Closed Bug 193544 Opened 22 years ago Closed 20 years ago

Textbox crash - FF10PR1 [@ nsAutoCompleteController::HandleText] esp.JA-IME

Categories

(Firefox :: Address Bar, defect, P3)

Product:
Firefox
Component:
Address Bar
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox1.5

People

(Reporter: noririty, Assigned: masayuki)

References

Details

(4 keywords)

Crash Data

Attachments

(5 files, 2 obsolete files)

StackTrace
126.74 KB, text/plain
Details
full stacktrace without detail info (since this is --disable-debug build)
5.68 KB, text/plain
Details
stack trace
11.55 KB, text/plain
Details
patch to avoid crash.
477 bytes, patch
Details | Diff | Splinter Review
Patch for check-in
3.20 KB, patch
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030211 Phoenix/0.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030211 Phoenix/0.5

In the middle of input to search-bar or location-bar with IME (while
transformation), Phoenix crashes when clicking HTML doc or other fields.

Reproducible: Always

Steps to Reproduce:
1. Start Phoenix with a new profile.
2. Click search-bar (search box) to change focus.
3. Turn IME on.
4. Type some button: e.g. "aiueo" (then display _underlined_ or *highlighted*
Japanese)
* Underline or highlight means in the middle of transformation.
5. Click HTML doc.
Actual Results:  
Phoenix crashes.

Expected Results:  
IME transformation should be fixed (stopped), and then focus should be changed.

WFM with mozilla(M12~1.3b). So this crash is Phoenix-specific.

Crash reported IME:
- MS-IME2002
- Justsystem Atok 15 (latest patch applied)
- skkinput

Crash reported OS:
- WindowsXP Pro.
- WindowsXP HomeEdition
- Debian/sid
I sent crash report by Quality Feedback Agent.

Incident ID:
TB17236780X

Captured At:
2003/02/17 0:34
Reproduced with 20030217/Linux.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Reproduced with 20030221/WinXP.
Keywords: crash
There is a possibility that this is a duplicate of bug 184202.
Can someone attach stacktrace?

-> intl and qawanted
Keywords: intl, qawanted
Whiteboard: dupme?,need-stacktrace
The incident ID 17236780 has expired from the database; no stack available.
Attached file StackTrace 

    
    

    
  
John:
Thank you for reply.

I successfully get stack-trace using Phoenix0.2.
http://bugzilla.mozilla.org/attachment.cgi?id=119421&action=view
Can you take a look at this? Which component made it crash?
Keywords: qawantedhelpwanted
Whiteboard: dupme?,need-stacktrace → dupme?,check-stacktrace

    
    

    
  
There is no (or virtually no) stack information in that attachment. Can you 
just crash with a current phoenix build and submit the talkback info? Thanks.

    
    

    
  
Talkback has been disabled since Phoenix0.3
Can anyone attach significant stacktrace?
Keywords: helpwantedqawanted
Whiteboard: dupme?,check-stacktrace → dupme?,need-stacktrace

    
    

    
  


  
This is the full stack trace with nightly, i686-pc-linux-gnu 2003-04-19-08.
It seems too long for me. I think there may be some too deeply recursive calls.

    
  
Keywords: qawantedhelpwanted
Whiteboard: dupme?,need-stacktrace → need-stacktrace-analysis

    
    

    
  

      
      
      
      

        Attached file
          
        stack trace
      

    


  
seems to crash in nsAutoCompleteController::HandleText().

    
    

    
  
can someone reproduce this with a current build and get a talkback ID?

    
    

    
  
Yes, I can still reproduce this w/20030711.
I'm trying to get some talkback IDs for I've sent,
but it seems to fail.

    
    

    
  
Bug 209600 seems to me a same crash.

-> TOPCRASH
Keywords: topcrash

    
    

    
  
Taking QA Contact
QA Contact: asa → bugzilla

    
    

    
  
*** Bug 216269 has been marked as a duplicate of this bug. ***

    
    

    
  
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030827 Mozilla
Firebird/0.6.1+
Still crash. TB23124826G

    
    

    
  
*** Bug 209600 has been marked as a duplicate of this bug. ***

    
    

    
  
Changing summary and reassigning to default owner and QA.
-> Autocomplete
Assignee: hyatt → hewitt
Component: Toolbars → Autocomplete
QA Contact: bugzilla → davidpjames
Summary: Crash when clicking to change focus while inputs to search-bar with IME → Textbox crash - MFB061 [@ nsAutoCompleteController::HandleText] esp.JA-IME

    
    

    
  


  
For more investigation, for now, I made a patch to avoid crash by checking if
mInput is non-NULL.
This patch doesn't fix fundamental problem.

    
    

    
  
ben, is this bandaid worth taking?
Assignee: hewitt → bugs

    
    

    
  
This crashing bug is still reproduced.
If there is no chance of fixing by 0.9 releases, can a provisional patch be
checkin in order to avoid crash?
It is very gloomy. :-(

Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.7b) Gecko/20040310
Firefox/0.8.0+

    
    

    
  
*** Bug 224226 has been marked as a duplicate of this bug. ***

    
  
Flags: blocking1.0?

    
    

    
  
+ing for .9 since this is a topcrash. 
Flags: blocking1.0? → blocking0.9+

    
    

    
  
Bandaid checked in, branch and trunk. Leaving open setting milestone post 1.0
for further investigation. 
Flags: blocking0.9+
Priority: -- → P3
Target Milestone: --- → After Firefox 1.0

    
    

    
  
*** Bug 242522 has been marked as a duplicate of this bug. ***

    
    

    
  
I haven't seen any crashes since FF10PR1 and even current data only shows about
10 crashes for that release.  Marking WFM.

Ben:  If you feel we still need to do some more investigating, or if you have
plans for a more complete/permanent solution, please reopen.
Summary: Textbox crash - MFB061 [@ nsAutoCompleteController::HandleText] esp.JA-IME → Textbox crash - FF10PR1 [@ nsAutoCompleteController::HandleText] esp.JA-IME

    
    

    
  
I haven't seen any crashes since FF10PR1 and even current data only shows about
10 crashes for that release.  Marking WFM.

Ben:  If you feel we still need to do some more investigating, or if you have
plans for a more complete/permanent solution, please reopen.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME

    
    

    
  
(In reply to comment #28)
> I haven't seen any crashes since FF10PR1 and even current data only shows about
> 10 crashes for that release.  Marking WFM.

See comment#20
It does not only crash with an urgent patch now.
Since the fundamental cause is not repaired, if this patch is removed, even now,
crash occur.

reopen.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---

    
    

    
  
Taking.

This is simple mistake of nsFormFillController::Input.
For nsAutoCompleteController::HandleText,
we must check the mFocusedInput is not null.

I will make a new patch.
Assignee: bugs → masayuki
Status: REOPENED → NEW
Keywords: helpwanted
Whiteboard: need-stacktrace-analysis
Target Milestone: Future → Firefox1.1
Status: NEW → ASSIGNED

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch to fix. (obsolete)
        — Splinter Review
      

    


  
When the control lost focus, if user is composing,
the events are fired follwing order.

1.blur
2.(endcomposition)
3.input

In currently, It assumes the input events is fired before blur event.
So, we must not call HandleText after blur.
Therefore, we should check nsIAutoCompleteControl having the control.
And in order to avoid crash, if mInput is null in HandleText, we should return.

        Attachment #171567 -
        Flags: review?(bugs)

        Attachment #171567 -
        Flags: review?(bugs)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch to fix. (obsolete)
        — Splinter Review
      

    


  
I added notice comment.

        Attachment #171567 -
        Attachment is obsolete: true

        Attachment #171607 -
        Flags: review?(bugs)

    
    

    
  
I think we should create new event that is onbeforeblur event.
In the editor, we should force composition when onbeforeblur, not onblur.
I opened bug 278802.

    
    

    
  
Comment on attachment 171607 [details] [diff] [review]
Patch to fix.

Brian:
Please review and superreview it.

        Attachment #171607 -
        Flags: superreview?(bryner)

        Attachment #171607 -
        Flags: review?(bugs)

        Attachment #171607 -
        Flags: review?(bryner)

    
    

    
  
Comment on attachment 171607 [details] [diff] [review]
Patch to fix.

>--- toolkit/components/autocomplete/src/nsAutoCompleteController.cpp	2 Sep 2004 00:39:38 -0000	1.24
>+++ toolkit/components/autocomplete/src/nsAutoCompleteController.cpp	18 Jan 2005 05:47:50 -0000
>@@ -164,18 +164,22 @@ nsAutoCompleteController::StartSearch(co
> 
> NS_IMETHODIMP
> nsAutoCompleteController::HandleText(PRBool aIgnoreSelection)
> {
>   // Stop current search in case it's async.
>   StopSearch();
>   // Stop the queued up search on a timer
>   ClearSearchTimer();
>-  
>-  NS_ENSURE_TRUE(mInput, NS_ERROR_NULL_POINTER);
>+
>+  NS_ASSERTION(mInput, "Called before attach to the control or detached from the control");
>+  // Note: if this assertion raise after blur and IME end composition,

s/raise/is raised/

>+  // check mInput before calling.
>+  // See https://bugzilla.mozilla.org/show_bug.cgi?id=193544#c31
>+  NS_ENSURE_TRUE(mInput, NS_OK);

This will actually emit two separate warnings in debug builds, which is a bit
much.  Since you want the descriptive text for the error, I'd suggest:

if (!mInput) {
  NS_ERROR("Called before attaching to the control or after detaching from the
control");
  return NS_OK;
}

I agree that it would be good to make the IME text be flushed before blur,
however, this is a good fix to have anyway.  I can imagine other cases in which
it would be possible to direct text input at an unfocused text field
(context-menu paste, perhaps).

        Attachment #171607 -
        Flags: superreview?(bryner)

        Attachment #171607 -
        Flags: superreview+

        Attachment #171607 -
        Flags: review?(bryner)

        Attachment #171607 -
        Flags: review+

    
    

    
  


  
Brian:
Thank you for your review and superreview.
I rewrote by comment 35.
Please check-in this patch.

        Attachment #171607 -
        Attachment is obsolete: true

    
    

    
  
jungshik:

Could you check-in the patch?

    
    

    
  
patch landed into the trunk

Status: ASSIGNED → RESOLVED
Closed: 20 years ago20 years ago
Resolution: --- → FIXED
Crash Signature: [@ nsAutoCompleteController::HandleText]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: