Closed Bug 230516 Opened 21 years ago Closed 21 years ago

Attempting to print a page results in a crash (nsCOMArray_base::~nsCOMArray_base())


(Core :: Printing: Output, defect)

Not set





(Reporter: chrispetersen, Assigned: bryner)



(Keywords: crash, regression, smoketest)


(1 file)

Build: Firebird 2004010902 Mac Trunk and Camino 2004010903 NB
Platform: OS X 10.3.2
Expected Results: No crash should occur when printing page
What I got: After print dialog closes, the application crashes

Steps to reproduce:

1) Go to any url
2) Select Print from the File menu
3) Click the Print button to close the dialog
4) The application crashes

GDB reports the following:

Cannot access memory at address 0x78486b04
#1  0x0501da94 in nsCOMArray_base::~nsCOMArray_base() ()
#2  0x006800a0 in nsPrintData::~nsPrintData() ()
#3  0x004e2ff4 in nsPrintEngine::Destroy() ()
#4  0x0025a200 in DocumentViewerImpl::OnDonePrinting() ()
#5  0x05043b8c in PL_HandleEvent ()
#6  0x05043ab0 in PL_ProcessPendingEvents ()
#7  0x05044a64 in nsEventQueueImpl::ProcessPendingEvents() ()
#8  0x003dc984 in -[EventQueueHandler eventTimer:] ()
#9  0x9607765c in __NSFireTimer ()
#10 0x90194848 in __CFRunLoopDoTimer ()
#11 0x90191ba8 in __CFRunLoopRun ()
#12 0x901960bc in CFRunLoopRunSpecific ()
#13 0x927d632c in RunCurrentEventLoopInMode ()
#14 0x927dca94 in ReceiveNextEventCommon ()
#15 0x927feb28 in BlockUntilNextEventMatchingListInMode ()
#16 0x92dd25b8 in _DPSNextEvent ()
#17 0x92de8f34 in -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#18 0x92dfd27c in -[NSApplication run] ()
#19 0x92eb95f0 in NSApplicationMain ()
#20 0x00004f18 in _start ()
#21 0x00004d98 in start ()
The stack trace is teh same in both Firebird and Camino. This regressed start
with todays build (20040109)
Keywords: crash
Keywords: regression
Assignee: blake → core.printing
Component: General → Printing
Product: Firebird → Browser
Version: unspecified → Trunk
-> me, this is fallout from the nsStyleSet changes.
Assignee: core.printing → bryner
Attached patch patchSplinter Review
Prevent a double-free of the style set -- the PresShell owns it, so the
PrintObject should not delete it on destruction.

Note: I didn't use nsAutoPtr because of the bloat it seems to cause as we saw
yesterday.  Also, the pointer was already being initialized to null in the
ctor, unnecessary for nsAutoPtr but will be needed now.
Attachment #138706 - Flags: superreview?(dbaron)
Attachment #138706 - Flags: review?(bz-vacation)
Attachment #138706 - Flags: superreview?(dbaron) → superreview+
Comment on attachment 138706 [details] [diff] [review]

Doh.  I'd missed the fact that the presshell got passed that style set...

r=bzbarsky, but it'd be good to resolve this autoptr bloat issue.  If we dare
not use the class, what help is it?  And this is _exactly_ a case we'd want to
use it in.....

I'd be curious to see how using nsAutoPtr here compares to all those manual
deletes, really.
Attachment #138706 - Flags: review?(bz-vacation) → review+
I'm getting crashes on WinXP with the win32 2004010008 build too.

Crashes every time I try to print.
checked in.
Closed: 21 years ago
Resolution: --- → FIXED
*** Bug 230545 has been marked as a duplicate of this bug. ***
Now WFM 2004011009 win32.  Thanks for the fix.
*** Bug 230628 has been marked as a duplicate of this bug. ***
*** Bug 230628 has been marked as a duplicate of this bug. ***
*** Bug 231002 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.