Closed Bug 143835 Opened 22 years ago Closed 22 years ago

Trunk M1RC2 crashes changing skins [@ nsHashtable::Enumerate]

Categories

(Core :: XBL, defect)

Product:
Core
Component:
XBL
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: greer, Assigned: hyatt)

References

(
URL
)

Details

(Keywords: crash, qawanted, topcrash)

Crash Data

Attachments

(2 files)

Other comments
1.66 KB, text/plain
Details
proposed patch
558 bytes, patch
brendan
: review+
waterson
: superreview+
chofmann
: approval+
Details | Diff | Splinter Review 
Crashes under this signature start showing up in M1RC1 and continue on the Trunk 
and into RC2. Users seem to have specific trouble with the Pinball theme. This 
one may belong to another component, possibly Themes. I haven't been able to 
reproduce it yet. Guessing 143710 is a dupe of this one. cc'ing reporter.

Stack trace(Frame) 

         nsHashtable::Enumerate 
[d:\builds\seamonkey\mozilla\xpcom\ds\nsHashtable.cpp  line 362] 
         nsBindingManager::FlushSkinBindings
[d:\builds\seamonkey\mozilla\content\xbl\src\nsBindingManager.cpp  line 1053] 
         FlushSkinBindingsForWindow
[d:\builds\seamonkey\mozilla\rdf\chrome\src\nsChromeRegistry.cpp  line 1166] 
         nsChromeRegistry::RefreshSkins
[d:\builds\seamonkey\mozilla\rdf\chrome\src\nsChromeRegistry.cpp  line 1185] 
         XPTC_InvokeByIndex
[d:\builds\seamonkey\mozilla\xpcom\reflect\xptcall\src\md\win32\xptcinvoke.cpp  
line 106] 
         XPCWrappedNative::CallMethod
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednative.cpp  line 
2027] 
         XPC_WN_CallMethod
[d:\builds\seamonkey\mozilla\js\src\xpconnect\src\xpcwrappednativejsops.cpp  
line 1267] 
         js_Invoke      [d:\builds\seamonkey\mozilla\js\src\jsinterp.c  line 
790] 
         js_Interpret   [d:\builds\seamonkey\mozilla\js\src\jsinterp.c  line 
2744] 
         js_Invoke      [d:\builds\seamonkey\mozilla\js\src\jsinterp.c  line 
806] 
         js_InternalInvoke      [d:\builds\seamonkey\mozilla\js\src\jsinterp.c  
line 881] 
         JS_CallFunctionValue   [d:\builds\seamonkey\mozilla\js\src\jsapi.c  
line 3426] 
         nsJSContext::CallEventHandler
[d:\builds\seamonkey\mozilla\dom\src\base\nsJSEnvironment.cpp  line 1019] 
         nsJSEventListener::HandleEvent
[d:\builds\seamonkey\mozilla\dom\src\events\nsJSEventListener.cpp  line 182] 
         nsEventListenerManager::HandleEventSubType
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp  line 
1218] 
         nsEventListenerManager::HandleEvent
[d:\builds\seamonkey\mozilla\content\events\src\nsEventListenerManager.cpp  line 
2210] 
         nsXULElement::HandleDOMEvent
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp  line 
3461] 
         PresShell::HandleDOMEventWithTarget
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp  line 6153] 
         nsButtonBoxFrame::MouseClicked
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsButtonBoxFrame.cpp  line 195] 
         nsButtonBoxFrame::HandleEvent
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsButtonBoxFrame.cpp  line 142] 
         PresShell::HandleEventInternal
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp  line 6122] 
         PresShell::HandleEventWithTarget
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp  line 6073] 
         nsEventStateManager::CheckForAndDispatchClick
[d:\builds\seamonkey\mozilla\content\events\src\nsEventStateManager.cpp  line 
2634] 
         nsEventStateManager::PostHandleEvent
[d:\builds\seamonkey\mozilla\content\events\src\nsEventStateManager.cpp  line 
1715] 
         PresShell::HandleEventInternal
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp  line 6126] 
         PresShell::HandleEvent 
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp
line 6028] 
         nsViewManager::HandleEvent     
[d:\builds\seamonkey\mozilla\view\src\nsViewManager.cpp
line 2076] 
         nsView::HandleEvent    [d:\builds\seamonkey\mozilla\view\src\nsView.cpp  
line 306] 
         nsViewManager::DispatchEvent   
[d:\builds\seamonkey\mozilla\view\src\nsViewManager.cpp
line 1887] 
         HandleEvent    [d:\builds\seamonkey\mozilla\view\src\nsView.cpp  line 
83] 
         nsWindow::DispatchEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp  line 869] 
         nsWindow::DispatchWindowEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp  line 886] 
         nsWindow::DispatchMouseEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp  line 4713] 
         ChildWindow::DispatchMouseEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp  line 4968] 
         nsWindow::ProcessMessage
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp  line 3630] 
         nsWindow::WindowProc   
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp  line
1131] 
         USER32.dll + 0x3a5f (0x77d43a5f)  
         USER32.dll + 0x3b2e (0x77d43b2e)  
         USER32.dll + 0x3d6a (0x77d43d6a)  
         USER32.dll + 0x41fd (0x77d441fd)  
         nsAppShellService::Run
[d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsAppShellService.cpp  line 451] 
         main1  [d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp  
line 1473] 
         main   [d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp  
line 1809] 
         WinMain        
[d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp  line 1827] 
         WinMainCRTStartup()  
         kernel32.dll + 0x1eb69 (0x77e7eb69)   
 
     (6164753)  Comments: Changing themes repeatedly from "little mozilla" to 
"pin ball" and back..
was trying to see if I could make the bad irc icon at bottom of browser go away.
Currently a topcrash on early returns of M1RC2.
Keywords: crash, qawanted, topcrash
Attached file Other comments 
Other comments for reference, most pointing to theme changes.
cc'ing andre who seems interested in bug 143710.
Also cc'ing pmac - Have you seen a recent crash problem changing themes - 
specifically "pinball"?
xbl for investigation.
Assignee: dougt → hyatt
Component: XPCOM → XBL
QA Contact: scc → ian
I uninstalled all third party themes to track down bug #143712, and while
uninstalling the pinball theme, mozilla immediately crashed. After I restarted
it, pinball theme seemed to have been completely uninstalled, though.
I reinstalled the pinball theme after having uninstalled it, and this time it
didn't crash.
This looks like it just needs a null-check (mBindingTable is checked for null
everywhere else), although I'm trying to get the disassembly/registers to
double-check.

This is the #4 topcrash in 1.0RC2.
from talkback Incident ID: 6254675:

x86 Registers:
EAX: 0012fc7c EBX: 611769d4 ECX: 00000000 EDX: 0012fcac
ESI: 00000000 EDI: 611769a2 ESP: 00000007 EBP: ffffffff
EIP: 00000000 cf PF af ZF sf of IF df nt RF vm   IOPL: 0
CS: 001b DS: 0023 SS: 0023 ES: 0023 FS: 0038 GS: 0000
Incident ID: 6244968

The EIP register and the first line of Code Around the PC are
red.


x86 Registers:
EAX: 0012fd4c EBX: 611769d4 ECX: 00000000 EDX: 0012fd7c
ESI: 00000000 EDI: 611769a2 ESP: 0012fd44 EBP: 0012fd54
EIP: 6113a84a cf PF af ZF sf of IF df nt RF vm   IOPL: 0
CS: 001b DS: 0023 SS: 0023 ES: 0023 FS: 0038 GS: 0000

Code Around the PC: 6113a84a 8b7e28           mov     edi,[esi+0x28]
6113a84d 50               push    eax
6113a84e 8d4608           lea     eax,[esi+0x8]
6113a851 686fa81361       push    0x6113a86f
6113a856 50               push    eax
6113a857 c7462801000000   mov     dword ptr [esi+0x28],0x1
6113a85e e8bdca0300       call    61177320
6113a863 83c40c           add     esp,0xc
6113a866 897e28           mov     [esi+0x28],edi
6113a869 5f               pop     edi



0x28 is the offset of mEnumerating in nsHashtable (assuming vtable pointer at
start) and 0x8 the offset of mHashtable, so this looks exactly like the null
check I suggested.
I'll r= in lieu of hyatt, who is on vacation.  Cc'ing waterson for sr=.

/be
Keywords: mozilla1.0+
Comment on attachment 83628 [details] [diff] [review]
proposed patch

sr=waterson. very old testament.
Comment on attachment 83628 [details] [diff] [review]
proposed patch

sr=waterson. very old testament.
Attachment #83628 - Flags: superreview+
Fix checked in to trunk, 2002-05-16 19:33 PDT.
Comment on attachment 83628 [details] [diff] [review]
proposed patch

a=chofmann,scc, valeksi for the 1.0 branch. check in dbaron!
Attachment #83628 - Flags: approval+
Fix checked in to branch, 2002-05-16 19:40 PDT.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
No longer blocks: 143200
Crash Signature: [@ nsHashtable::Enumerate]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: