Closed Bug 13630 Opened 25 years ago Closed 25 years ago

PresShell::ContentAppended crasher

Categories

(Core :: Layout, defect, P3)

Product:
Core
Component:
Layout
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: rginda, Assigned: nisheeth_mozilla)

Details

On the second reload (load, reload, reload/crash) of a page which preforms DOM
additions via JavaScript, apprunner Asserts with

PreCondition: "null parameters passed in" (nsnull != aFrame && nsnull != aState)
at file nsFrameManager.cpp, line 693
Break: at file nsFrameManager.cpp, line 693

(stack trace at end)

The following diff prevents the crash, I haven't noticed any side effects yet

Index: nsPresShell.cpp
===================================================================
RCS file: /cvsroot/mozilla/layout/html/base/src/nsPresShell.cpp,v
retrieving revision 3.173
diff -u -r3.173 nsPresShell.cpp
--- nsPresShell.cpp     1999/09/10 18:49:23     3.173
+++ nsPresShell.cpp     1999/09/12 15:21:30
@@ -1662,7 +1662,7 @@
     // content that just came in.
     nsIFrame* frame = nsnull;
     rv = GetPrimaryFrameFor(aContainer, &frame);
-    if (NS_SUCCEEDED(rv))
+    if (NS_SUCCEEDED(rv) && frame)
       mFrameManager->RestoreFrameState(frame, mHistoryState);
   }


#0  0x40c7b613 in FrameManager::RestoreFrameState (this=0x86b03f0, aFrame=0x0,
aState=0x85df8c0)
    at nsFrameManager.cpp:726
#1  0x40c9ef69 in PresShell::ContentAppended (this=0x8696670,
aDocument=0x83c38f8,
    aContainer=0x84b8adc, aNewIndexInContainer=0) at nsPresShell.cpp:1666
#2  0x408f2b4c in XULDocumentImpl::ContentAppended (this=0x83c38f8,
aContainer=0x84b8adc,
    aNewIndexInContainer=0) at nsXULDocument.cpp:2232
#3  0x40cba9bd in nsGenericHTMLContainerElement::AppendChildTo (this=0x84b8ae8,
aKid=0x84b8a94,
    aNotify=1) at nsGenericHTMLElement.cpp:2824
#4  0x40cb9bf4 in nsGenericHTMLContainerElement::InsertBefore (this=0x84b8ae8,
    aNewChild=0x84b8a88, aRefChild=0x0, aReturn=0xbfffbcac) at
nsGenericHTMLElement.cpp:2481
#5  0x40cba310 in nsGenericHTMLContainerElement::AppendChild (this=0x84b8ae8,
    aNewChild=0x84b8a88, aReturn=0xbfffbcac) at nsGenericHTMLElement.cpp:2667
#6  0x40cbd776 in nsHTMLAnchorElement::AppendChild (this=0x84b8ad0,
aOldChild=0x84b8a88,
    aReturn=0xbfffbcac) at nsHTMLAnchorElement.cpp:58
#7  0x404394b2 in NodeAppendChild (cx=0x865a9e8, obj=0x876d700, argc=1,
argv=0x878b2c4,
    rval=0xbfffbd58) at nsJSNode.cpp:617
#8  0x4007e78e in js_Invoke (cx=0x865a9e8, argc=1, flags=0) at jsinterp.c:654
#9  0x4008cf01 in js_Interpret (cx=0x865a9e8, result=0xbfffc6f4) at
jsinterp.c:2228
#10 0x4007e7ed in js_Invoke (cx=0x865a9e8, argc=2, flags=0) at jsinterp.c:670
#11 0x4008cf01 in js_Interpret (cx=0x865a9e8, result=0xbfffd0bc) at
jsinterp.c:2228
#12 0x4007e7ed in js_Invoke (cx=0x865a9e8, argc=2, flags=0) at jsinterp.c:670
#13 0x4008cf01 in js_Interpret (cx=0x865a9e8, result=0xbfffda84) at
jsinterp.c:2228
#14 0x4007e7ed in js_Invoke (cx=0x865a9e8, argc=0, flags=0) at jsinterp.c:670
#15 0x4008cf01 in js_Interpret (cx=0x865a9e8, result=0xbfffe44c) at
jsinterp.c:2228
#16 0x4007e7ed in js_Invoke (cx=0x865a9e8, argc=0, flags=0) at jsinterp.c:670
#17 0x4008cf01 in js_Interpret (cx=0x865a9e8, result=0xbfffee14) at
jsinterp.c:2228
#18 0x4007e7ed in js_Invoke (cx=0x865a9e8, argc=1, flags=2) at jsinterp.c:670
#19 0x4007eb08 in js_InternalCall (cx=0x865a9e8, obj=0x863f370, fval=142002304,
argc=1,
    argv=0xbfffefe8, rval=0xbfffefec) at jsinterp.c:747
#20 0x40056a09 in JS_CallFunctionValue (cx=0x865a9e8, obj=0x863f370,
fval=142002304, argc=1,
    argv=0xbfffefe8, rval=0xbfffefec) at jsapi.c:2662
#21 0x4043e8b1 in nsJSEventListener::HandleEvent (this=0x869d768,
aEvent=0x8704658)
    at nsJSEventListener.cpp:110
#22 0x40c5ab36 in nsEventListenerManager::HandleEvent (this=0x8754368,
aPresContext=@0x85e4690,
    aEvent=0xbffff2bc, aDOMEvent=0xbffff180, aFlags=7, aEventStatus=@0xbffff2f4)
    at nsEventListenerManager.cpp:991
#23 0x4041d143 in GlobalWindowImpl::HandleDOMEvent (this=0x865a940,
aPresContext=@0x85e4690,
    aEvent=0xbffff2bc, aDOMEvent=0xbffff180, aFlags=1, aEventStatus=@0xbffff2f4)
    at nsGlobalWindow.cpp:2844
...etc...
Assignee: troy → nisheeth
Nisheeth, looks like you're been mucking around in the frame manager
This can be reproduced very easily on Unix using the irc client.  configure
--with-extensions=irc, make (at least in extensions/irc), load
resource:///irc/tests/test3.xul from apprunner, and reload (last night, 9/14, it
happened on the first reload.)
Status: NEW → ASSIGNED
Target Milestone: M11
Accepting bug and setting milestone to M11...
Whiteboard: Waiting for checkin approval
Thanks for the suggested patch.  I'm waiting for approval to check it in...  If
no primary frame is found, we shouldn't try to restore the frame state.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Whiteboard: Waiting for checkin approval
I just checked in the patch...
I don't see the checkin on Tinderbox or via cvs.
I checked in, cvs locks didn't let my checkin commit, and solaris went red!  :-)
Hence, the delay.  Look for the checkin now.  It just went in.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.