Closed Bug 224285 Opened 22 years ago Closed 20 years ago

Page info crashes/hangs Firefox

Categories

(Core Graveyard :: GFX: Gtk, defect)

Product:
Core Graveyard
Component:
GFX: Gtk
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED EXPIRED

People

(Reporter: mcsmurf, Assigned: blizzard)

Details

(Keywords: crash, hang)

With a clean build from cvs trunk, Firebird simply crashes (on time it hung) when clicking right and then Page Info. In Mozilla Page Info works (same source tree). Stacktrace: #0 0x406273c9 in mallopt () from /lib/libc.so.6 #1 0x406265d3 in malloc () from /lib/libc.so.6 #2 0x400273c9 in JS_malloc (cx=0x86fd060, nbytes=56) at /mozilla2/mozilla/js/src/jsapi.c:1438 #3 0x4008e2e1 in js_NewScope (cx=0x86fd060, nrefs=1, ops=0x400a5ac0, clasp=0x4123da20, obj=0x8200160) at /mozilla2/mozilla/js/src/jsscope.c:135 #4 0x4006ddca in js_NewObjectMap (cx=0x86fd060, nrefs=1, ops=0x400a5ac0, clasp=0x4123da20, obj=0x8200160) at /mozilla2/mozilla/js/src/jsobj.c:1768 #5 0x4006e11d in js_NewObject (cx=0x86fd060, clasp=0x4123da20, proto=0x825e0a0, parent=0x825e1c0) at /mozilla2/mozilla/js/src/jsobj.c:1860 #6 0x4002880a in JS_NewObject (cx=0x86fd060, clasp=0x4123da20, proto=0x825e0a0, parent=0x825e1c0) at /mozilla2/mozilla/js/src/jsapi.c:2067 #7 0x4122d4f2 in XPCWrappedNativeProto::Init(XPCCallContext&, XPCNativeScriptableCreateInfo const*) (this=0x87b6278, ccx=@0xbfffd2e0, scriptableCreateInfo=0xbfffce60) at /mozilla2/mozilla/js/src/xpconnect/src/xpcwrappednativeproto.cpp:103 #8 0x4122d8be in XPCWrappedNativeProto::GetNewOrUsed(XPCCallContext&, XPCWrappedNativeScope*, nsIClassInfo*, XPCNativeScriptableCreateInfo const*, int) (ccx=@0xbfffd2e0, Scope=0x86fd308, ClassInfo=0x854e9ec, ScriptableCreateInfo=0xbfffce60, ForceNoSharing=0) at /mozilla2/mozilla/js/src/xpconnect/src/xpcwrappednativeproto.cpp:217 #9 0x4121f97b in XPCWrappedNative::GetNewOrUsed(XPCCallContext&, nsISupports*, XPCWrappedNativeScope*, XPCNativeInterface*, XPCWrappedNative**) (ccx=@0xbfffd2e0, Object=0x87c7a3c, Scope=0x86fd308, Interface=0x82f7e00, resultWrapper=0xbfffcf0c) at /mozilla2/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp:347 #10 0x41204384 in XPCConvert::NativeInterface2JSObject(XPCCallContext&, nsIXPConnectJSObjectHolder**, nsISupports*, nsID const*, JSObject*, unsigned*) (ccx=@0xbfffd2e0, dest=0xbfffcfb0, src=0x87c7a3c, iid=0xbfffd130, scope=0x8289ba0, pErr=0xbfffd12c) at /mozilla2/mozilla/js/src/xpconnect/src/xpcconvert.cpp:1058 #11 0x412033b3 in XPCConvert::NativeData2JS(XPCCallContext&, long*, void const*, nsXPTType const&, nsID const*, JSObject*, unsigned*) (ccx=@0xbfffd2e0, d=0xbfffd0e4, s=0xbfffd240, type=@0xbfffd0d7, iid=0xbfffd130, scope=0x8289ba0, pErr=0xbfffd12c) at /mozilla2/mozilla/js/src/xpconnect/src/xpcconvert.cpp:460 valgrind says: ==852== Invalid read of size 1 ==852== at 0x4500EF16: ChangedMaskBits(char*, int, int, nsRect const&, unsigned char*) (nsWindow.cpp:4373) ==852== by 0x4500F1CE: nsWindow::UpdateTranslucentWindowAlpha(nsRect const&, unsigned char*) (nsWindow.cpp:4439) ==852== by 0x4500F15F: nsWindow::UpdateTranslucentWindowAlpha(nsRect const&, unsigned char*) (nsWindow.cpp:4425) ==852== by 0x43D3F40C: nsViewManager::RenderViews(nsView*, nsIRenderingContext&, nsRegion const&, int) (nsViewManager.cpp:1279) ==852== Address 0x4A2E3875 is 15 bytes before a block of size 248 alloc'd ==852== at 0x4002A6F1: malloc (vg_replace_malloc.c:153) ==852== by 0x8055C93: __builtin_new (nsAppRunner.cpp:180) ==852== by 0x4002A84C: operator new(unsigned) (vg_replace_malloc.c:185) ==852== by 0x45004983: ChildWindowConstructor(nsISupports*, nsID const&, void**) (nsWidgetFactory.cpp:66) ==852== ==852== Invalid read of size 1 ==852== at 0x4500F018: UpdateMaskBits(char*, int, int, nsRect const&, unsigned char*) (nsWindow.cpp:4396) ==852== by 0x4500F201: nsWindow::UpdateTranslucentWindowAlpha(nsRect const&, unsigned char*) (nsWindow.cpp:4444) ==852== by 0x4500F15F: nsWindow::UpdateTranslucentWindowAlpha(nsRect const&, unsigned char*) (nsWindow.cpp:4425) ==852== by 0x43D3F40C: nsViewManager::RenderViews(nsView*, nsIRenderingContext&, nsRegion const&, int) (nsViewManager.cpp:1279) ==852== Address 0x4A2E3875 is 15 bytes before a block of size 248 alloc'd ==852== at 0x4002A6F1: malloc (vg_replace_malloc.c:153) ==852== by 0x8055C93: __builtin_new (nsAppRunner.cpp:180) ==852== by 0x4002A84C: operator new(unsigned) (vg_replace_malloc.c:185) ==852== by 0x45004983: ChildWindowConstructor(nsISupports*, nsID const&, void**) (nsWidgetFactory.cpp:66) ==852== ==852== Invalid write of size 1 ==852== at 0x4500F03D: UpdateMaskBits(char*, int, int, nsRect const&, unsigned char*) (nsWindow.cpp:4398) ==852== by 0x4500F201: nsWindow::UpdateTranslucentWindowAlpha(nsRect const&, unsigned char*) (nsWindow.cpp:4444) ==852== by 0x4500F15F: nsWindow::UpdateTranslucentWindowAlpha(nsRect const&, unsigned char*) (nsWindow.cpp:4425) ==852== by 0x43D3F40C: nsViewManager::RenderViews(nsView*, nsIRenderingContext&, nsRegion const&, int) (nsViewManager.cpp:1279) ==852== Address 0x4A2E3875 is 15 bytes before a block of size 248 alloc'd ==852== at 0x4002A6F1: malloc (vg_replace_malloc.c:153) ==852== by 0x8055C93: __builtin_new (nsAppRunner.cpp:180) ==852== by 0x4002A84C: operator new(unsigned) (vg_replace_malloc.c:185) ==852== by 0x45004983: ChildWindowConstructor(nsISupports*, nsID const&, void**) (nsWidgetFactory.cpp:66) ==852== ==852== More than 30000 total errors detected. I'm not reporting any more. ==852== Final error counts will be inaccurate. Go fix your program! ==852== Rerun with --error-limit=no to disable this cutoff. Note ==852== that errors may occur in your program without prior warning from ==852== Valgrind, because errors are no longer being displayed. my .mozconfig if related: ac_add_options --disable-composer ac_add_options --disable-debug ac_add_options --disable-ldap ac_add_options --disable-mailnews ac_add_options --disable-tests ac_add_options --enable-crypto ac_add_options --enable-extensions=default,-inspector,-irc,-venkman,-content-packs,-help ac_add_options --enable-optimize="-g" ac_add_options --enable-xft export MOZ_PHOENIX=1 mk_add_options MOZ_PHOENIX=1 mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@-firebird
btw: it doesnt matter which webpage you are on. It crashes/hangs on every site when doing a right click and choose in the context-menu "Page Info" (if that wasnt clear in comment 0)
Since the stacktrace seems related to malloc and reading a value in ChangedMaskBits(), maybe you should check your memory for errors, as far-fetched as that seems. Even if this isn't the problem, checking their physical memory for problems is something everyone should do once in a while. I strongly suggest the utility Memtest86 -- http://www.memtest86.com Burn the image to a CD, run it for several passes, and let us know! (Of course, if you know that I am not reading the stacktrace right and this couldn't POSSIBLY be related to memory, feel free to ignore this advice.)
Summary: page info crashes firebird → Page info crashes Firebird
This is almost certainly heap corruption, specific to the window transparency code in the GTK implementation of nsWindow. I don't know enough about the code to say what exactly is going wrong...
->gfx: gtk
Component: General → GFX: Gtk
Product: Firebird → Browser
Version: unspecified → Trunk
.
Assignee: blake → blizzard
QA Contact: ian
I added some hack to nsWindows.cpp so that i dont need to build a full debug build for the Assertions (thanks timeless for that!). When Firebird now hangs (it doesnt seem to crash anymore?!), i get these assertions: Eek: Rect is out of window bounds Eek: Rect is out of window bounds Eek: Rect is out of window bounds (Eek: is part of the hack for displaying assertions *g*) A assertion inserted at the beginning of static void UpdateMaskBits (after the 2 PRInt32 lines) NS_ASSERTION(aRect.y>=0, "poke me"); doesnt get fired.
Keywords: hang
Summary: Page info crashes Firebird → Page info crashes/hangs Firebird
.
Using:- Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6a) Gecko/20031101 Firebird/0.7+ And crashes me when right click, view page info, also tested with the latest Nightly 20031106.. will even crash with no page loaded, this bug was not in the October Nightly I have here,
Ok... been playing with this problem with builds from October to the current on I use, Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031121 Firebird/0.7+ The crash is reproducable every time, ie right click on page and view "page info" crash or a freeze.. However, if I use firbirds default "Theme" the problem goes away.. Is this a Theme problem (tested with 5 diferent themes) or GFX: Gtk as first reported..?
Well, no comments but you may like to know???, re my last post that it was indeed a problem with the Themes and newer Builds.. Currently I am using :- Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031206 Firebird/0.7+ And grabbed a couple of newly updated Themes, LittleFirebird.0.7b, and MicroFirebird.0.7b and I can view the page info now with no crashes.. Also tested with some earlier builds that gave problems..
Can anyone reproduce this with 0.8 and/or latest-trunk build of Firefox? It appears (given comment 10) that it's fixed. I can resolve it if someone else can tell me it works now...
Summary: Page info crashes/hangs Firebird → Page info crashes/hangs Firefox
(In reply to comment #11) > Can anyone reproduce this with 0.8 and/or latest-trunk build of Firefox? It > appears (given comment 10) that it's fixed. I can resolve it if someone else > can tell me it works now... I can't test this anymore, since i use Windows 2000 now (again).
>Can anyone reproduce this with 0.8 and/or latest-trunk build of Firefox? It >appears (given comment 10) that it's fixed. I can resolve it if someone else >can tell me it works now.. Ok... tested with the official FireFox and my current version, Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7a) Gecko/20040213 Firebird/0.8.0+ Re comment #10, this crash/freeze happens only with certain Thmemes, when viewing the page info, one theme that comes to mind is Orbit.. I could not test any others just now as the site is down :( One of the newer Themes I have tested is Doodle, the crash does not happen which leads me to think it is "theme" related?? HTH
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
This bug has been automatically resolved after a period of inactivity (see above comment). If anyone thinks this is incorrect, they should feel free to reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → EXPIRED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.