Closed
Bug 165867
Opened 22 years ago
Closed 22 years ago
crash when visit URL: www.sina.com.cn - Trunk [@ nsBrowserStatusFilter::ProcessTimeout]
Categories
(SeaMonkey :: UI Design, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: leon.zhang, Assigned: jag+mozilla)
References
()
Details
(Keywords: crash, topcrash+)
Crash Data
Attachments
(1 file)
|
697 bytes,
patch
|
peterv
:
review+
darin.moz
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; zh-CN; rv:1.0rc2) Gecko/20020512 Netscape/7.0b1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; zh-CN; rv:1.0rc2) Gecko/20020512 Netscape/7.0b1
when visit website: www.sina.com.cn,mozilla crash sometimes.
trunk: 20020819
when crash,status of func calling stack :
nsBrowserStatusFilter::ProcessTimeout() line 289 + 12 bytes
nsBrowserStatusFilter::TimeoutHandler(nsITimer * 0x0506e9b8, void * 0x03af1ac0)
line 308
nsTimerImpl::Fire() line 337 + 17 bytes
nsTimerManager::FireNextIdleTimer(nsTimerManager * const 0x017d08e8) line 579
nsAppShell::Run(nsAppShell * const 0x017a14b0) line 156
nsAppShellService::Run(nsAppShellService * const 0x017c6a38) line 452
main1(int 1, char * * 0x002d6ef8, nsISupports * 0x00000000) line 1509 + 32 bytes
main(int 1, char * * 0x002d6ef8) line 1873 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e77d08()
crash point of code:
at **** of code below
void
nsBrowserStatusFilter::ProcessTimeout()
{
if (!mListener)
return;
if (mDelayedStatus) {
mDelayedStatus = PR_FALSE;
mListener->OnStatusChange(nsnull, nsnull, 0, mStatusMsg.get());
}
if (mDelayedProgress) {
mDelayedProgress = PR_FALSE;
**** mListener->OnProgressChange(nsnull, nsnull, 0, 0, mCurProgress,
mMaxProgress);
}
}
the values of varible:
1) mListener->mRawPtr: 0xdddddddd (invalid memory pointer!)
2) mDelayedStatus: PR_TRUIE--> PR_FALSE
Reproducible: Sometimes
Steps to Reproduce:
1.visit www.sina.com.cn
2.crash often happens,but not always
3.if not happen, reload again.
Actual Results:
crash
|
Reporter | |
Updated•22 years ago
|
|
|
Reporter | |
Comment 1•22 years ago
|
||
sorry, crash point should be located at line indicated below:
void
nsBrowserStatusFilter::ProcessTimeout()
{
if (!mListener)
return;
if (mDelayedStatus) {
mDelayedStatus = PR_FALSE;
**** mListener->OnStatusChange(nsnull, nsnull, 0, mStatusMsg.get());
^^^^^^^^^^Crash here!!!!
}
if (mDelayedProgress) {
mDelayedProgress = PR_FALSE;
mListener->OnProgressChange(nsnull, nsnull, 0, 0, mCurProgress,
mMaxProgress);
}
}
|
||
Comment 2•22 years ago
|
||
Adding topcrash+ and testcase keywords since it looks like the reporter has been able to reproduce this crash at http://www.sina.com.cn . According to Talkback data, this is a current topcrasher on the Trunk for Linux and Windows: Rank StackSignature Count 15 nsBrowserStatusFilter::ProcessTimeout 13 Source File : /builds/client/linux22/seamonkey/mozilla/xpfe/browser/src/nsBrowserStatusFilter.cpp line : 290 ==================================================================================================== Count Offset Real Signature [ 4 nsBrowserStatusFilter::ProcessTimeout() 924a1f36 - nsBrowserStatusFilter::ProcessTimeout() ] Crash date range: 2002-08-31 to 2002-09-02 Min/Max Seconds since last crash: 265 - 7488 Min/Max Runtime: 7488 - 47533 Keyword List : Count Platform List 4 Linux 2.4.19 Count Build Id List 4 2002083005 No of Unique Users 1 Stack trace(Frame) nsBrowserStatusFilter::ProcessTimeout() [/builds/client/linux22/seamonkey/mozilla/xpfe/browser/src/nsBrowserStatusFilter.cpp line 289] nsBrowserStatusFilter::TimeoutHandler() [/builds/client/linux22/seamonkey/mozilla/xpfe/browser/src/nsBrowserStatusFilter.cpp line 308] nsTimerImpl::Fire() [/builds/client/linux22/seamonkey/mozilla/xpcom/threads/nsTimerImpl.cpp line 341] handleTimerEvent() [/builds/client/linux22/seamonkey/mozilla/xpcom/threads/nsTimerImpl.cpp line 399] PL_HandleEvent() [/builds/client/linux22/seamonkey/mozilla/xpcom/threads/plevent.c line 643] PL_ProcessEventsBeforeID() [/builds/client/linux22/seamonkey/mozilla/xpcom/threads/plevent.c line 1540] processQueue() [/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp line 448] nsVoidArray::EnumerateForwards() [/builds/client/linux22/seamonkey/mozilla/xpcom/ds/nsVoidArray.cpp line 660] nsAppShell::ProcessBeforeID() [/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp line 456] handle_gdk_event() [/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsGtkEventHandler.cpp line 926] libgdk-1.2.so.0 + 0x19075 (0x4039d075) libglib-1.2.so.0 + 0x12ad0 (0x403d0ad0) libglib-1.2.so.0 + 0x12fb9 (0x403d0fb9) libglib-1.2.so.0 + 0x13254 (0x403d1254) libgtk-1.2.so.0 + 0xa880e (0x402d280e) nsAppShell::Run() [/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp line 334] nsAppShellService::Run() [/builds/client/linux22/seamonkey/mozilla/xpfe/appshell/src/nsAppShellService.cpp line 472] main1() [/builds/client/linux22/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line 1889] main() [/builds/client/linux22/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line 1877] libc.so.6 + 0x18602 (0x40545602) ==================================================================================================== Count Offset Real Signature [ 2 nsBrowserStatusFilter::ProcessTimeout() c0b545a1 - nsBrowserStatusFilter::ProcessTimeout() ] Crash date range: 2002-09-07 to 2002-09-08 Min/Max Seconds since last crash: 6304 - 28792 Min/Max Runtime: 7863 - 28792 Keyword List : Count Platform List 2 Linux 2.4.19 Count Build Id List 1 2002090721 1 2002090622 No of Unique Users 2 Stack trace(Frame) nsBrowserStatusFilter::ProcessTimeout() [/builds/client/linux22/seamonkey/mozilla/xpfe/browser/src/nsBrowserStatusFilter.cpp line 290] nsBrowserStatusFilter::TimeoutHandler() [/builds/client/linux22/seamonkey/mozilla/xpfe/browser/src/nsBrowserStatusFilter.cpp line 309] nsTimerImpl::Fire() [/builds/client/linux22/seamonkey/mozilla/xpcom/threads/nsTimerImpl.cpp line 368] handleTimerEvent() [/builds/client/linux22/seamonkey/mozilla/xpcom/threads/nsTimerImpl.cpp line 431] PL_HandleEvent() [/builds/client/linux22/seamonkey/mozilla/xpcom/threads/plevent.c line 643] PL_ProcessEventsBeforeID() [/builds/client/linux22/seamonkey/mozilla/xpcom/threads/plevent.c line 1540] processQueue() [/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp line 448] nsVoidArray::EnumerateForwards() [/builds/client/linux22/seamonkey/mozilla/xpcom/ds/nsVoidArray.cpp line 660] nsAppShell::ProcessBeforeID() [/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp line 456] handle_gdk_event() [/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsGtkEventHandler.cpp line 926] libgdk-1.2.so.0 + 0x19075 (0x4039e075) libglib-1.2.so.0 + 0x12ad0 (0x403d1ad0) libglib-1.2.so.0 + 0x12fb9 (0x403d1fb9) libglib-1.2.so.0 + 0x13254 (0x403d2254) libgtk-1.2.so.0 + 0xa880e (0x402d380e) nsAppShell::Run() [/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp line 334] nsAppShellService::Run() [/builds/client/linux22/seamonkey/mozilla/xpfe/appshell/src/nsAppShellService.cpp line 472] main1() [/builds/client/linux22/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line 1880] main() [/builds/client/linux22/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line 1868] libc.so.6 + 0x18602 (0x40547602) ==================================================================================================== Count Offset Real Signature [ 1 nsBrowserStatusFilter::ProcessTimeout() 89b8222c - nsBrowserStatusFilter::ProcessTimeout() ] Crash date range: 2002-09-06 to 2002-09-06 Min/Max Seconds since last crash: 15140 - 15140 Min/Max Runtime: 19589 - 19589 Keyword List : Count Platform List 1 Linux 2.4.19 Count Build Id List 1 2002090522 No of Unique Users 1 Stack trace(Frame) nsBrowserStatusFilter::ProcessTimeout() [/builds/client/linux22/seamonkey/mozilla/xpfe/browser/src/nsBrowserStatusFilter.cpp line 294] nsBrowserStatusFilter::TimeoutHandler() [/builds/client/linux22/seamonkey/mozilla/xpfe/browser/src/nsBrowserStatusFilter.cpp line 308] nsTimerImpl::Fire() [/builds/client/linux22/seamonkey/mozilla/xpcom/threads/nsTimerImpl.cpp line 341] handleTimerEvent() [/builds/client/linux22/seamonkey/mozilla/xpcom/threads/nsTimerImpl.cpp line 399] PL_HandleEvent() [/builds/client/linux22/seamonkey/mozilla/xpcom/threads/plevent.c line 643] PL_ProcessEventsBeforeID() [/builds/client/linux22/seamonkey/mozilla/xpcom/threads/plevent.c line 1540] processQueue() [/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp line 448] nsVoidArray::EnumerateForwards() [/builds/client/linux22/seamonkey/mozilla/xpcom/ds/nsVoidArray.cpp line 660] nsAppShell::ProcessBeforeID() [/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp line 456] handle_gdk_event() [/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsGtkEventHandler.cpp line 926] libgdk-1.2.so.0 + 0x19075 (0x4039e075) libglib-1.2.so.0 + 0x12ad0 (0x403d1ad0) libglib-1.2.so.0 + 0x12fb9 (0x403d1fb9) libglib-1.2.so.0 + 0x13254 (0x403d2254) libgtk-1.2.so.0 + 0xa880e (0x402d380e) nsAppShell::Run() [/builds/client/linux22/seamonkey/mozilla/widget/src/gtk/nsAppShell.cpp line 334] nsAppShellService::Run() [/builds/client/linux22/seamonkey/mozilla/xpfe/appshell/src/nsAppShellService.cpp line 472] main1() [/builds/client/linux22/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line 1880] main() [/builds/client/linux22/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line 1868] libc.so.6 + 0x18602 (0x40546602) ==================================================================================================== Count Offset Real Signature [ 1 nsBrowserStatusFilter::ProcessTimeout ef49b342 - nsBrowserStatusFilter::ProcessTimeout ] [ 1 nsBrowserStatusFilter::ProcessTimeout dcc164ed - nsBrowserStatusFilter::ProcessTimeout ] Crash date range: 2002-08-30 to 2002-09-05 Min/Max Seconds since last crash: 7218 - 25993 Min/Max Runtime: 7218 - 189078 Keyword List : Count Platform List 1 Windows NT 4.0 build 1381 1 Windows 98 4.90 build 73010104 Count Build Id List 1 2002083008 1 2002083004 No of Unique Users 2 Stack trace(Frame) nsBrowserStatusFilter::ProcessTimeout [c:/builds/seamonkey/mozilla/xpfe/browser/src/nsBrowserStatusFilter.cpp line 287] nsTimerManager::FireNextIdleTimer [c:/builds/seamonkey/mozilla/xpcom/threads/nsTimerImpl.cpp line 579] nsAppShellService::Run [c:/builds/seamonkey/mozilla/xpfe/appshell/src/nsAppShellService.cpp line 472] main1 [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line 1529] (10104781) Comments: Just after I send a pop-up ad flying ==================================================================================================== Count Offset Real Signature [ 1 nsBrowserStatusFilter::ProcessTimeout e02c3db7 - nsBrowserStatusFilter::ProcessTimeout ] [ 1 nsBrowserStatusFilter::ProcessTimeout 9d53056b - nsBrowserStatusFilter::ProcessTimeout ] Crash date range: 2002-09-02 to 2002-09-05 Min/Max Seconds since last crash: 65 - 24989 Min/Max Runtime: 31614 - 127497 Keyword List : Count Platform List 1 Windows 98 4.10 build 67766446 1 Windows 95 4.0 build 67306684 Count Build Id List 1 2002090208 1 2002083008 No of Unique Users 2 Stack trace(Frame) nsBrowserStatusFilter::ProcessTimeout [c:/builds/seamonkey/mozilla/xpfe/browser/src/nsBrowserStatusFilter.cpp line 292] nsTimerImpl::Fire [c:/builds/seamonkey/mozilla/xpcom/threads/nsTimerImpl.cpp line 338] USER32.DLL + 0x4d8d (0xbff64d8d) nsAppShellService::Run [c:/builds/seamonkey/mozilla/xpfe/appshell/src/nsAppShellService.cpp line 472] main1 [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line 1529] main [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line 1880] WinMain [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp line 1898] WinMainCRTStartup() KERNEL32.DLL + 0x19349 (0xbff89349) KERNEL32.DLL + 0x191fb (0xbff891fb) KERNEL32.DLL + 0x17c38 (0xbff87c38) (10249183) Comments: ARRRAAAAAGGGG!!!!!! ==================================================================================================== Count Offset Real Signature [ 1 nsBrowserStatusFilter::ProcessTimeout cea8ef28 - nsBrowserStatusFilter::ProcessTimeout ] Crash date range: 2002-09-04 to 2002-09-04 Min/Max Seconds since last crash: 2491 - 2491 Min/Max Runtime: 8827 - 8827 Keyword List : Count Platform List 1 Windows 98 4.10 build 67766446 Count Build Id List 1 2002090308 No of Unique Users 1 Stack trace(Frame) nsBrowserStatusFilter::ProcessTimeout [c:/builds/seamonkey/mozilla/xpfe/browser/src/nsBrowserStatusFilter.cpp line 287] ==================================================================================================== Count Offset Real Signature [ 1 nsBrowserStatusFilter::ProcessTimeout 5415a327 - nsBrowserStatusFilter::ProcessTimeout ] Crash date range: 2002-09-07 to 2002-09-07 Min/Max Seconds since last crash: 43140 - 43140 Min/Max Runtime: 43140 - 43140 Keyword List : Count Platform List 1 Windows 98 4.10 build 67766446 Count Build Id List 1 2002090604 No of Unique Users 1 Stack trace(Frame) nsBrowserStatusFilter::ProcessTimeout [c:/builds/seamonkey/mozilla/xpfe/browser/src/nsBrowserStatusFilter.cpp line 296] nsTimerImpl::Fire [c:/builds/seamonkey/mozilla/xpcom/threads/nsTimerImpl.cpp line 338] USER32.DLL + 0x580d (0xbfc0580d) 0x0065006c
|
|
||
Comment 3•22 years ago
|
||
cc'ing dougt and jaggernaut since it looks like both of them have worked with nsBrowserStatusFilter.cpp recently. maybe one of them can shed some light on this crash. wasn't sure what component to pick or the right owner, so i'll leave it up to someone who knows.
|
||
Comment 4•22 years ago
|
||
I have only touched this file on and after Sept 6. This bug was written up prior to that date. Looking at the code, this crash can occur if ProcessTimeout is ever called on a non UI thread. You will race with AddProgressListener in that case.
|
Assignee | |
Comment 5•22 years ago
|
||
Taking
Assignee: asa → jaggernaut
Component: Browser-General → XP Apps
|
||
Comment 6•22 years ago
|
||
Humm I think this has a straightforward fix. The line if code mDelayedStatus = PR_FALSE; needs be added to nsBrowserStatusFilter::RemoveProgressListener and probably also to nsBrowserStatusFilter::AddProgressListener whenever listener comes or goes, need to start from not delayed state.
|
|
Assignee | |
Comment 7•22 years ago
|
||
Sam: I don't quite see how that fixes this crash. When you RemoveProgressListener, |mListener = nsnull;| Then in ProcessTimeout we do |if (!mListener) return;| darin and I looked at this and we suspect that the timer is executing the callback function after the filter object has been destroyed. I'm going to try cancelling the timer from the destructor.
|
||
Comment 8•22 years ago
|
||
jag and i looked at this and the problem is that the timer "subsystem" doesn't own a reference back to the nsBrowserStatusFilter object. as a result, the object can be destroyed before the timer fires, and the timer callback will attempt to dereference a junk memory address. the patch is trivial... we just need to call Cancel on mTimer from ~nsBrowserStatusFilter. jag said he would write up the patch.
|
||
Comment 9•22 years ago
|
||
Can we get this fixed ASAP? Thanks, /be
|
|
Assignee | |
Comment 10•22 years ago
|
||
I haven't been able to crash my browser on this site, but I hope this patch fixes it. leon.zhang, can you apply this patch and see if it fixes the problem for you?
|
|
||
Comment 11•22 years ago
|
||
Comment on attachment 99262 [details] [diff] [review] Cancel timer when filter object is destroyed. r/sr=darin
Attachment #99262 -
Flags: superreview+
|
||
Comment 12•22 years ago
|
||
Comment on attachment 99262 [details] [diff] [review] Cancel timer when filter object is destroyed. r=peterv
Attachment #99262 -
Flags: review+
|
||
Comment 13•22 years ago
|
||
This looks like it is also a problem on the 1.0 branch, right? If so, we need to get this checked in there too.
|
|
Assignee | |
Comment 14•22 years ago
|
||
Not really, since this hasn't been landed on the 1.0.x branch yet
|
||
Comment 15•22 years ago
|
||
http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/xpfe/browser/src/nsBrowserStatusFilter.cpp shows that this is already checked in. marking FIXED.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 16•22 years ago
|
||
Reopening. We don't know for sure that this patch fixes the problem. Thanks for trying to help out, though.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Comment 17•22 years ago
|
||
It seems to have fixed the crash (no more talkback reports for this stack since the checkin).
Status: REOPENED → RESOLVED
Closed: 22 years ago → 22 years ago
Resolution: --- → FIXED
|
||
Updated•20 years ago
|
Product: Core → Mozilla Application Suite
|
||
Updated•13 years ago
|
Crash Signature: [@ nsBrowserStatusFilter::ProcessTimeout]
You need to log in
before you can comment on or make changes to this bug.
Description
•