Closed Bug 175321 Opened 22 years ago Closed 22 years ago

Crashes with Type Ahead Find; topcrash on M120B [@ nsTypeAheadFind::FindItNow]

Categories

(SeaMonkey :: Find In Page, defect, P1)

Product:
SeaMonkey
Component:
Find In Page
Platform:
x86
Windows NT
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla1.2final

People

(Reporter: greer, Assigned: aaronlev)

References

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(1 file, 1 obsolete file)

Compare findnext's top content presshell with typeaheadfind's top content presshell. If different, taf shouldn't handle the findnext command.
5.57 KB, patch
caillon
: review+
brendan
: superreview+
asa
: approval+
Details | Diff | Splinter Review 
Not sure where this one belongs, I believe that Aaron worked on Type ahead Find,
so I will cc him. Aaron, please feel free to change this if it belongs somewhere
else.

This signature is showing up as a topcrash on the Trunk and in M1.2 Beta on
Windows and Linux. (The only user comments are at the bottom.)

Stack Trace: 

	 nsTypeAheadFind::FindItNow
[c:/builds/seamonkey/mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp 
line 1023]
	 nsTypeAheadFind::FindNext
[c:/builds/seamonkey/mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp 
line 1566]
	 nsTypeAheadFind::Observe
[c:/builds/seamonkey/mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp 
line 402]
	 nsObserverService::NotifyObservers
[c:/builds/seamonkey/mozilla/xpcom/ds/nsObserverService.cpp  line 213]
	 nsWebBrowserFind::FindNext
[c:/builds/seamonkey/mozilla/embedding/components/find/src/nsWebBrowserFind.cpp
 line 120]
	 XPTC_InvokeByIndex
[c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp 
line 106]
	 XPCWrappedNative::CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp  line 1996]
	 XPC_WN_CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp 
line 1267]
	 js_Invoke	[c:/builds/seamonkey/mozilla/js/src/jsinterp.c  line 841]
	 js_Interpret	[c:/builds/seamonkey/mozilla/js/src/jsinterp.c  line 2804]
	 js_Invoke	[c:/builds/seamonkey/mozilla/js/src/jsinterp.c  line 857]
	 js_InternalInvoke	[c:/builds/seamonkey/mozilla/js/src/jsinterp.c  line 932]
	 JS_CallFunctionValue	[c:/builds/seamonkey/mozilla/js/src/jsapi.c  line 3433]
	 nsJSContext::CallEventHandler
[c:/builds/seamonkey/mozilla/dom/src/base/nsJSEnvironment.cpp  line 1044]
	 nsJSEventListener::HandleEvent
[c:/builds/seamonkey/mozilla/dom/src/events/nsJSEventListener.cpp  line 184]
	 nsXBLPrototypeHandler::ExecuteHandler
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp  line 457]
	 nsXBLWindowHandler::WalkHandlersInternal
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLWindowHandler.cpp  line 312]
	 nsXBLWindowKeyHandler::WalkHandlers
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLWindowKeyHandler.cpp  line 183]
	 nsXBLWindowKeyHandler::KeyPress
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLWindowKeyHandler.cpp  line 199]
	 nsEventListenerManager::HandleEvent
[c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp  line
1627]
	 nsXULDocument::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/document/src/nsXULDocument.cpp  line 2602]
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3497]
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489]
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489]
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489]
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489]
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489]
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489]
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489]
	 nsXULElement::HandleChromeEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 4688]
	 GlobalWindowImpl::HandleDOMEvent
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp  line 792]
	 nsDocument::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsDocument.cpp  line 3539]
	 nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp  line 2055]
	 PresShell::HandleEventInternal
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp  line 6220]
	 PresShell::HandleEvent
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp  line 6143]
	 nsViewManager::HandleEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp  line 2148]
	 nsView::HandleEvent	[c:/builds/seamonkey/mozilla/view/src/nsView.cpp  line 304]
	 nsViewManager::DispatchEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp  line 1934]
	 HandleEvent	[c:/builds/seamonkey/mozilla/view/src/nsView.cpp  line 83]
	 nsWindow::DispatchEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 1065]
	 nsWindow::DispatchWindowEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 1082]
	 nsWindow::DispatchKeyEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 2925]
	 nsWindow::OnKeyDown
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 3014]
	 nsWindow::ProcessMessage
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 3913]
	 0x22eb84b1
 
 	Source File :
c:/builds/seamonkey/mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp
line : 1023
     (12669290)	Comments: Using F3 in typeaheadfind  
     (12429193)	Comments: Selected find again from menu after using type ahead
search (not sure if repeatable)
removing Aaron, from the cc list since he is the default owner.
Keywords: crash, topcrash
my guess is that treeItem is null.
1016               nsCOMPtr<nsIDocShellTreeItem>
treeItem(do_QueryInterface(startingContainer));
1017               nsCOMPtr<nsIDocShellTreeItem> rootContentTreeItem;
1018               nsCOMPtr<nsIDocShell> currentDocShell;
1019               nsCOMPtr<nsIDocShell>
startingDocShell(do_QueryInterface(startingContainer));
1020             
1021              
treeItem->GetSameTypeRootTreeItem(getter_AddRefs(rootContentTreeItem));
1022               nsCOMPtr<nsIDocShell> rootContentDocShell =
1023                 do_QueryInterface(rootContentTreeItem);
I wish I could work on this now, but I'm about to leave for the airport.
Blocks: isearch
Component: Accessibility APIs → Keyboard Navigation
Can we get a null defense wallpaper fix for 1.2?  Topcrash, and all, you know.

/be
Blocks: 1.2
Attached patch noisy wallpaper (obsolete) — Splinter Review 

    
    

    
  
Comment on attachment 103497 [details] [diff] [review]
noisy wallpaper

sr=bzbarsky, but keep the bug open for the real fix, please.

        Attachment #103497 -
        Flags: superreview+

    
    

    
  
Comment on attachment 103497 [details] [diff] [review]
noisy wallpaper

r=bbaetz, but don't let this become a permenant wallpaper

        Attachment #103497 -
        Flags: review+

    
    

    
  
Comment on attachment 103497 [details] [diff] [review]
noisy wallpaper

a=asa for checkin to 1.2 (on behalf of drivers).

        Attachment #103497 -
        Flags: approval+

    
    

    
  
Thanks for the temporary fix.

I do presshell -> prescontext -> docshell.

I do a null check on the presshell and prescontext, but I wasn't checking the
docshell.

Does anyone know when a presshell and prescontext can still be alive, but the
docshell isn't?

Perhaps the simple adding of this null check is the right fix after all.

    
    

    
  
Comment on attachment 103497 [details] [diff] [review]
noisy wallpaper

checked in. if this is the right patch then someone can remove the assertion
using this bug :)

        Attachment #103497 -
        Attachment is obsolete: true

    
    

    
  
If this is fixed, can we close it please?

    
    

    
  
According to jkeiser this should not be happening.

There should never be a case where there is a presshell without a docshell.

Right?

    
    

    
  
*** Bug 176472 has been marked as a duplicate of this bug. ***

    
    

    
  
Both user comments say this is something related to "find again". I think this
is the same as bug 177039, but I cannot get a test case where it will crash for
me, or hit the assertion added by timeless.

I think this must have been fixed by one of the changes to the
nsTypeAheadFind::FindNext impl along the way.

    
    

    
  
I raised bug 176472 with a test case that caused this crash.  Have you tried
that as your test case?

I also did a retest with a nightly build showing it was fixed, at least for my
test case, details in the bug comments.

    
    

    
  
I'll reiterate Ian's comment: I got this crash by:

- visit page
- do typeaheadfind search
- visit other page
- type F3

I *think* it only crashed if the second page didn't contain the string we
searched for initially, but I can't say that's true. It's fixed by this band-aid
for now, anyway.

    
    

    
  
I'm not sure it's the band-aid that fixed it. I can't even get it to assert
there (in a debug build). It might have been changes to our "find next" handling
code that fixed this.

    
    

    
  
Aha, I have it asserting now.

1. Go to www.generalcoffee.com
2. type "soft" <Enter>
3. type F3

Asserts or crashes depending on whteher you have the "band-aid" fix for this bug.

    
    

    
  
*** Bug 177039 has been marked as a duplicate of this bug. ***

    
  
Blocks: 171260

    
    

    
  
Comment on attachment 104458 [details] [diff] [review]
Compare findnext's top content presshell with typeaheadfind's top content presshell. If different, taf shouldn't handle the findnext command.

>Index: src/nsTypeAheadFind.cpp

>@@ -1508,16 +1508,32 @@

>+  nsCOMPtr<nsIPresShell> typeAheadPresShell(do_QueryReferent(mFocusedWeakShell));

Could you comment that here, the typeAheadPresShell is not really the
typeAheadPresShell (we get the real shell later on and re-assign into this
var)...


>+  NS_ENSURE_TRUE(treeItem, NS_OK);;

Double semi-colon.

r=caillon

        Attachment #104458 -
        Flags: review+

    
    

    
  
Okay, comment added and ;; changed to ;

Seeking sr=
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → mozilla1.2final

    
    

    
  
Comment on attachment 104458 [details] [diff] [review]
Compare findnext's top content presshell with typeaheadfind's top content presshell. If different, taf shouldn't handle the findnext command.

sr=brendan@mozilla.org

/be

        Attachment #104458 -
        Flags: superreview+

    
    

    
  
Comment on attachment 104458 [details] [diff] [review]
Compare findnext's top content presshell with typeaheadfind's top content presshell. If different, taf shouldn't handle the findnext command.

a=asa for checkin to 1.2 (on behalf of drivers)

        Attachment #104458 -
        Flags: approval+

    
    

    
  
checked in
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED

    
    

    
  
-- Verified in latest trunk build.(20021111). Works fine. Marking verified.
Status: RESOLVED → VERIFIED

    
    

    
  
reopening for M120B


Rank    StackSignature    Count  

12   nsTypeAheadFind::FindItNow   47
		 175321 	 VERI 	 FIXE 	 aaronl@netscape.com 	 mozilla1.2final 	 2002-11-11 

 
 	Source File :
c:/builds/seamonkey/mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp
line : 1023
 
====================================================================================================
     Count   Offset    Real Signature
[ 13   nsTypeAheadFind::FindItNow 124e8ff7 - nsTypeAheadFind::FindItNow ]
[ 1   nsTypeAheadFind::FindItNow 64cfe909 - nsTypeAheadFind::FindItNow ]
 
     Crash date range: 2002-11-14 to 2002-11-23
     Count   Platform List 
     13   Windows NT 5.0 build 2195
     1   Windows 98 4.10 build 67766446
 
     Count   Build Id List 
     14   2002101612
 
     No of Unique Users        13
 
 Stack trace(Frame) 

	 nsTypeAheadFind::FindItNow
[c:/builds/seamonkey/mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp 
line 1023] 
	 nsTypeAheadFind::FindNext
[c:/builds/seamonkey/mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp 
line 1566] 
	 nsTypeAheadFind::Observe
[c:/builds/seamonkey/mozilla/extensions/typeaheadfind/src/nsTypeAheadFind.cpp 
line 402] 
	 nsObserverService::NotifyObservers
[c:/builds/seamonkey/mozilla/xpcom/ds/nsObserverService.cpp  line 213] 
	 nsWebBrowserFind::FindNext
[c:/builds/seamonkey/mozilla/embedding/components/find/src/nsWebBrowserFind.cpp
 line 120] 
	 XPTC_InvokeByIndex
[c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp 
line 106] 
	 XPCWrappedNative::CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp  line 1996] 
	 XPC_WN_CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp 
line 1267] 
	 js_Invoke	[c:/builds/seamonkey/mozilla/js/src/jsinterp.c  line 841] 
	 js_Interpret	[c:/builds/seamonkey/mozilla/js/src/jsinterp.c  line 2804] 
	 js_Invoke	[c:/builds/seamonkey/mozilla/js/src/jsinterp.c  line 857] 
	 js_InternalInvoke	[c:/builds/seamonkey/mozilla/js/src/jsinterp.c  line 932] 
	 JS_CallFunctionValue	[c:/builds/seamonkey/mozilla/js/src/jsapi.c  line 3433] 
	 nsJSContext::CallEventHandler
[c:/builds/seamonkey/mozilla/dom/src/base/nsJSEnvironment.cpp  line 1044] 
	 nsJSEventListener::HandleEvent
[c:/builds/seamonkey/mozilla/dom/src/events/nsJSEventListener.cpp  line 184] 
	 nsXBLPrototypeHandler::ExecuteHandler
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp  line 457] 
	 nsXBLWindowHandler::WalkHandlersInternal
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLWindowHandler.cpp  line 312] 
	 nsXBLWindowKeyHandler::WalkHandlers
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLWindowKeyHandler.cpp  line 183] 
	 nsXBLWindowKeyHandler::KeyPress
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLWindowKeyHandler.cpp  line 199] 
	 nsEventListenerManager::HandleEvent
[c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp  line
1627] 
	 nsXULDocument::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/document/src/nsXULDocument.cpp  line 2602] 
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3497] 
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489] 
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489] 
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489] 
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489] 
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489] 
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489] 
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3489] 
	 nsXULElement::HandleChromeEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 4688] 
	 GlobalWindowImpl::HandleDOMEvent
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp  line 792] 
	 nsDocument::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsDocument.cpp  line 3539] 
	 nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp  line 2055] 
	 PresShell::HandleEventInternal
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp  line 6220] 
	 PresShell::HandleEvent
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp  line 6143] 
	 nsViewManager::HandleEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp  line 2148] 
	 nsView::HandleEvent	[c:/builds/seamonkey/mozilla/view/src/nsView.cpp  line 304] 
	 nsViewManager::DispatchEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp  line 1934] 
	 HandleEvent	[c:/builds/seamonkey/mozilla/view/src/nsView.cpp  line 83] 
	 nsWindow::DispatchEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 1065] 
	 nsWindow::DispatchWindowEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 1082] 
	 nsWindow::DispatchKeyEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 2925] 
	 nsWindow::OnKeyDown
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 3014] 
	 nsWindow::ProcessMessage
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 3913] 
	 0x18a16457   
 
     (14262654)	URL: n.a.
     (14262654)	Comments: I pressed F3 after I did a search with /
     (14244392)	URL: www.nessus.org/plugins/dump.php3
     (14244392)	Comments: Using fast find to find text "black".
     (14154783)	Comments: pressing F3 while page was still being downloaded  
     (14154765)	Comments: pressing F3 while page was still being downloaded  
     (13989693)	URL: http://blogdex.media.mit.edu/ (i think)
     (13989693)	Comments: pressed F3.

Status: VERIFIED → REOPENED
OS: All → Windows NT
Resolution: FIXED → ---
Summary: Crashes with Type Ahead Find [@ nsTypeAheadFind::FindItNow] → Crashes with Type Ahead Find;  topcrash on M120B [@ nsTypeAheadFind::FindItNow]

    
    

    
  
adding jpatel to cc list

    
    

    
  
The target milestone for this bug is 1.2final, and 1.2beta was released off the
trunk.  Why was this reopened?

    
    

    
  
Oops, my bad.  Sorry.  I misread the shipbuild date. 
Status: REOPENED → RESOLVED
Closed: 22 years ago22 years ago
Resolution: --- → FIXED

    
    

    
  
*** Bug 182736 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 185777 has been marked as a duplicate of this bug. ***

    
  
Component: Keyboard: Navigation → Keyboard: Find as you Type
Product: Core → SeaMonkey
Crash Signature: [@ nsTypeAheadFind::FindItNow]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: