Closed Bug 183234 Opened 22 years ago Closed 22 years ago

crash on click the F7 key for toggling caret mode - Trunk M130A [@ nsDOMWindowController::GetPresShell] [@ nsQueryInterface::operator]

Categories

(Core :: DOM: Core & HTML, defect, P1)

x86
All
defect

Tracking

()

RESOLVED FIXED
mozilla1.3beta

People

(Reporter: j.queinnec, Assigned: jst)

References

Details

(4 keywords, Whiteboard: [HAVE FIX])

Crash Data

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021202
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021202

If you type on the F7 key (whish make the cursor visible on the html page),
Mozilla crash.

Reproducible: Always

Steps to Reproduce:
1. open a browser windows
2. click F7


Actual Results:  
Crash

Expected Results:  
Not crash
can you use a talkback build (if you're not already), and post a talkback ID for
this crash? thanks
Keywords: crash, stackwanted
F7 crashing was mentioned in bug 128025 comment 36 on Dec. 1st. (NT)
"It is crashing while turning it off"

(Unable to reproduce on a current CVS build, Linux.)
I've seen this crash (TB14604368H) on 20021130 on WinXP.

I can't reliably reproduce it though.

Confirming.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: TB14604368H
> Comment #1 
I used a talkback build but I don't know how post talkback ID.

I try to reproduce the bug this morning and I can't reprocude it every time.

I don't see the difference beetween the different time when it crash and don't
crash.

I used some extension on my build : 
- mozgesture
- calendar
- pinball themme

1) remove pinball theme
2) In components, there is a talkback.exe ; run it, and copying talkback ID in a
comment.

That's all :-)
Thanks Frederic
Talkback ID : TB14695732Z

The problem could come from the used of the pinball theme.
I am not using any additional themes or extensions, and I was able to crash
Phoenix the same way, again, not reliably.
*Incident ID:  *  Incident ID 14604368
Stack Signature 0x01e63819 07cf5f70
Email Address cplyon@hotmail.com
Product ID MozillaTrunk
Build ID 2002113004
Trigger Time 2002-12-01 19:24:00
Platform Win32
Operating System Windows NT 5.1 build 2600
Module
URL visited http://www.ratemybody.com
User Comments coming out of caret browsing mode
Trigger Reason Access violation
Source File Name
Trigger Line No.
Stack Trace

0x01e63819
nsDOMWindowController::GetPresShell
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp, line 6113]
nsDOMWindowController::GetEventStateManager
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp, line 6054]
nsDOMWindowController::Observe
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp, line 6082]
NotifyObserver
[c:/builds/seamonkey/mozilla/modules/libpref/src/nsPrefBranch.cpp, line 789]
pref_DoCallback [c:/builds/seamonkey/mozilla/modules/libpref/src/prefapi.cpp,
line 1188]
pref_HashPref [c:/builds/seamonkey/mozilla/modules/libpref/src/prefapi.cpp, line
1074]
PREF_SetBoolPref [c:/builds/seamonkey/mozilla/modules/libpref/src/prefapi.cpp,
line 570]
nsPrefBranch::SetBoolPref
[c:/builds/seamonkey/mozilla/modules/libpref/src/nsPrefBranch.cpp, line 202]
XPTC_InvokeByIndex
[c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp,
line 106]
XPCWrappedNative::CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2018]
XPC_WN_CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp,
line 1295]
js_Invoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 841]
js_Interpret [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 2804]
js_Invoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 857]
js_InternalInvoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 932]
JS_CallFunctionValue [c:/builds/seamonkey/mozilla/js/src/jsapi.c, line 3433]
nsJSContext::CallEventHandler
[c:/builds/seamonkey/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1044]
nsJSEventListener::HandleEvent
[c:/builds/seamonkey/mozilla/dom/src/events/nsJSEventListener.cpp, line 184]
nsXBLPrototypeHandler::ExecuteHandler
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp, line 458]
DoKey [c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLKeyHandler.cpp, line 107]
nsXBLKeyHandler::KeyPress
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLKeyHandler.cpp, line 123]
nsEventListenerManager::HandleEvent
[c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp, line
1665]
nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp, line 3377]
nsXULElement::HandleChromeEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp, line 4596]
GlobalWindowImpl::HandleDOMEvent
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp, line 797]
nsDocument::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsDocument.cpp, line 3504]
nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp, line 2054]
PresShell::HandleEventInternal
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp, line 6109]
PresShell::HandleEvent
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp, line 6032]
nsViewManager::HandleEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp, line 2163]
nsView::HandleEvent [c:/builds/seamonkey/mozilla/view/src/nsView.cpp, line 304]
nsViewManager::DispatchEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp, line 1949]
HandleEvent [c:/builds/seamonkey/mozilla/view/src/nsView.cpp, line 83]
nsWindow::DispatchEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 1073]
nsWindow::DispatchWindowEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 1090]
nsWindow::DispatchKeyEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 2949]
nsWindow::OnKeyDown
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 3038]
nsWindow::ProcessMessage
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 3944]
nsWindow::WindowProc
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp, line 1339]
USER32.dll + 0x3a68 (0x77d43a68)
USER32.dll + 0x3b37 (0x77d43b37)
USER32.dll + 0x3d91 (0x77d43d91)
USER32.dll + 0x3df7 (0x77d43df7)
nsAppShellService::Run
[c:/builds/seamonkey/mozilla/xpfe/appshell/src/nsAppShellService.cpp, line 472]
main1 [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1557]
main [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1905]
WinMain [c:/builds/seamonkey/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1925]
WinMainCRTStartup()
kernel32.dll + 0x214c7 (0x77e814c7)
Assignee: aaronl → jst
Component: Keyboard Navigation → DOM Core
Keywords: stackwanted
QA Contact: sairuh → stummala
Whiteboard: TB14604368H
Component: DOM Core → DOM Level 0
Summary: crash on click the F7 key → crash on click the F7 key [@ nsDOMWindowController::GetPresShell]
Crashes using Win XP trunk build 2002120508, talkback incident 14841627
oops, adding myself tpreston@netscape.com
i wasn't able to repro (yet) this on win2k, but it has occurred for me on linux rh8.
Keywords: nsbeta1
OS: Windows 2000 → All
*** Bug 184630 has been marked as a duplicate of this bug. ***
Another way of reproducing this (only sometimes though)
1. Go to http://www.playsophy.com/Wrap/wrapblurb.html
2. Click on "EDIT" and then click on the text you wanna change
3. No cursor, so click anywhere on the document and then F7
4. Choose "yes" and see Mozilla crash

Using 2002120808, Windows 2000
Summary: crash on click the F7 key [@ nsDOMWindowController::GetPresShell] → crash on click the F7 key for toggling caret mode [@ nsDOMWindowController::GetPresShell]
I can't repro comment 13 -- pressing F7 is ignored when I click in the editable
area of that page.
I can't repro on win2k -- Johnny have you tried it on your Linux machine?

I'm stumped by the crash stack - I have no idea how it could crash in
nsDOMWindowController::GetPresShell()
Adding topcrash+ and testcase keywords since we have steps to reproduce and this
is a topcrasher for Mozilla 1.3 Alpha.  This crash is also showing up under the
nsQueryInterface::operator stack signature for M130A:

Count   Offset    Real Signature
[ 9   nsQueryInterface::operator() 8b2d5792 - nsQueryInterface::operator() ]
[ 2   nsQueryInterface::operator() c4590ba1 - nsQueryInterface::operator() ]
[ 1   nsQueryInterface::operator() fdac316c - nsQueryInterface::operator() ]
 
     Crash date range: 2002-12-14 to 2002-12-17
     Min/Max Seconds since last crash: 198 - 156686
     Min/Max Runtime: 4045 - 156686
     Keyword List : crash(4),  
     Count   Platform List 
     9   Windows NT 5.0 build 2195
     2   Windows NT 4.0 build 1381
     1   Windows 98 4.10 build 67766446
 
     Count   Build Id List 
     12   2002121215
 
     No of Unique Users        10
 
 Stack trace(Frame) 

	 nsQueryInterface::operator()
[c:/builds/seamonkey/mozilla/xpcom/glue/nsCOMPtr.cpp  line 52] 
	 nsCOMPtr_base::assign_from_helper
[c:/builds/seamonkey/mozilla/xpcom/glue/nsCOMPtr.cpp  line 81] 
	 nsDOMWindowController::GetPresShell
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp  line 6144] 
	 nsDOMWindowController::GetEventStateManager
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp  line 6085] 
	 nsDOMWindowController::Observe
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp  line 6113] 
	 NotifyObserver
[c:/builds/seamonkey/mozilla/modules/libpref/src/nsPrefBranch.cpp  line 791] 
	 pref_DoCallback	[c:/builds/seamonkey/mozilla/modules/libpref/src/prefapi.cpp 
line 1188] 
	 pref_HashPref	[c:/builds/seamonkey/mozilla/modules/libpref/src/prefapi.cpp 
line 1074] 
	 PREF_SetBoolPref	[c:/builds/seamonkey/mozilla/modules/libpref/src/prefapi.cpp
 line 570] 
	 nsPrefBranch::SetBoolPref
[c:/builds/seamonkey/mozilla/modules/libpref/src/nsPrefBranch.cpp  line 202] 
	 XPTC_InvokeByIndex
[c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp 
line 106] 
	 XPCWrappedNative::CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp  line 2018] 
	 XPC_WN_CallMethod
[c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp 
line 1293] 
	 js_Invoke	[c:/builds/seamonkey/mozilla/js/src/jsinterp.c  line 841] 
	 js_Interpret	[c:/builds/seamonkey/mozilla/js/src/jsinterp.c  line 2804] 
	 js_Invoke	[c:/builds/seamonkey/mozilla/js/src/jsinterp.c  line 857] 
	 js_InternalInvoke	[c:/builds/seamonkey/mozilla/js/src/jsinterp.c  line 932] 
	 JS_CallFunctionValue	[c:/builds/seamonkey/mozilla/js/src/jsapi.c  line 3433] 
	 nsJSContext::CallEventHandler
[c:/builds/seamonkey/mozilla/dom/src/base/nsJSEnvironment.cpp  line 1044] 
	 nsJSEventListener::HandleEvent
[c:/builds/seamonkey/mozilla/dom/src/events/nsJSEventListener.cpp  line 184] 
	 nsXBLPrototypeHandler::ExecuteHandler
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp  line 458] 
	 DoKey	[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLKeyHandler.cpp  line 107] 
	 nsXBLKeyHandler::KeyPress
[c:/builds/seamonkey/mozilla/content/xbl/src/nsXBLKeyHandler.cpp  line 123] 
	 nsEventListenerManager::HandleEvent
[c:/builds/seamonkey/mozilla/content/events/src/nsEventListenerManager.cpp  line
1665] 
	 nsXULElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 3377] 
	 nsXULElement::HandleChromeEvent
[c:/builds/seamonkey/mozilla/content/xul/content/src/nsXULElement.cpp  line 4596] 
	 GlobalWindowImpl::HandleDOMEvent
[c:/builds/seamonkey/mozilla/dom/src/base/nsGlobalWindow.cpp  line 798] 
	 nsDocument::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsDocument.cpp  line 3535] 
	 nsGenericElement::HandleDOMEvent
[c:/builds/seamonkey/mozilla/content/base/src/nsGenericElement.cpp  line 1976] 
	 PresShell::HandleEventInternal
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp  line 6129] 
	 PresShell::HandleEvent
[c:/builds/seamonkey/mozilla/layout/html/base/src/nsPresShell.cpp  line 6052] 
	 nsViewManager::HandleEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp  line 2163] 
	 nsView::HandleEvent	[c:/builds/seamonkey/mozilla/view/src/nsView.cpp  line 304] 
	 nsViewManager::DispatchEvent
[c:/builds/seamonkey/mozilla/view/src/nsViewManager.cpp  line 1949] 
	 HandleEvent	[c:/builds/seamonkey/mozilla/view/src/nsView.cpp  line 83] 
	 nsWindow::DispatchEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 1120] 
	 nsWindow::DispatchWindowEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 1137] 
	 nsWindow::DispatchKeyEvent
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 3018] 
	 nsWindow::OnKeyDown
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 3107] 
	 nsWindow::ProcessMessage
[c:/builds/seamonkey/mozilla/widget/src/windows/nsWindow.cpp  line 4013] 
	 0x18a16457   
 
     (15216917)	Comments: was browsing in full screen.  turned on full screen
using f11. turned on caret browsing using f7. hit enter for yes. crashed.  
     (15184638)	Comments: Pressing F7 crashed Mozilla.
     (15153965)	Comments: Switching on the carret browsing let crashing the browser.
     (15135827)	URL: http://www.rense.com
     (15135827)	Comments: Tried F7 to mark some text with keyboard
     (15124873)	URL:
http://listings.ebaymotors.com/pool1/plistings/lowest/all/category6212/index.html
     (15124873)	Comments: was on this page  hit F7 to turn on caret browsing  crash.
 
Keywords: testcase, topcrash+
Summary: crash on click the F7 key for toggling caret mode [@ nsDOMWindowController::GetPresShell] → crash on click the F7 key for toggling caret mode - Trunk M130A [@ nsDOMWindowController::GetPresShell] [@ nsQueryInterface::operator]
I was able to reproduce this on my Windows XP machine with MozillaTrunk build
2002121608:

Incident ID 15256099
Stack Signature nsQueryInterface::operator() 40aaf858
Email Address jpatel@netscape.com
Product ID MozillaTrunk
Build ID 2002121608
Trigger Time 2002-12-18 15:02:06
Platform Win32
Operating System Windows NT 5.1 build 2600
Module xpcom.dll
URL visited any page
User Comments turning on caret browsing with F7 key.
Trigger Reason Access violation
Source File Name c:/builds/seamonkey/mozilla/xpcom/glue/nsCOMPtr.cpp
Trigger Line No. 52
Stack Trace
***My stack is the same as the one in the previous comment.***

All I did to crash was:
1. go to full screen mode with F11
2. enable caret mode with F7
3. confirmation dialog popped 
4. as soon as I pressed Enter I crashed.
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [HAVE FIX]
Target Milestone: --- → mozilla1.3beta
Attachment #109724 - Flags: superreview?(bzbarsky)
Attachment #109724 - Flags: review?(aaronl)
Attachment #109724 - Flags: superreview?(bzbarsky) → superreview?(peterv)
Attachment #109724 - Flags: superreview?(peterv) → superreview+
Comment on attachment 109724 [details] [diff] [review]
Fix. Clear nsDOMWindowController::mWindow when mWindow is destroyed.

>Index: dom/src/base/nsGlobalWindow.h
>===================================================================

>-  static int PR_CALLBACK BrowseWithCaretPrefCallback(const char* aPrefName, void* instance_data);
>+  static int PR_CALLBACK BrowseWithCaretPrefCallback(const char* aPrefName,
>+                                                     void* instance_data);


Johnny, could you remove that declaration altogether?  I'm lame and removed the
method, but not the declaration.
Comment on attachment 109724 [details] [diff] [review]
Fix. Clear nsDOMWindowController::mWindow when mWindow is destroyed.

r=aaronl

Only 1 question/nit -- why call the variable dom_controller? Wouldn't
domController be more consistent with Mozilla coding/naming style?
Attachment #109724 - Flags: review?(aaronl) → review+
Either way works for me, the DOMCI code uses foo_bar quite a lot, so there's
precedence both ways.

Aaron checked this in for me, marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
*** Bug 188182 has been marked as a duplicate of this bug. ***
*** Bug 192344 has been marked as a duplicate of this bug. ***
Crash Signature: [@ nsDOMWindowController::GetPresShell] [@ nsQueryInterface::operator]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: