Closed Bug 205180 Opened 23 years ago Closed 21 years ago

Crash when closing tab while loading BiDi content [@ nsDocument::QueryInterface]

Categories

(Core :: Layout: Text and Fonts, defect)

Product:
Core
Component:
Layout: Text and Fonts
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: wolruf, Assigned: mkaply)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

build ID: 2003050905 on Linux and CVS built on 20030430 (--enable-optimize) Steps to reproduce: 1. Load http://www.google.com/en 2. Open new tab (middle-click + background loading) for Google Urdu version, 3. Left-click on the current tab on the same link Google Urdu while the other tab is loading, 4. Immedialtely Ctrl-W to close current tab while loading page, 5. Mozilla crashes. The nightly crashes but doesn't fire the Talkback client. Stack: 0x40f26549 in nsDocument::QueryInterface (this=0x89a6dd0, aIID=@0x412ca5a0, aInstancePtr=0xbfe01038) at nsDocument.cpp:588 588 NS_INTERFACE_MAP_BEGIN(nsDocument) (gdb) bt #0 0x40f26549 in nsDocument::QueryInterface (this=0x89a6dd0, aIID=@0x412ca5a0, aInstancePtr=0xbfe01038) at nsDocument.cpp:588 #1 0x4103498d in nsHTMLDocument::QueryInterface (this=0x89a6dd0, aIID=@0x412ca5a0, aInstancePtr=0xbfe01080) at nsHTMLDocument.cpp:341 #2 0x08073204 in nsQueryInterface::operator() (this=0xbfe010d0, aIID=@0x412ca5a0, answer=0xbfe01080) at nsCOMPtr.cpp:47 #3 0x4117e1b6 in nsCOMPtr<nsIDocument>::assign_from_helper (this=0xbfe010e0, helper=@0xbfe010d0, aIID=@0x412ca5a0) at ../../../../dist/include/xpcom/nsCOMPtr.h:988 #4 0x4117f1f4 in nsCOMPtr<nsIDocument>::nsCOMPtr (this=0xbfe010e0, helper=@0xbfe010d0) at ../../../../dist/include/xpcom/nsCOMPtr.h:572 #5 0x4117e70a in nsCOMPtr<nsIDocument>::Assert_NoQueryNeeded (this=0xbfe01150) at ../../../../dist/include/xpcom/nsCOMPtr.h:507 #6 0x41186cff in nsGetterAddRefs<nsIDocument>::~nsGetterAddRefs ( this=0xbfe01148, __in_chrg=2) at ../../../../dist/include/xpcom/nsCOMPtr.h:1070 #7 0x40f0537f in nsPresContext::GetBidiEnabled (this=0x89cee58, aBidiEnabled=0xbfe0119c) at nsPresContext.cpp:1568 #8 0x40e26d1d in nsTextTransformer::Init (this=0xbfe01300, aFrame=0x8a588c4, aContent=0x8a8e2f8, aStartingOffset=0, aForceArabicShaping=0, aLeaveAsAscii=0) at nsTextTransformer.cpp:224 #9 0x40e1c826 in nsTextFrame::PrepareUnicodeText (this=0x8a588c4, aTX=@0xbfe01300, aIndexBuffer=0xbfe01570, aTextBuffer=0xbfe01710, aTextLen=0xbfe012e8, aForceArabicShaping=0) at nsTextFrame.cpp:1534 #10 0x40e23004 in nsTextFrame::PeekOffset (this=0x8a588c4, aPresContext=0x89cee58, aPos=0xbfffdc20) at nsTextFrame.cpp:4203 #11 0x40dc8e4d in nsFrame::PeekOffset (this=0x87ecdf4, aPresContext=0x89cee58, aPos=0xbfffdc20) at nsFrame.cpp:3898 #12 0x40da7b1e in BRFrame::PeekOffset (this=0x87ecdf4, aPresContext=0x89cee58, aPos=0xbfffdc20) at nsBRFrame.cpp:261 #13 0x40e2361f in nsTextFrame::PeekOffset (this=0x8a588c4, aPresContext=0x89cee58, aPos=0xbfffdc20) at nsTextFrame.cpp:4373 #14 0x40dc8e4d in nsFrame::PeekOffset (this=0x87ecdf4, aPresContext=0x89cee58, aPos=0xbfffdc20) at nsFrame.cpp:3898 #15 0x40da7b1e in BRFrame::PeekOffset (this=0x87ecdf4, aPresContext=0x89cee58, aPos=0xbfffdc20) at nsBRFrame.cpp:261 #16 0x40e2361f in nsTextFrame::PeekOffset (this=0x8a588c4, aPresContext=0x89cee58, aPos=0xbfffdc20) at nsTextFrame.cpp:4373 #17 0x40dc8e4d in nsFrame::PeekOffset (this=0x87ecdf4, aPresContext=0x89cee58, aPos=0xbfffdc20) at nsFrame.cpp:3898 #18 0x40da7b1e in BRFrame::PeekOffset (this=0x87ecdf4, aPresContext=0x89cee58, aPos=0xbfffdc20) at nsBRFrame.cpp:261 [...] #882 0x40da7b1e in BRFrame::PeekOffset (this=0x87ecdf4, aPresContext=0x89cee58, aPos=0xbfffdc20) at nsBRFrame.cpp:261 #883 0x40e2361f in nsTextFrame::PeekOffset (this=0x8a588c4, [I guess this is an infinte loop...]
there's a typo in step 1 to reproduce bug, URL should read http://www.google.ae/en instead of http://www.google.com/en which gives: Steps to reproduce: 1. Load http://www.google.ae/en 2. Open new tab (middle-click + background loading) for Google Urdu version, 3. Left-click on the current tab on the same link Google Urdu while the other tab is loading, 4. Immedialtely Ctrl-W to close current tab while loading page, 5. Mozilla crashes.
Seems to WorkForMe using FizzillaMach/2003-05-07-14-trunk (1.4b). Those steps happen pretty fast, so it's hard to be certain I'm doing it right.
Summary: Crash when closing tab while loading BiDi content [@ nsDocument::QueryInterface ] → Crash when closing tab while loading BiDi content [@ nsDocument::QueryInterface]
still crashing 2003070107 (trunk) on Linux, not WinXP.
Can't reproduce anymore FF 20040604 Linux.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
Component: Layout: BiDi Hebrew & Arabic → Layout: Text
QA Contact: zach → layout.fonts-and-text
Crash Signature: [@ nsDocument::QueryInterface]
You need to log in before you can comment on or make changes to this bug.