Closed Bug 25155 Opened 26 years ago Closed 25 years ago

crash in search window switching from internet to bookmarks

Categories

(Core :: XUL, defect, P3)

Product:
Core
Component:
XUL
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: danm.moz, Assigned: kmcclusk)

References

Details

(Keywords: crash)

Open the Search->Search the Internet window. Click the bookmarks tab. Boom. (Note you can switch between any two other tabs with impunity.) Here's the stack trace for the crash: #0 nsToolkit::GetSharedGC (this=0x0) at nsToolkit.cpp:80 #1 0x4070881e in nsWidget::GetNativeData (this=0x8709eb0, aDataType=1) at nsWidget.cpp:989 #2 0x40710c7a in nsWindow::GetNativeData (this=0x8709eb0, aDataType=1) at nsWindow.cpp:1698 #3 0x40b89f2e in nsRenderingContextGTK::Init (this=0x8740670, aContext=0x864b2a0, aWindow=0x8709eb0) at nsRenderingContextGTK.cpp:132 #4 0x407141de in nsBaseWidget::GetRenderingContext (this=0x8709eb0) at nsBaseWidget.cpp:415 #5 0x4070e7d7 in nsWindow::DoPaint (this=0x8709eb0, aX=0, aY=0, aWidth=1, aHeight=1, aClipRegion=0x8775410) at nsWindow.cpp:549 #6 0x4070ea73 in nsWindow::Update (this=0x8709eb0) at nsWindow.cpp:617 #7 0x4070e627 in nsWindow::UpdateIdle (data=0x0) at nsWindow.cpp:488 #8 0x408a4a49 in ?? () from /usr/lib/libglib-1.2.so.0 #9 0x408a3a86 in ?? () from /usr/lib/libglib-1.2.so.0 #10 0x408a4041 in ?? () from /usr/lib/libglib-1.2.so.0 #11 0x408a41e1 in ?? () from /usr/lib/libglib-1.2.so.0 #12 0x407cd7a9 in ?? () from /usr/lib/libgtk-1.2.so.0 #13 0x406f05d7 in nsAppShell::Run (this=0x80a4460) at nsAppShell.cpp:304 #14 0x405a748d in ?? () from /builds/moz/mozilla/dist/bin/libnsappshell.so #15 0x804c1dd in main1 (argc=1, argv=0xbffffac4) at nsAppRunner.cpp:597 #16 0x804c667 in main (argc=1, argv=0xbffffac4) at nsAppRunner.cpp:690 #17 0x402edcb3 in ?? () from /lib/libc.so.6 When the window is remade for the bookmarks tab, widgets are destroyed and others are created. One widget has the honor of being destroyed but never deleted (by "destroyed," I mean its OnDestroy method is called). This particular widget is subsequently used as the parent for a bunch of newly created widgets. When a widget is destroyed, it has a lot of member variables nulled out. The newly created widgets borrow their mToolkit member from their parent. It's only a matter of time before some widget calls on its null toolkit and crashes with the above stack. This is gtk-specific behaviour new in about the last 24 hours. Initially assigning to blizzard because he unwisely mentioned to me he might have changed something related.
i believe this is well-known, claudius?
QA Contact: paulmac → claudius
yes and no. This is the same behavior as bug 23493 but danm says its a different stack. I'm on it though.
Severity: major → critical
Adding "crash" keyword to all known open crasher bugs.
Keywords: crash
This is GC stuff. I'd like pav to take a look since he's been last in that code.
Assignee: blizzard → pavlov
i'm lookin at it
Status: NEW → ASSIGNED
*** Bug 26765 has been marked as a duplicate of this bug. ***
claudius, is this search window going to be in for beta? if so, we need to mark this beta1
AFAIK that window is not in (at the very least it's not a must) for beta1 so this bug doesn't deserve that priority. Of course, I haven't seen plans to actually pull the menu option so that would leave us with an easily accessible, reproduceable, known crasher.
beard, i don't think this is totally your bug... but I want you to null out some arguments (or use comptrs...) something bad is happening here. if I set mRootWidget to nsnull after NS_IF_RELEASE in SetRootView, the crash goes away but bad things are still happening. What then ends up happening is a widget gets created and the view creates a widget which passes in the view manager's root widget which happens to no longer exist (but it isn't null, so we use it). This leads to lots of bad things(tm). My belief is that the search window is just doing something really shitty causing all this stuff to go wrong.
Assignee: pavlov → beard
Status: ASSIGNED → NEW
Can one of you take a lok at 31791 which has the same stack trace and see if it is related. bug 31791 is "opening CNN.com with Alt L causes crash"
*** Bug 31791 has been marked as a duplicate of this bug. ***
*** Bug 32355 has been marked as a duplicate of this bug. ***
adding new bug this one depends on... the states we are getting in to should never be happening.
Depends on: 34033
Status: NEW → ASSIGNED
Reassigning to component owner.
Assignee: beard → kmcclusk
Status: ASSIGNED → NEW
Nominating for beta2.
Status: NEW → ASSIGNED
Keywords: nsbeta2
Target Milestone: --- → M16
Todays build works for me.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
this would WFM today because there is no longer an 'Internet' tab and it was a must to reproduce this bug. This dialog has changd so much since the bug was reported I doubt it will come back. marking VERIFIED
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.