Closed Bug 18408 Opened 20 years ago Closed 20 years ago

Browser crashes when bookmarks of any sort are selected


(SeaMonkey :: General, defect, P3, blocker)



(Not tracked)



(Reporter: msw, Assigned: waterson)




(1 file)

Program received signal SIGSEGV, Segmentation fault.
0x200019ad71c in LocationImpl::CheckURL (this=0x12085ccd0, aURL=0x1209d8120)
    at ../../../../dom/src/base/nsLocation.cpp:145
145	  if (NS_FAILED(scriptCX->GetSecurityManager(getter_AddRefs(secMan))))
(gdb) p scriptCX
$1 = (nsIScriptContext *) 0x0
(gdb) p cx->data
$2 = (void *) 0x0
#0  0x200019ad71c in LocationImpl::CheckURL (this=0x12085ccd0, aURL=0x1209d8120)
    at ../../../../dom/src/base/nsLocation.cpp:145
#1  0x200019aeaa8 in LocationImpl::SetHrefWithBase (this=0x12085ccd0,
    aHref=@0x11fffdc50, aBase=0x1209daef0, aReplace=1)
    at ../../../../dom/src/base/nsLocation.cpp:394
#2  0x200019b06b0 in LocationImpl::SetProperty (this=0x12085ccd0,
    aContext=0x1204fee50, aID=4837241108, aVp=0x11fffe108)
    at ../../../../dom/src/base/nsLocation.cpp:783
#3  0x200019b420c in nsJSUtils::nsCallJSScriptObjectSetProperty (
    aSupports=0x12085ccd8, aContext=0x1204fee50, aId=4837241108,
    aReturn=0x11fffe108) at ../../../../dom/src/base/nsJSUtils.cpp:231
#4  0x20001992c58 in SetLocationProperty (cx=0x1204fee50, obj=0x120932150,
    id=4837241108, vp=0x11fffe108)
    at ../../../../dom/src/base/nsJSLocation.cpp:344
#5  0x200002eb5ec in js_SetProperty (cx=0x1204fee50, obj=0x120932150,
    id=4837355568, vp=0x11fffe108) at ../../../js/src/jsobj.c:2056
#6  0x200002d42dc in js_Interpret (cx=0x1204fee50, result=0x11fffe3f8)
    at ../../../js/src/jsinterp.c:2214
#7  0x200002c9db8 in js_Invoke (cx=0x1204fee50, argc=1, flags=2)
    at ../../../js/src/jsinterp.c:688
#8  0x200002ca1f8 in js_InternalCall (cx=0x1204fee50, obj=0x1206b3930,
    fval=4838865216, argc=1, argv=0x11fffe6d0, rval=0x11fffe688)
    at ../../../js/src/jsinterp.c:765
#9  0x20000296c9c in JS_CallFunction (cx=0x1204fee50, obj=0x1206b3930,
    fun=0x12078c650, argc=1, argv=0x11fffe6d0, rval=0x11fffe688)
    at ../../../js/src/jsapi.c:2706
#10 0x2000197bd4c in nsJSContext::CallFunction (this=0x1204fee00,
    aObj=0x1206b3930, aFunction=0x12078c650, argc=1, argv=0x11fffe6d0,
    aBoolResult=0x11fffe798) at ../../../../dom/src/base/nsJSEnvironment.cpp:332
#11 0x200019ebea4 in nsJSEventListener::HandleEvent (this=0x12078d040,
    aEvent=0x1209d7ec8) at ../../../../dom/src/events/nsJSEventListener.cpp:107
#12 0x20004988680 in nsEventListenerManager::HandleEvent (this=0x12078c570,
    aPresContext=@0x1204fead0, aEvent=0x11fffea60, aDOMEvent=0x11fffe920,
    aFlags=7, aEventStatus=@0x11fffea58)
    at ../../../../layout/events/src/nsEventListenerManager.cpp:1194
#13 0x20002f2cccc in nsXULElement::HandleDOMEvent (this=0x12078c4d0,
    aPresContext=@0x1204fead0, aEvent=0x11fffea60, aDOMEvent=0x11fffe920,
    aFlags=1, aEventStatus=@0x11fffea58)
    at ../../../../rdf/content/src/nsXULElement.cpp:2578
#14 0x20004df38dc in nsMenuFrame::Execute (this=0x12099d5a0)
    at ../../../../../layout/xul/base/src/nsMenuFrame.cpp:1174
#15 0x20004dededc in nsMenuFrame::HandleEvent (this=0x12099d5a0,
    aPresContext=@0x1204fead0, aEvent=0x11ffff008, aEventStatus=@0x11fffeeb8)
    at ../../../../../layout/xul/base/src/nsMenuFrame.cpp:281
#16 0x20004a20634 in PresShell::HandleEvent (this=0x120540d90,
    aView=0x1209994e0, aEvent=0x11ffff008, aEventStatus=@0x11fffeeb8)
    at ../../../../../layout/html/base/src/nsPresShell.cpp:2420
Component: Java APIs to WebShell → Browser-General
Changing component - misread 'Java to WebShell' as 'JavaScript to WebShell'
Assignee: edburns → leger
QA Contact: leila.garin → leger
Severity: critical → blocker
Summary: Browser crashes when Debug -> Viewer Demos -> (any viewer demo) is selected → Browser crashes when bookmarks of any sort are selected
Clicking bookmarks of any kind, including Debug->Viewer Demos->(anything) cause
a crash in the exact same way.
I'm seeing the same problem on x86 Linux when I go to Debug->Demo Viewers->*
Looks like the same trace.  FWIW, I'm not having a problem with my up-to-date
tree that was built before the tree psuedo-opened.
this also completely breaks mail/news.
Assignee: leger → waterson
i will start to look at this. norris, if you could help, i'd be much obliged.
add jband, too...
I believe that nsDeque is being misused in xpcthreadcontext.cpp. Specifically,
I believe that the Peek() method is looking at the bottom-most context, rather
than the topmost.

This bug was probably introduced by an additional context being put on the
stack when shaver fixed component loader stuff.
Attached patch proposed fixSplinter Review
Closed: 20 years ago
Resolution: --- → FIXED
fix checked, r=jband
*** Bug 18464 has been marked as a duplicate of this bug. ***
*** Bug 18493 has been marked as a duplicate of this bug. ***
*** Bug 18475 has been marked as a duplicate of this bug. ***
*** Bug 18469 has been marked as a duplicate of this bug. ***
*** Bug 18451 has been marked as a duplicate of this bug. ***
QA Contact: leger → claudius
Target Milestone: M11
claudius, please verify with todays M11 branch build...thanks!
I can't reproduce this on the 1999111017-m11 build but I couldn't
reproduce it an any older build either. I'm running Linux RH6 with Gnome.
I'm marking verified b/c it don't crash no mo, but it'd be nice if the
reporter double-checked me.
Verified fixed.  Thanks.
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.