
    aContentOffset=@0xbfffec88, aContentOffsetEnd=@0xbfffec8c, 
    aBeginFrameContent=@0xbfffec98) at nsTextFrame.cpp:3525
#5  0x41ba9198 in nsFrame::GetNextPrevLineFromeBlockFrame (aPresContext=0x854caf0, 
    aPos=0xbfffec70, aBlockFrame=0x876546c, aLineStart=-1, aOutSideLimit=0 '\000')
    at nsFrame.cpp:3058
#6  0x41b93759 in nsBlockFrame::HandleEvent (this=0x8761004,
aPresContext=0x854caf0, 
    aEvent=0xbffff1e8, aEventStatus=0xbfffef48) at nsBlockFrame.cpp:5721
#7  0x41c33b32 in nsComboboxControlFrame::HandleEvent (this=0x8761004, 
    aPresContext=0x854caf0, aEvent=0xbffff1e8, aEventStatus=0xbfffef48)
    at nsComboboxControlFrame.cpp:2122
#8  0x41c00067 in PresShell::HandleEventInternal (this=0x86578f8,
aEvent=0xbffff1e8, 
    aView=0x8761608, aFlags=1, aStatus=0xbfffef48) at nsPresShell.cpp:6021

Comment 5

[rods (gone)]

I am making this dependent on Bug 119491, I think this might be related because
when you click on the control it ends up creating a RenderingContentPS. If that
doesn't fix we will have to add another nsStyleConst NS_STYLE_USER_INPUT_PREVENT
or something like that. Where we indicate we do not ANY processing. It's that
NONE and DISABLED still process the events.

Comment 6

[rods (gone)]

Also, this may be fixed by Bug 128449.

Comment 7

[Boris Zbarsky [:bzbarsky]]

*** Bug 128662 has been marked as a duplicate of this bug. ***

Comment 8

[Kevin McCluskey (gone)]

Bulk moving all nsbeta1 nominations to future-P1. If they are approved
(nsbeta1+) they will be moved to mozilla1.0

Comment 9

[timeless]

./run-mozilla.sh -g -d gdb51 ./mozilla-bin /root/coredumps/mozilla-bin.71981.core

#0  0x00000000 in ?? ()
(gdb) up
#1  0x2a5f084b in nsRenderingContextPS::GetWidth (this=0x8d90b00, aString=0xbfbfe5f0, aLength=9, aWidth=@0xbfbfe1bc, aFontID=0x0)
    at /home/timeless/mozilla/gfx/src/ps/nsRenderingContextPS.cpp:1019
1019        rv = NS_REINTERPRET_CAST(nsFontMetricsPS *, mFontMetrics.get())->GetStringWidth(aString, aWidth, aLength);
Current language:  auto; currently c++
(gdb) p mFontMetrics
$1 = {mRawPtr = 0x8acac00}
(gdb) x/wa *(void**)mFontMetrics
0x29733b60 <_vt$16nsFontMetricsGTK>:    0x0
(gdb) l
1014    nsRenderingContextPS :: GetWidth(const PRUnichar *aString,PRUint32 aLength,nscoord &aWidth, PRInt32 *aFontID)
1015    {
1016      nsresult rv = NS_ERROR_FAILURE;
1017
1018      if (mFontMetrics) {
1019        rv = NS_REINTERPRET_CAST(nsFontMetricsPS *, mFontMetrics.get())->GetStringWidth(aString, aWidth, aLength);
1020      }
1021
1022      return rv;
1023    }

Shouldn't you QI to PS and check for failure?

Comment 10

[rods (gone)]

*** Bug 133478 has been marked as a duplicate of this bug. ***

Comment 11

[Chu Alan #2]

wondering will this bug get fixed before Mozilla 1.0 ...

Comment 12

[rods (gone)]

fixed by other patch

Comment 13

[Roland Mainz]

rods wrote:
> fixed by other patch

Which one ?

Comment 14

[Adrian Ulrich]

-> reopening bug
Works fine on win32 (20020503 / 20020513), 

but on linux:

2002051023 - boom!
2002051123 - boom! (thats the newest ppc linux nightly)

cant provide a talkback id, see Bug 139858

Comment 15

[Chu Alan #2]

testcase crashed on 2002051321/Linux, talkback ID: TB6263620M.

Comment 16

[Boris Zbarsky [:bzbarsky]]

Stephend, could you get the stack? TB6263620M

Comment 17

[stephend@netscape.com (gone - use stephen.donner@gmail.com instead)]

0x00000000
BinarySearchForPosition()
nsTextFrame::GetPosition()
nsTextFrame::GetContentAndOffsetsFromPoint()
nsFrame::GetNextPrevLineFromeBlockFrame()
nsBlockFrame::HandleEvent()
nsComboboxControlFrame::HandleEvent()
PresShell::HandleEventInternal()
PresShell::HandleEvent()
nsViewManager::HandleEvent()
nsView::HandleEvent()
nsViewManager::DispatchEvent()
HandleEvent()
nsWidget::DispatchEvent()
nsWidget::DispatchWindowEvent()
nsWidget::DispatchMouseEvent()
nsWidget::OnButtonPressSignal()
nsWindow::OnButtonPressSignal()
nsWindow::HandleGDKEvent()
dispatch_superwin_event()
handle_gdk_event()
libgdk-1.2.so.0 + 0x17457 (0x4034b457)
libglib-1.2.so.0 + 0x104d8 (0x4037b4d8)
libglib-1.2.so.0 + 0x10ae3 (0x4037bae3)
libglib-1.2.so.0 + 0x10c7c (0x4037bc7c)
libgtk-1.2.so.0 + 0x8d7e7 (0x4029b7e7)
nsAppShell::Run()
nsAppShellService::Run()
main1()
main()
libc.so.6 + 0x1914f (0x404b714f) 

Comment 18

[rods (gone)]

Attachment: patch

temporary patch to the forms controls to ignore mouse events when in
printpreview until Bug 124990 gets fixed (radio and checkbox doesn't need the
fix)

Comment 19

[Kevin McCluskey (gone)]

nsbeta1+

Comment 20

[dcone (gone)]

Comment on attachment 84501 [details] [diff] [review]
patch

r=dcone

Comment 21

[Marc Attinasi]

Comment on attachment 84501 [details] [diff] [review]
patch

sr=attinasi (though really this should be a BRANCH-only fix and the correct fix
should be applied to the trunk when it is ready, IMO).

Comment 22

[rods (gone)]

fixed

Comment 23

[Chu Alan #2]

i have a question, since the patch is temporary, what to do after bug 124990 got
fixed? should i create a new bug now and setting its dependancy to bug 124990 or
just wait for bug 124990 to get fixed and reopen this?

Comment 24

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

Wouldn't a simple hack to fix the "things get events in print preview" bugs be
to make the top-level frame's (page frame's?) GetFrameForPoint method always
return itself (if in bounds), and not check its children?

Comment 25

[sujay]

verified in 5/23 trunk build on linux...

Comment 26

[Jaime Rodriguez, Jr.]

 adt1.0.0+ (on ADT's behalf) for approval to checkin to the 1.0 branch,pending
Driver's approval.  After, checking in, please add the fixed1.0 keyword.

Comment 27

[Judson Valeski]

please checkin to the 1.0.1 branch. once there, remove the "mozilla1.0.1+"
keyword and add the "fixed1.0.1" keyword.

Comment 28

[rods (gone)]

fixed on branch