Closed Bug 212767 Opened 21 years ago Closed 21 years ago

Crash when initializing Midas (setting designMode and others)

Categories

(Core :: DOM: Editor, defect)

Product:
Core
Component:
DOM: Editor
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: emaijala+moz, Assigned: emaijala+moz)

Details

(Keywords: crash)

Attachments

(6 files)

Test case
14.14 KB, application/x-zip-compressed
Details
win2k stack
6.15 KB, text/plain
Details
My stack
5.27 KB, text/plain
Details
Purify stack to the error, free, and allocation locations
10.03 KB, text/plain
Details
Patch v1
1.32 KB, patch
Brade
: review+
dbaron
: superreview+
asa
: approval1.7a+
Details | Diff | Splinter Review
Patch v1 with some more context
3.38 KB, patch
Details | Diff | Splinter Review 
I've experienced a crash with Midas in an intranet application. It works usually
fine, but there is one specific page which causes it to crash. I took the
contents of that page and minimized it to a crashing test case, which I will
attach to this bug. Running trunk build 2003070107 on WinXP, also happens with
20030714.
Attached file Test case 
A test case simplified from a real life crash case.
Attached file win2k stack 

    
    

    
  

*** This bug has been marked as a duplicate of 171949 ***
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE

    
    

    
  

      
      
      
      

        Attached file
          
        My stack
      

    


  
My stack is completely different.

    
    

    
  
Reopening. There was yet another place it crashed in talkback 21908653q.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---

    
    

    
  


  
I'm attaching the purify data, it shows where the object was created and
destroyed that the QI is failing on.

From what I can tell is that an event is fired, and the command controller
still has a reference to the editor which was destroyed when leaving
nsEditingSession::TearDownEditorOnWindow. I suspect maybe there's some kind of
contract between the nsEditingSession and the command controller built, that it
keeps things alive as long as needed. I think the
nsEditingSession::TearDownEditorOnWindow needs to clean up the command
controller before it exits, since I think all references to the object in
question will be gone.

    
    

    
  
-->me
Assignee: jfrancis → brade
Status: REOPENED → NEW

    
    

    
  
Duplicate of bug 211348?

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch v1Splinter Review
      

    


  
Need to null out the weak refs to the editor on the controllers before it's
destroyed (nulled out on the docshell). Otherwise there is a small timeframe
when someone can try to use the destroyed editor. This fixes the crash my stack
and the Purify stack show.

    
  
Assignee: brade → ere
Status: NEW → ASSIGNED

    
  

        Attachment #140075 -
        Flags: review?(mozeditor)

    
  

        Attachment #140075 -
        Flags: superreview?(bz-vacation)

    
    

    
  
It'll take me some time (two weeks or more, possibly) to get to this review --
I'm somewhat behind on reviews at the moment.

For future reference, using the -p flag to diff makes patches like this far more
readable...

    
    

    
  


  
Oops, I did it again. This is the same with some more context.

    
    

    
  
Comment on attachment 140088 [details] [diff] [review]
Patch v1 with some more context

Are there any leaks?  Is "PreDestroy" being called?  Maybe the ordering thing I
was worried about is the selection and doc state listener; I'm not sure
(sorry).

    
    

    
  
No problem, I'll test it.

    
    

    
  
PreDestroy is being called just fine. As far as I can see the patch causes no
problems or changes in behavior.

    
    

    
  
Comment on attachment 140075 [details] [diff] [review]
Patch v1

Seeking r from Brade who seems to know this stuff well :)

        Attachment #140075 -
        Flags: superreview?(bz-vacation)

        Attachment #140075 -
        Flags: review?(mozeditor)

        Attachment #140075 -
        Flags: review?(brade)

    
    

    
  
looks ok to me.

    
    

    
  
Comment on attachment 140075 [details] [diff] [review]
Patch v1

That would be an r+?

        Attachment #140075 -
        Flags: superreview?(dbaron)

        Attachment #140075 -
        Flags: superreview?(dbaron) → superreview+

    
    

    
  
Comment on attachment 140075 [details] [diff] [review]
Patch v1

r=brade (assuming mail compose and composer have both been tested and no
regressions found)

        Attachment #140075 -
        Flags: review?(brade) → review+

    
    

    
  
Comment on attachment 140075 [details] [diff] [review]
Patch v1

Yes, I wasn't able to find any problems in mail compose or composer. Requesting
approval for 1.7a.

        Attachment #140075 -
        Flags: approval1.7a?

    
    

    
  
Comment on attachment 140075 [details] [diff] [review]
Patch v1

a=chofmann for 1.7a

    
    

    
  
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago21 years ago
Resolution: --- → FIXED

    
  

        Attachment #140075 -
        Flags: approval1.7a? → approval1.7a+

    
    

    
  
i still see this problem in 1.7.3 on win2k.

    
    

    
  
so file a new bug with a stack trace.

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: