184605 - Crash in nsRegionQT::SetTo => QRegion::QRegion => XCreateRegion => malloc

Status: RESOLVED INCOMPLETE

(Core Graveyard :: Ports: Qt, defect)

Description

[timeless]

###!!! ASSERTION: Received an EndFrameDecode call with an invalid frame number:
'currentFrame', file
/mnt/hda3/temp/mozilla/modules/libpr0n/decoders/gif/imgContainerGIF.cpp, line 227
Break: at file
/mnt/hda3/temp/mozilla/modules/libpr0n/decoders/gif/imgContainerGIF.cpp, line 227
      GetDeviceSurfaceDimensions      GetDeviceSurfaceDimensions     
GetDeviceSurfaceDimensions      GetDeviceSurfaceDimensions     
GetDeviceSurfaceDimensions      GetDeviceSurfaceDimensions     
GetDeviceSurfaceDimensions
      GetDeviceSurfaceDimensionsShow. bState=true, mWidget=0x83017e8
ESBEN: Show called
Show. bState=true, mWidget=0x8112790
ESBEN: Show called
Show. bState=true, mWidget=0x83017e8
ESBEN: Show called
Show. bState=true, mWidget=0x8112790
ESBEN: Show called
      GetDeviceSurfaceDimensions      GetDeviceSurfaceDimensions     
GetDeviceSurfaceDimensions      GetDeviceSurfaceDimensions     
GetDeviceSurfaceDimensions      GetDeviceSurfaceDimensions     
GetDeviceSurfaceDimensions      GetDeviceSurfaceDimensions     
GetDeviceSurfaceDimensions      GetDeviceSurfaceDimensions     
GetDeviceSurfaceDimensions      GetDeviceSurfaceDimensions     
GetDeviceSurfaceDimensions      GetDeviceSurfaceDimensions
      GetDeviceSurfaceDimensions      GetDeviceSurfaceDimensions     
GetDeviceSurfaceDimensions      GetDeviceSurfaceDimensions
Program received signal SIGSEGV, Segmentation fault.
0x4044db4c in malloc () from /lib/libc.so.6
(gdb) where
#0  0x4044db4c in malloc () from /lib/libc.so.6
#1  0x4044d9a4 in malloc () from /lib/libc.so.6
#2  0x41906a5e in XCreateRegion () from /usr/X11R6/lib/libX11.so.6
#3  0x41449d5a in QRegion::QRegion () from /usr/lib/qt/lib/libqt-mt.so.3
#4  0x414e677f in QRegion::QRegion () from /usr/lib/qt/lib/libqt-mt.so.3
#5  0x41e3f39e in nsRegionQT::SetTo (this=0x8492e80, aX=0, aY=0, aWidth=634,
aHeight=455)
    at /mnt/hda3/temp/mozilla/gfx/src/qt/nsRegionQT.cpp:97
#6  0x41e40b68 in nsRenderingContextQT::CreateClipRegion (this=0x8681748)
    at /mnt/hda3/temp/mozilla/gfx/src/qt/nsRenderingContextQT.cpp:394
#7  0x41e40fd4 in nsRenderingContextQT::SetClipRegion (this=0x8681748,
aRegion=@0x8689b38,
    aCombine=nsClipCombine_kReplace, aClipEmpty=@0xbfffea74)
    at /mnt/hda3/temp/mozilla/gfx/src/qt/nsRenderingContextQT.cpp:466
#8  0x428b76a3 in nsViewManager::Refresh (this=0x8464460, aView=0x85e31b0,
aContext=0x8681748,
    aRegion=0x8689b38, aUpdateFlags=1) at
/mnt/hda3/temp/mozilla/view/src/nsViewManager.cpp:755
#9  0x428bac46 in nsViewManager::DispatchEvent (this=0x8464460,
aEvent=0xbfffecc0, aStatus=0xbfffebd8)
    at /mnt/hda3/temp/mozilla/view/src/nsViewManager.cpp:1784
#10 0x428aaed7 in HandleEvent (aEvent=0xbfffecc0) at
/mnt/hda3/temp/mozilla/view/src/nsView.cpp:80
#11 0x4128cb4b in nsWidget::DispatchEvent (this=0x84b5998, event=0xbfffecc0,
aStatus=@0xbfffec38)
    at /mnt/hda3/temp/mozilla/widget/src/qt/nsWidget.cpp:761
#12 0x4128ca47 in nsWidget::DispatchWindowEvent (this=0x84b5998, event=0xbfffecc0)
    at /mnt/hda3/temp/mozilla/widget/src/qt/nsWidget.cpp:730
#13 0x412900a1 in nsWindow::OnPaint (this=0x84b5998, event=@0xbfffecc0)
    at /mnt/hda3/temp/mozilla/widget/src/qt/nsWindow.cpp:317
#14 0x412892e1 in nsQBaseWidget::PaintEvent (this=0x8462e90, aEvent=0xbfffef74)
    at /mnt/hda3/temp/mozilla/widget/src/qt/nsQWidget.cpp:879
#15 0x412889d4 in nsQBaseWidget::eventFilter (this=0x8462e90, aObj=0x85e3238,
aEvent=0xbfffef74)
    at /mnt/hda3/temp/mozilla/widget/src/qt/nsQWidget.cpp:621
#16 0x414d00c8 in QObject::activate_filters () from /usr/lib/qt/lib/libqt-mt.so.3
#17 0x414cffa4 in QObject::event () from /usr/lib/qt/lib/libqt-mt.so.3
#18 0x414fff54 in QWidget::event () from /usr/lib/qt/lib/libqt-mt.so.3
#19 0x41472e76 in QApplication::internalNotify () from /usr/lib/qt/lib/libqt-mt.so.3
#20 0x41472d14 in QApplication::notify () from /usr/lib/qt/lib/libqt-mt.so.3
#21 0x4144dbd0 in QWidget::repaint () from /usr/lib/qt/lib/libqt-mt.so.3
#22 0x4147371d in QApplication::sendPostedEvents () from
/usr/lib/qt/lib/libqt-mt.so.3
#23 0x414735ea in QApplication::sendPostedEvents () from
/usr/lib/qt/lib/libqt-mt.so.3
#24 0x4141ace6 in QApplication::processNextEvent () from
/usr/lib/qt/lib/libqt-mt.so.3
#25 0x41474305 in QApplication::enter_loop () from /usr/lib/qt/lib/libqt-mt.so.3
#26 0x4141ac26 in QApplication::exec () from /usr/lib/qt/lib/libqt-mt.so.3
#27 0x41282fd9 in nsAppShell::Run (this=0x8133ec0) at
/mnt/hda3/temp/mozilla/widget/src/qt/nsAppShell.cpp:218
#28 0x41230d7a in nsAppShellService::Run (this=0x80d2210)
    at /mnt/hda3/temp/mozilla/xpfe/appshell/src/nsAppShellService.cpp:471
#29 0x08058e72 in main1 (argc=5, argv=0xbffff494, nativeApp=0x0)
    at /mnt/hda3/temp/mozilla/xpfe/bootstrap/nsAppRunner.cpp:1538
#30 0x08059bdd in main (argc=5, argv=0xbffff494) at
/mnt/hda3/temp/mozilla/xpfe/bootstrap/nsAppRunner.cpp:1899
#31 0x403f717d in __libc_start_main () from /lib/libc.so.6
(gdb) up
#1  0x4044d9a4 in malloc () from /lib/libc.so.6
(gdb)
#2  0x41906a5e in XCreateRegion () from /usr/X11R6/lib/libX11.so.6
(gdb)
#3  0x41449d5a in QRegion::QRegion () from /usr/lib/qt/lib/libqt-mt.so.3
(gdb) l
1784    #if defined(DEBUG) && defined(XP_WIN32)
1785      // Disable small heap allocator to get heapwalk() giving us
1786      // accurate heap numbers. Win2k non-debug does not use small heap
allocator.
1787      // Win2k debug seems to be still using it.
1788      //
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vclib/html/_crt__set_sbh_threshold
.asp
1789      _set_sbh_threshold(0);
1790    #endif
1791
1792    #if defined(XP_UNIX) || defined(XP_BEOS)
1793      InstallUnixSignalHandlers(argv[0]);
(gdb)
1794    #endif
1795
1796    #if defined(XP_OS2)
1797      __argc = argc;
1798      __argv = argv;
1799
1800      ULONG    ulMaxFH = 0;
1801      LONG     ulReqCount = 0;
1802      APIRET   rc = NO_ERROR;
1803
(gdb)
1804      DosSetRelMaxFH(&ulReqCount,
1805                     &ulMaxFH);
1806
1807      if (ulMaxFH < 256) {
1808        DosSetMaxFH(256);
1809      }
1810    #endif /* XP_OS2 */
1811
1812    #if defined(XP_BEOS)
1813      if (NS_OK != InitializeBeOSApp())
(gdb)
1814        return 1;
1815    #endif
1816
1817    #if defined(XP_MACOSX)
1818      InitializeMacOSXApp(argc, argv);
1819    #endif
1820
1821    #ifdef _BUILD_STATIC_BIN
1822      // Initialize XPCOM's module info table
1823      NSGetStaticModuleInfo = app_getModuleInfo;
(gdb) up
#4  0x414e677f in QRegion::QRegion () from /usr/lib/qt/lib/libqt-mt.so.3
(gdb) l
1824    #endif
1825
1826      // Handle -help and -version command line arguments.
1827      // They should% return quick, so we deal with them here.
1828      if (HandleDumpArguments(argc, argv))
1829        return 0;
1830
1831    #ifdef NS_TRACE_MALLOC
1832      argc = NS_TraceMallocStartupArgs(argc, argv);
1833    #endif
(gdb) up
#5  0x41e3f39e in nsRegionQT::SetTo (this=0x8492e80, aX=0, aY=0, aWidth=634,
aHeight=455)
    at /mnt/hda3/temp/mozilla/gfx/src/qt/nsRegionQT.cpp:97
97          QRegion nRegion(aX, aY, aWidth, aHeight);

cvs checkout from yesterday, patches for qt were committed today. also running
with the patched configure/configure.in so that the build picks up libqt-mt.so

Comment 1

[Roland Mainz]

timeless:
Do you have any example URL/testcase to reproduce this issue ?

Comment 2

[timeless]

nope. perhaps this is already fixed?

Comment 3

[Robert Kaiser]

This is filed against the old Qt port, which has been discontinued. Current Qt support is for mobile only, AFAIK. If this applies to current Qt-based builds as well, please file a new bug for new issues or reopen this one with current info, including a crash signature if it still happens and move it to a component outside of graveyard.