Closed
Bug 218556
Opened 21 years ago
Closed 18 years ago
Crash immediately after finishing rendering www.inreview.com [@ nsQueryInterface::operator()] designmode/midas
Categories
(Core :: DOM: Editor, defect)
Core
DOM: Editor
Tracking
()
RESOLVED
FIXED
People
(Reporter: ali, Unassigned)
References
()
Details
(4 keywords, Whiteboard: patch)
Crash Data
Attachments
(5 files)
11.46 KB,
text/plain
|
Details | |
7.04 KB,
text/plain
|
Details | |
1.27 KB,
text/html
|
Details | |
12.81 KB,
text/plain
|
Details | |
5.17 KB,
patch
|
Brade
:
review+
peterv
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030903 Firebird/0.6.1+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030906
When I type in www.inreview.com into the URL bar, and hit enter, it loads the
page. After the page is completely loaded, it crashes.
Reproducible: Always
Steps to Reproduce:
1. Type "www.inreview.com" in the URL bar.
2. Press enter and watch page fully load.
3. Watch Mozilla crash.
Actual Results:
Mozilla crashes with an error in xpcom.dll .
Expected Results:
After loading the page, it should not crash. Rather I should be able to browse
the page. :)
This problem occurs with Mozilla, as well as well as with Firebird (using
2003-09-06 nightlies for both).
Some people have reported other weird behaviour other than crashing with this
site. For one person, it worked fine. For some others, it didn't crash, but sort
of sent the browser into a state of limbo where you could resize the window and
such, but not browse unless you closed and reopened Mozilla.
I believe this is an XPCOM problem because it is saying that there is a problem
in xpcom.dll, though I'm not really a developer so I could be wrong about this.
The "Error signature" it gives me is as follows:
AppName: mozilla.exe AppVer: 1.5.20030.25068 ModName: xpcom.dll
ModVer: 1.5.20030.25068 Offset: 00041169
Related links:
http://forums.mozillazine.org/viewtopic.php?t=23006&start=60
http://forums.mozillazine.org/viewtopic.php?t=23589&start=10
Reporter | ||
Comment 1•21 years ago
|
||
I should also note that this bug isn't a recent regression. Some people have
reported (see links above to the MZ forums) seeing it on Mozilla 1.4 and
Firebird 0.6.1 (based on Mozilla 1.5a). I have not tried reproducing it on older
builds myself, though.
Comment 2•21 years ago
|
||
Same problem here .
just uploaded TB23397708G
guenter
Comment 3•21 years ago
|
||
Same crash on Mac OS X 10.2.6 (build 2003090303), so All/All
See Talkback TB23397802H
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows XP → All
Hardware: PC → All
Comment 4•21 years ago
|
||
Comment 5•21 years ago
|
||
Same problem here.\
Crash just after finish "downloading" the page.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030903
Firebird/0.6.1+
Comment 6•21 years ago
|
||
Comment 7•21 years ago
|
||
The page is in edit mode.
Assignee: dougt → mozeditor
Component: XPCOM → Editor: Core
QA Contact: scc → sairuh
Comment 8•21 years ago
|
||
The cause of the crash seems to be this JS function:
function ShowAds() {
parent.frames['ad468x60'].document.designMode = "on";
parent.frames['ad468x60'].document.open("text/html", "replace");
parent.frames['ad468x60'].document.write('<SCRIPT LANGUAGE=JavaScript
SRC=http:\/\/servedby.advertising.com\/site=202196\/size=468060\/bnum=59660882\/optn=1><\/SCRIPT>
<NOSCRIPT><A
HREF=http:\/\/servedby.advertising.com\/click\/site=202196\/bnum=59660882
TARGET=_blank><IMG
SRC=http:\/\/servedby.advertising.com\/site=202196\/size=468060\/bnum=59660882\/bins=1\/rich=0
WIDTH=468 HEIGHT=60 BORDER=0><\/A><\/NOSCRIPT> ');
parent.frames['ad468x60'].document.close();
parent.frames['ad468x60'].document.designMode = "off";
parent.frames['ad120x600'].document.designMode = "on";
parent.frames['ad120x600'].document.open("text/html", "replace");
parent.frames['ad120x600'].document.write('<SCRIPT LANGUAGE=JavaScript
SRC=http:\/\/servedby.advertising.com\/site=202195\/size=120600\/bnum=65697765\/optn=1><\/SCRIPT>
<NOSCRIPT><A
HREF=http:\/\/servedby.advertising.com\/click\/site=202195\/bnum=65697765
TARGET=_blank><IMG
SRC=http:\/\/servedby.advertising.com\/site=202195\/size=120600\/bnum=65697765\/bins=1\/rich=0
WIDTH=120 HEIGHT=600 BORDER=0><\/A><\/NOSCRIPT> ');
parent.frames['ad120x600'].document.close();
parent.frames['ad120x600'].document.designMode = "off";
}
Comment 9•21 years ago
|
||
Comment 10•21 years ago
|
||
Strange. do_QueryInterface appears to be crashing.
nsCOMPtr<nsIEditor> editor = do_QueryInterface(aCommandRefCon);
in
nsCutCommand::IsCommandEnabled
Which implies that the aCommandRefCon is bad...
Comment 11•21 years ago
|
||
1.4.1 RC is crashing on testcase.
Updated•21 years ago
|
Keywords: topcrash
Summary: Crash immediately after finishing rendering www.inreview.com → Crash immediately after finishing rendering www.inreview.com [@ nsQueryInterface::operator()]
Comment 12•21 years ago
|
||
Comment 13•21 years ago
|
||
>Mozilla 1.3.1
>This is WaMCom - the Web and Mail Communicator, a modified version of Mozilla,
>based on the version of Mozilla shown above.
>Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.3.1) Gecko/20030614
Did not crash on test case. I clicked on background as instructed. Still no
crash. I clicked on the Inreview window, got taken to a page on the inreview
site--still no crash. I wrote in www.inreview.com into the address bar--WHAMO!
"Caused an error in xpicom.dll and will be shut down."
Talkback #23546846Z
Comment 14•21 years ago
|
||
brade: do we have another component for this? do you want to own it?
Reporter | ||
Updated•21 years ago
|
Flags: blocking1.6a?
Flags: blocking1.5?
Reporter | ||
Updated•21 years ago
|
Flags: blocking1.5?
Updated•21 years ago
|
Keywords: regression
Comment 16•21 years ago
|
||
I made the object resizer hold weakptrs to the editor. This fixes the crash.
a research problem for Simon of kathy or whoever is to determine if we should
be getting resizer timer firings for stale editors.
Note that this bug doesnt fix the other problem of visiting designmode pages
leaving you perpetually in design mode when visiting other pages in same
window. There is already an open bug on that somewhere.
Updated•21 years ago
|
Attachment #132655 -
Flags: review?(brade)
Comment 17•21 years ago
|
||
assigning back to me at brade's request. brade, can you r=?
Assignee: brade → mozeditor
Whiteboard: patch
Comment 18•21 years ago
|
||
I'd like Daniel to do the review or at least comment on the patch. He and I did
discuss the editor in the resize code at some point.
Kathy, Joe: yes the patch is fine and is most certainly the right answer to
the problem reported. Thanks. r=daniel@glazman.org but I leave Kathy put her
own r= through the attachment manager.
Comment 20•21 years ago
|
||
Comment on attachment 132655 [details] [diff] [review]
patch to nsHTMLObjectResizer.{h,cpp}
r=brade
Attachment #132655 -
Flags: review?(brade) → review+
Updated•21 years ago
|
Whiteboard: patch → patch, need sr
Updated•21 years ago
|
Attachment #132655 -
Flags: superreview?
Updated•21 years ago
|
Attachment #132655 -
Flags: superreview? → superreview+
The fix for this landed at 10/09/2003 15:08.
Joe, did you mean to leave this open for additional fixes?
Comment 22•21 years ago
|
||
fix checked in yesterday
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 23•21 years ago
|
||
This seems to be fixed in Seamonkey, but in my compile of Firebird which I
pulled this morning, it's still broken (appears to be same crash as before). Do
we need to switch to a different component?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Reporter | ||
Comment 24•21 years ago
|
||
Moving over to Firebird. The site now works in:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031011
but is still broken in:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031011
Firebird/0.7+ (aebrahim)
Component: Editor: Core → General
Product: Browser → Firebird
Version: Trunk → unspecified
Comment 25•21 years ago
|
||
I suspect the original patch doesn't totally fix this bug. The problem I see
that causes a crash is that the nsBaseCommandController's mCommandContext is
dangling (it's not a strong ref). So, when we try to QI it, from
nsCutCommand::IsCommandEnabled(), it crashes.
Is this because of the ordering of editor->Init() and SetEditorOnControllers()
in nsEditingSession::SetupEditorOnWindow()? Calling Init() is taking us into
code that needs to use the command context, which isn't set yet.
Reporter | ||
Comment 26•21 years ago
|
||
Moving back to Browser | Editor: Core as per bryner's comments.
Component: General → Editor: Core
Product: Firebird → Browser
Version: unspecified → Trunk
Updated•21 years ago
|
Flags: blocking1.6a?
Comment 27•21 years ago
|
||
Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.6a) Gecko/20031020
Firebird/0.7+ (aebrahim)
Crashes when attempting to load http://www.avast.com
Comment 28•21 years ago
|
||
Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.6a) Gecko/20031024 Firebird/0.7+
works with www.avast.com
Comment 29•21 years ago
|
||
crash on testcase, TalkbackID: TB24791067H
www.avast.com working
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6a) Gecko/20031024
Comment 30•21 years ago
|
||
With no developer activity and 1.6a coming to a close, it doesn't look like this
is gonna make it.
Flags: blocking1.6a? → blocking1.6a-
Reporter | ||
Comment 31•21 years ago
|
||
Weird thing: with the latest Mozilla trunk nightly, when I try the testcase, it
doesn't crash immediately. If I press back enough to get back to this bugreport,
and then press on stuff in the top part of the bugreport, for example the
attachment table, it puts me into some edit mode that I've not seen before where
I can hide rows/columns of the tables, and move stuff around.
Also, the testcase still occasionally crashes the browser as well if I play
around with it enough and come back to this page and mess around with stuff.
Flags: blocking1.6b?
Comment 32•21 years ago
|
||
Ali: What you're seeing is bug 215686, Can't disable designmode. This is what
Joe was referencing comment 16. inreview.com turns on designMode (for some
reason) which enables the behavior you saw, then tries to turn it off, which Moz
does not currently support.
Updated•21 years ago
|
Flags: blocking1.6b? → blocking1.6b-
Comment 33•21 years ago
|
||
WFM using Mozilla 1.6 Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.6)
Gecko/20040113 and Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7)
Gecko/20040616 Firefox/0.9 (MOOX-AV), it seems www.inreview.com fixed the
problem with the site code. You can close this bug.
Comment 34•21 years ago
|
||
(In reply to comment #33)
> it seems www.inreview.com fixed the problem with the site code.
...but the problem on the Mozilla end still exists. I just tried the attached
testcase, and it still crashes for me. Until the crash is fixed, the bug stays
open. (A bug summary change wouldn't hurt, tho.)
Comment 35•20 years ago
|
||
Crash with FF1.0nearRC1:
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=TB1543325K
Comment 36•20 years ago
|
||
Same thing for mozilla 1.7.x 20041025 nightly build on Windows ME:
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=TB1543722G
bryner's analysis in comment 25 is spot on.
We still crash on both Firefox and Seamonkey builds, with the same stack as in
https://bugzilla.mozilla.org/attachment.cgi?id=131334&action=view
Updated•20 years ago
|
Summary: Crash immediately after finishing rendering www.inreview.com [@ nsQueryInterface::operator()] → Crash immediately after finishing rendering www.inreview.com [@ nsQueryInterface::operator()] designmode/midas
Comment 38•20 years ago
|
||
Is this still an issue? I don't crash with the url nor with the testcase with a
20050324 trunk build.
Comment 39•20 years ago
|
||
The bug is still reproducible with the testcase.
Reproduced with:
- Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.6) Gecko/20040114
- Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.7.7) Gecko/20050414
- Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:1.8b) Gecko/20050217
- Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
all under Suse Linux 9.1 with KDE.
I have filed a talkback-entry (Incident-ID TB5394397K), which is also
reproducible with the following steps:
- open the URL: http://www.fckeditor.net/demo/default.html
- press the button "Source" twice (I assume it toggles the document.designMode)
- browser crashes
I hope this helps to fix this nasty bug.
Regards,
Arne Jans (arne.jans@quinscape.de)
Comment 40•20 years ago
|
||
The fckeditor crash is bug 291183, so that's a different bug.
Arne Jans, could you try a latest nightly build?
http://ftp.uni-erlangen.de/pub/mozilla.org/firefox/nightly/latest-trunk/
If it is still crashing with the attached testcase in this bug, could you give a
Talkback ID for that crash?
There were some changes in designMode code between 2005-02-17 and now, if I
remember correctly.
Comment 41•20 years ago
|
||
wfm with Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b2) Gecko/20050427
Firefox/1.0+
Comment 42•20 years ago
|
||
WFM - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050711
Firefox/1.0+
Comment 43•19 years ago
|
||
Arne and Stephen Donner are last two to report crash. Everything since is WFM.
http://www.inreview.com - no crash
testcase attachment 131028 [details] - no crash
comment 39 http://www.fckeditor.net/demo/default.html I don't see a source button on the page
FF 1.5.0.4 and trunk, windows 2000
Updated•19 years ago
|
Whiteboard: patch, need sr → patch
Comment 44•18 years ago
|
||
donner, does this crash for you?
dup of bug 285972?
Assignee: mozeditor → nobody
Status: REOPENED → NEW
QA Contact: bugzilla
(In reply to comment #44)
> donner, does this crash for you?
> dup of bug 285972?
Nope, I haven't seen this any longer. I meant to mark that; go ahead and do so, please?
I'm going to say FIXED, since we did have a patch which landed at one point.
Status: NEW → RESOLVED
Closed: 21 years ago → 18 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•14 years ago
|
Crash Signature: [@ nsQueryInterface::operator()]
You need to log in
before you can comment on or make changes to this bug.
Description
•