Closed Bug 168013 Opened 23 years ago Closed 22 years ago

crash if I close a loading tab while another tab is still loading [@ nsHTMLInputElement::Select]

Categories

(Core :: Layout: Form Controls, defect, P3)

Product:
Core
Component:
Layout: Form Controls
Platform:
PowerPC
macOS
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.3beta

People

(Reporter: mozdev, Assigned: john)

Details

(Keywords: crash, Whiteboard: [FIX])

Crash Data

Attachments

(1 file, 2 obsolete files)

Patch v1.1
1.81 KB, patch
sicking
: review+
sfraser_bugs
: superreview+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.1) Gecko/20020826 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.1) Gecko/20020826 While browsing babynamer.com, I'll command-click to open a new tab from one window then I'll switch to view that tab. Meanwhile, both the original tab and the newly created one have the spinning arrorws in them indicating they are still loading parts of the page. If I use Command-W to close the front tab, Mozilla crashes. Reproducible: Always Steps to Reproduce: 1. On babynamer.com, search for a name using the search box. 2. Once the search results return, command-click on any of the links on the page to create a new tab. 3. Switch to viewing the newly created tab. 4. Hit command-w to close the tab. Actual Results: Mozilla application crashes. Leaves crash log. Expected Results: Frontmost tab should close without crashing the entire Mozilla application. Here's the Mozilla.crash.log: ********** Date/Time: 2002-09-11 12:07:03 -0400 OS Version: 10.2 (Build 6C115) Host: hellmouth.isc-net.upenn.edu Command: Mozilla PID: 10165 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000 Thread 0 Crashed: #0 0x027ac4fc in nsHTMLInputElement::Select(void) #1 0x00298abc in XPTC_InvokeByIndex #2 0x002989b0 in XPTC_InvokeByIndex #3 0x01fcb4f4 in 0x1fcb4f4 #4 0x01fd199c in XPC_WN_CallMethod(JSContext *, JSObject *, unsigned int, long *, long *) #5 0x01f4ad9c in js_Invoke #6 0x01f52e44 in 0x1f52e44 #7 0x01f4adf4 in js_Invoke #8 0x01f4b040 in js_InternalInvoke #9 0x01f2beac in JS_CallFunctionValue #10 0x0260a3ac in nsJSContext::CallEventHandler(void *, void *, unsigned int, void *, int *, int) #11 0x02629f14 in nsJSEventListener::HandleEvent(nsIDOMEvent *) #12 0x0272ddf4 in HandleEventSubType__22nsEventListenerManagerFP16nsListenerStru #13 0x0272f99c in 0x272f99c #14 0x0260f7ac in GlobalWindowImpl::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #15 0x028735f0 in DocumentViewerImpl::LoadComplete(unsigned int) #16 0x025ce81c in nsDocShell::EndPageLoad(nsIWebProgress *, nsIChannel *, unsigned int) #17 0x025e5594 in 0x25e5594 #18 0x025cdf70 in 0x25cdf70 #19 0x0251b9ec in FireOnStateChange__15nsDocLoaderImplFP14nsIWebProgressP10nsIRe #20 0x0251a850 in nsDocLoaderImpl::doStopDocumentLoad(nsIRequest *, unsigned int) #21 0x0251a5e4 in nsDocLoaderImpl::DocLoaderIsEmpty(void) #22 0x0251a2f4 in nsDocLoaderImpl::OnStopRequest(nsIRequest *, nsISupports *, unsigned int) #23 0x02026aa0 in nsLoadGroup::RemoveRequest(nsIRequest *, nsISupports *, unsigned int) #24 0x02cea5e0 in imgRequestProxy::OnStopRequest(nsIRequest *, nsISupports *, unsigned int) #25 0x02ce6c68 in imgRequest::RemoveProxy(imgRequestProxy *, unsigned int, int) #26 0x02ce9880 in imgRequestProxy::Cancel(unsigned int) #27 0x02f012f8 in nsImageFrame::Destroy(nsIPresContext *) #28 0x02f49e44 in nsLineBox::DeleteLineList(nsIPresContext *, nsLineList &) #29 0x02f1b23c in nsBlockFrame::Destroy(nsIPresContext *) #30 0x02f8dce4 in nsFrameList::DestroyFrames(nsIPresContext *) #31 0x02e76118 in nsContainerFrame::Destroy(nsIPresContext *) #32 0x02f8dce4 in nsFrameList::DestroyFrames(nsIPresContext *) #33 0x02e76118 in nsContainerFrame::Destroy(nsIPresContext *) #34 0x02f8dce4 in nsFrameList::DestroyFrames(nsIPresContext *) #35 0x02e76118 in nsContainerFrame::Destroy(nsIPresContext *) #36 0x02f8dce4 in nsFrameList::DestroyFrames(nsIPresContext *) #37 0x02e76118 in nsContainerFrame::Destroy(nsIPresContext *) #38 0x02eca120 in nsTableFrame::Destroy(nsIPresContext *) #39 0x02f8dce4 in nsFrameList::DestroyFrames(nsIPresContext *) #40 0x02e76118 in nsContainerFrame::Destroy(nsIPresContext *) #41 0x02edead0 in nsTableOuterFrame::Destroy(nsIPresContext *) #42 0x02f49e44 in nsLineBox::DeleteLineList(nsIPresContext *, nsLineList &) #43 0x02f1b23c in nsBlockFrame::Destroy(nsIPresContext *) #44 0x02f49e44 in nsLineBox::DeleteLineList(nsIPresContext *, nsLineList &) #45 0x02f1b23c in nsBlockFrame::Destroy(nsIPresContext *) #46 0x02f4d2fc in nsAreaFrame::Destroy(nsIPresContext *) #47 0x02f8dce4 in nsFrameList::DestroyFrames(nsIPresContext *) #48 0x02e76118 in nsContainerFrame::Destroy(nsIPresContext *) #49 0x0301a8c0 in CanvasFrame::Destroy(nsIPresContext *) #50 0x02f8dce4 in nsFrameList::DestroyFrames(nsIPresContext *) #51 0x02e76118 in nsContainerFrame::Destroy(nsIPresContext *) #52 0x02f93a1c in nsBoxFrame::Destroy(nsIPresContext *) #53 0x02f8dce4 in nsFrameList::DestroyFrames(nsIPresContext *) #54 0x02e76118 in nsContainerFrame::Destroy(nsIPresContext *) #55 0x02f93a1c in nsBoxFrame::Destroy(nsIPresContext *) #56 0x02fc4bb8 in nsGfxScrollFrame::Destroy(nsIPresContext *) #57 0x02f8dce4 in nsFrameList::DestroyFrames(nsIPresContext *) #58 0x02e76118 in nsContainerFrame::Destroy(nsIPresContext *) #59 0x02f61610 in ViewportFrame::Destroy(nsIPresContext *) #60 0x02fbaafc in FrameManager::Destroy(void) #61 0x02e8deec in PresShell::Destroy(void) #62 0x028751e4 in DocumentViewerImpl::Hide(void) #63 0x03012548 in nsHTMLFrameInnerFrame::Destroy(nsIPresContext *) #64 0x02f8dce4 in nsFrameList::DestroyFrames(nsIPresContext *) #65 0x02e76118 in nsContainerFrame::Destroy(nsIPresContext *) #66 0x02f8e02c in nsFrameList::DestroyFrame(nsIPresContext *, nsIFrame *) #67 0x02f93ce0 in RemoveFrame__10nsBoxFrameFP14nsIPresContextR12nsIPresShellP7ns #68 0x02fbbea4 in RemoveFrame__12FrameManagerFP14nsIPresContextR12nsIPresShellP8 #69 0x02f7d280 in ContentRemoved__21nsCSSFrameConstructorFP14nsIPresContextP10ns #70 0x026b36a0 in StyleSetImpl::ContentRemoved(nsIPresContext *, nsIContent *, *) #71 0x02e9a3a8 in ContentRemoved__9PresShellFP11nsIDocumentP10nsIContentP10nsICo #72 0x02937084 in nsXULDocument::ContentRemoved(nsIContent *, nsIContent *, int) #73 0x029776b8 in nsXULElement::RemoveChildAt(int, int) #74 0x02972bd0 in nsXULElement::RemoveChild(nsIDOMNode *, nsIDOMNode **) #75 0x00298abc in XPTC_InvokeByIndex #76 0x002989b0 in XPTC_InvokeByIndex #77 0x01fcb4f4 in 0x1fcb4f4 #78 0x01fd199c in XPC_WN_CallMethod(JSContext *, JSObject *, unsigned int, long *, long *) #79 0x01f4ad9c in js_Invoke #80 0x01f52e44 in 0x1f52e44 #81 0x01f4adf4 in js_Invoke #82 0x01f4b040 in js_InternalInvoke #83 0x01f2beac in JS_CallFunctionValue #84 0x0260a3ac in nsJSContext::CallEventHandler(void *, void *, unsigned int, void *, int *, int) #85 0x02629f14 in nsJSEventListener::HandleEvent(nsIDOMEvent *) #86 0x028f55c0 in nsXBLPrototypeHandler::ExecuteHandler(nsIDOMEventReceiver *) #87 0x029159f8 in WalkHandlersInternal__18nsXBLWindowHandlerFP11nsIDOMEventP7nsI #88 0x028fdc2c in nsXBLWindowKeyHandler::WalkHandlers(nsIDOMEvent *, nsIAtom *) #89 0x028fddf0 in nsXBLWindowKeyHandler::KeyPress(nsIDOMEvent *) #90 0x0272f1a0 in 0x272f1a0 #91 0x02938044 in HandleDOMEvent__13nsXULDocumentFP14nsIPresContextP7nsEventPP11 #92 0x0297ad48 in HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP11n #93 0x0297ad10 in HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP11n #94 0x0297ad10 in HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP11n #95 0x0297ad10 in HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP11n #96 0x0297ad10 in HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP11n #97 0x0297ad10 in HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP11n #98 0x0297ad10 in HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP11n #99 0x0297ad10 in HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP11n #100 0x02980cd0 in nsXULElement::HandleChromeEvent(nsIPresContext *, nsEvent *, **) #101 0x0260f830 in GlobalWindowImpl::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #102 0x026abb6c in HandleDOMEvent__10nsDocumentFP14nsIPresContextP7nsEventPP11nsI #103 0x02830fb0 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #104 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #105 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #106 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #107 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #108 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #109 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #110 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #111 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #112 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #113 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #114 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #115 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #116 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #117 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #118 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #119 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #120 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #121 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #122 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #123 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #124 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #125 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #126 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #127 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #128 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #129 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #130 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #131 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #132 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #133 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #134 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #135 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #136 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #137 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #138 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #139 0x02830f80 in nsGenericElement::HandleDOMEvent(nsIPresContext *, nsEvent *, *) #140 0x0274e9bc in 0x274e9bc #141 0x02761368 in HandleDOMEvent__19nsHTMLAnchorElementFP14nsIPresContextP7nsEve #142 0x02e9c914 in HandleEventInternal__9PresShellFP7nsEventP7nsIViewUiP13nsEvent #143 0x02e9c66c in PresShell::HandleEvent(nsIView *, nsGUIEvent *, nsEventStatus *) #144 0x03154998 in 0x3154998 #145 0x0314a5dc in nsView::HandleEvent(nsViewManager *, nsGUIEvent *, int) #146 0x03153ee0 in 0x3153ee0 #147 0x03149c68 in HandleEvent(nsGUIEvent *) #148 0x022d9bd0 in nsWindow::DispatchEvent(nsGUIEvent *, nsEventStatus &) #149 0x022d9cac in nsWindow::DispatchWindowEvent(nsGUIEvent &) #150 0x022edba0 in nsMacEventHandler::HandleUKeyEvent(wchar_t *, long, EventRecord &) #151 0x022feee8 in UnicodeNotFromInputMethodHandler__19nsMacTSMMessagePumpFPC6AED #152 0x91b56e4c in aeDispatchAppleEvent(AEDesc const*, AEDesc*, unsigned long, unsigned char*) #153 0x91b5afd8 in sendToSelf(AEDesc const*, AEDesc*, long, long) #154 0x91b58a00 in AESendMessage #155 0x91b5ac04 in aeSend #156 0x92ca5f90 in AESend #157 0x92c28568 in HandleTextInputEvent(OpaqueEventRef*) #158 0x92bb208c in ToolboxEventDispatcherHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) #159 0x92ba266c in DispatchEventToHandlers #160 0x92ba291c in SendEventToEventTargetInternal #161 0x92bb4c88 in SendEventToEventTarget #162 0x92c38010 in SendTSMEvent #163 0x92bfcc74 in SendUnicodeTextAEToUnicodeDoc #164 0x92c03aa0 in utDeliverTSMEvent #165 0x92c37f1c in TSMKeyEvent #166 0x92be0744 in TSMProcessRawKeyEvent #167 0x92bf9458 in HandleCompatibilityKeyEvent(OpaqueEventRef*) #168 0x92bbaf74 in CompatibilityEventHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) #169 0x92ba25b4 in DispatchEventToHandlers #170 0x92ba291c in SendEventToEventTargetInternal #171 0x92ba5d28 in SendEventToEventTargetWithOptions #172 0x92bec1e0 in HandleKeyboardEvent(OpaqueEventRef*, unsigned long) #173 0x92bb2080 in ToolboxEventDispatcherHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) #174 0x92ba266c in DispatchEventToHandlers #175 0x92ba291c in SendEventToEventTargetInternal #176 0x92bb4c88 in SendEventToEventTarget #177 0x92bb6a4c in ToolboxEventDispatcher(OpaqueEventRef*) #178 0x92bc7f20 in CallEventDispatchHook #179 0x92bb3484 in TryEventDispatcher #180 0x92ba3ecc in GetOrPeekEvent #181 0x92ba3c8c in GetNextEventMatchingMask #182 0x92ba799c in WNEInternal #183 0x92bad858 in WaitNextEvent #184 0x022f2050 in nsMacMessagePump::GetEvent(EventRecord &) #185 0x022f1f2c in nsMacMessagePump::DoMessagePump(void) #186 0x022f18bc in nsAppShell::Run(void) #187 0x022ae53c in nsAppShellService::Run(void) #188 0x001a400c in main1(int, char **, nsISupports *) #189 0x001a4a4c in main Thread 1: #0 0x9000582c in syscall #1 0x90515d9c in BSD_waitevent #2 0x9051576c in CarbonSelectThreadFunc #3 0x90021428 in _pthread_body Thread 2: #0 0x9003f188 in semaphore_wait_signal_trap #1 0x9003efa4 in _pthread_cond_wait #2 0x9051dda0 in CarbonOperationThreadFunc #3 0x90021428 in _pthread_body Thread 3: #0 0x90042d68 in semaphore_timedwait_signal_trap #1 0x9003ef94 in _pthread_cond_wait #2 0x90233470 in TSWaitOnSemaphoreCommon #3 0x9023c298 in TimerThread #4 0x90021428 in _pthread_body Thread 4: #0 0x9003f188 in semaphore_wait_signal_trap #1 0x9003efa4 in _pthread_cond_wait #2 0x90233454 in TSWaitOnSemaphoreCommon #3 0x90248b2c in AsyncFileThread(void*) #4 0x90021428 in _pthread_body Thread 5: #0 0x9003f188 in semaphore_wait_signal_trap #1 0x9003efa4 in _pthread_cond_wait #2 0x90525b90 in CarbonInetOperThreadFunc #3 0x90021428 in _pthread_body PPC Thread State: srr0: 0x027ac4fc srr1: 0x0000f030 vrsave: 0x00000000 xer: 0x20000000 lr: 0x027ac4f0 ctr: 0x002f6eb0 mq: 0x00000000 r0: 0x027ac4f0 r1: 0xbfff3e60 r2: 0x02ab0000 r3: 0x00000000 r4: 0xbfff3e9c r5: 0xbfff3a5c r6: 0x5f8ae3f4 r7: 0x00000001 r8: 0x029f7a80 r9: 0x029f7a90 r10: 0x029f52f8 r11: 0x029f7ad0 r12: 0x003ca83c r13: 0x03d88b50 r14: 0x03fa6b18 r15: 0x0000005b r16: 0x021232b0 r17: 0x00000000 r18: 0x00000000 r19: 0x00000000 r20: 0xbfff42f8 r21: 0x00000000 r22: 0x00000000 r23: 0x00000000 r24: 0xbfff4150 r25: 0x00000000 r26: 0x00000000 r27: 0x00000000 r28: 0x03842e90 r29: 0xbfff3eac r30: 0x03fa6af0 r31: 0x00000000
Keywords: crash
to form controls first, based on stack.
Assignee: asa → jkeiser
Component: Browser-General → HTML Form Controls
QA Contact: asa → tpreston
Confirmed using FizzillaCFM/2002091014 on 10.1.5, generating same stack though I end up with two "nsHTMLInputElement::Select(void)"s. Jay, for future reference, crash reports should be attached to your bugs as a text file, and not quoted in a bug comment.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: crash if I close a loading tab while another tab is still loading → crash if I close a loading tab while another tab is still loading [@ nsHTMLInputElement::Select]
Thanks, but I was using the submit bug link from the main mozilla.org web page and there's no place to attach a file from there. See http://bugzilla.mozilla.org/enter_bug.cgi?product=Browser&format=guided I would have used it otherwise. Next time, I'll create the bug then attach.
I have also seen exactly the same on 1.2.1 on linux. So I suppose it applies to all platforms (if not macosx and linux share some code which other platfoms doesn't have). I suppose this problem is easily found on win32 also.
Attached patch Patch (obsolete) — Splinter Review
The problem is that presContext can be null in this instance. We *could* just make nothing happen during Select() if that is the case, but everything else seems to do its job just fine without a prescontext and I wouldn't want to deprive them of their rights to do processing just because an esm focus hack wants to access presContext directly.
Attached patch Patch v1.1 (obsolete) — Splinter Review
This version checks whether esm is null, which is what you really care about anyway. And removes annoying long lines.
Attachment #110274 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Priority: -- → P3
Whiteboard: [FIX]
Target Milestone: --- → mozilla1.3beta
Attached patch Patch v1.1Splinter Review
Oops, uploading the actual patch
Attachment #110275 - Attachment is obsolete: true
Attachment #110276 - Flags: superreview?(sfraser)
Attachment #110276 - Flags: review?(bugmail)
Comment on attachment 110276 [details] [diff] [review] Patch v1.1 r=sicking
Attachment #110276 - Flags: review?(bugmail) → review+
Attachment #110276 - Flags: superreview?(sfraser) → superreview+
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Keywords: nsbeta1+
Crash Signature: [@ nsHTMLInputElement::Select]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: