Closed
Bug 255366
Opened 20 years ago
Closed 20 years ago
File picker calls crash mozilla (open file, file attach, file browser, etc)
Categories
(Core :: XUL, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: harri, Assigned: caillon)
References
Details
(Keywords: 64bit, crash, helpwanted)
Attachments
(2 files)
|
25.22 KB,
application/x-tar
|
Details | |
|
1.88 KB,
patch
|
caillon
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.2) Gecko/20040811 Debian/1.7.2-2
Build Identifier: Current snapshot of 1.8 as of Aug 11th, compiled on Debian AMD64, gcc 3.4.1
If I try to attach a file to my EMail, then Mozilla dies.
Reproducible: Always
Steps to Reproduce:
1.compose EMail
2.set a To: address, add some text
3.right klick on Attachments list, select "Attach Files"
Actual Results:
core dump
the version of yesterday crashed, too
|
Reporter | |
Comment 1•20 years ago
|
||
Here is the real build identifier:
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8a3) Gecko/20040812
|
||
Comment 2•20 years ago
|
||
Herald: Are you able to reproduce with official Mozilla nightbuild? Could you
provide TalkBack incident ID in such case?
Severity: normal → critical
Keywords: crash
|
|
Reporter | |
Comment 3•20 years ago
|
||
AFAIK there are no nightly builds for AMD64. I grabbed the current image for x86
and installed it on another PC. There was no crash when I did a right click to
[Select Files], but when I clicked on [Cancel] in the file browser Mozilla x86
died, too.
But maybe this is unrelated.
|
|
Reporter | |
Comment 4•20 years ago
|
||
The crash on x86 is not reproducable.
Any attempt to attach a file, from menu or attachment frame, causes an immediate
crash. No other components of the message need be filled out.
AMD64, CVS HEAD, 20040813
Further info, you can attach a web page, but you can not attach a file.
Unfortunately gdb and mozilla aren't playing well - when started with --debug,
mozilla hangs before realizing any widgets on screen.
Here is startup info. Note the file picker module failure:
*** Registering nsWidgetGtk2Module components (all right -- a generic module!)
nsGenericModule nsWidgetGtk2Module: Register hook for Gtk2 File Picker
component returned error => 80040155
(Gecko:8622): GLib-GObject-WARNING **: invalid cast from GdkWindow' to GtkWindow'
/usr/local/lib/mozilla-1.8a3/run-mozilla.sh: line 131: 8622 Segmentation fault
"$prog" ${1+"$@"}
On a side note, I've often wondered why mozilla developers choose to return
numbers like 80040155 instead of an error string which is far more descriptive.
80040155 actually sounds like a pointer location. But I see this all over the
place.
If you twiddle gdb/moz carefully you can sometimes get somewhere. Here is a
partially informative stack trace. It now seems very apparent where it's
crashing, but as I can't yet get at the values passed to this function I don't
know why it blew up.
Program received signal SIGSEGV, Segmentation fault.
0x0000002a95e6f6db in gtk_file_chooser_dialog_get_type () from
/usr/lib/libgtk-x11-2.0.so.0
(gdb) bt
#0 0x0000002a95e6f6db in gtk_file_chooser_dialog_get_type () from
/usr/lib/libgtk-x11-2.0.so.0
#1 0x0000003000000020 in ?? ()
#2 0x0000000000000001 in ?? ()
#3 0x00000000008d25c0 in ?? ()
#4 0x0000002a9555fcc4 in _dl_rtld_di_serinfo () from /lib64/ld-linux-x86-64.so.2
#5 0x0000002a9e689e6a in nsIFileURL::GetIID()::iid () from
/usr/local/lib/mozilla-1.8a3/components/libwidget_gtk2.so
#6 0x0000000000000000 in ?? ()
#7 0x00000000005716e0 in ?? ()
#8 0x0000002a968eb2e8 in ?? () from /usr/lib/libgobject-2.0.so.0
#9 0x0000000000000010 in ?? ()
#10 0x0000002a968e5248 in ?? () from /usr/lib/libgobject-2.0.so.0
#11 0x00000000008d1e60 in ?? ()
#12 0x0000000000000001 in ?? ()
#13 0x0000002a968b0000 in ?? ()
#14 0x00000000000000a6 in ?? ()
#15 0x0000002a968de524 in g_type_check_instance_cast () from
/usr/lib/libgobject-2.0.so.0
#16 0x0000002a9e677106 in nsFilePicker::ReadValuesFromFileChooser ()
from /usr/local/lib/mozilla-1.8a3/components/libwidget_gtk2.so
#17 0x0000002a984ef47e in XPTC_InvokeByIndex () from
/usr/local/lib/mozilla-1.8a3/libxpcom.so
#18 0x0000002a994ace4d in XPCWrappedNative::CallMethod () from
/usr/local/lib/mozilla-1.8a3/components/libxpconnect.so
#19 0x0000002a994b19e1 in XPC_WN_CallMethod () from
/usr/local/lib/mozilla-1.8a3/components/libxpconnect.so
#20 0x0000002a956c3f73 in js_Invoke () from /usr/local/lib/mozilla-1.8a3/libmozjs.so
#21 0x0000002a956b8c41 in js_Interpret () from
/usr/local/lib/mozilla-1.8a3/libmozjs.so
#22 0x0000002a956c42c6 in js_Invoke () from /usr/local/lib/mozilla-1.8a3/libmozjs.so
#23 0x0000002a994a5bf9 in nsXPCWrappedJSClass::CheckForException ()
from /usr/local/lib/mozilla-1.8a3/components/libxpconnect.so
#24 0x0000002a984f00ac in PrepareAndDispatch () from
/usr/local/lib/mozilla-1.8a3/libxpcom.so
#25 0x0000002a984ef4eb in XPTC_InvokeByIndex () from
/usr/local/lib/mozilla-1.8a3/libxpcom.so
#26 0x0000002a984ef47e in XPTC_InvokeByIndex () from
/usr/local/lib/mozilla-1.8a3/libxpcom.so
#27 0x0000002a994ace4d in XPCWrappedNative::CallMethod () from
/usr/local/lib/mozilla-1.8a3/components/libxpconnect.so
#28 0x0000002a994b19e1 in XPC_WN_CallMethod () from
/usr/local/lib/mozilla-1.8a3/components/libxpconnect.so
#29 0x0000002a956c3f73 in js_Invoke () from /usr/local/lib/mozilla-1.8a3/libmozjs.so
#30 0x0000002a956b8c41 in js_Interpret () from
/usr/local/lib/mozilla-1.8a3/libmozjs.so
#31 0x0000002a956c42c6 in js_Invoke () from /usr/local/lib/mozilla-1.8a3/libmozjs.so
#32 0x0000002a956c465d in js_InternalInvoke () from
/usr/local/lib/mozilla-1.8a3/libmozjs.so
#33 0x0000002a95688e99 in JS_CallFunctionValue () from
/usr/local/lib/mozilla-1.8a3/libmozjs.so
#34 0x0000002a9a1cd9c3 in nsJSContext::CallEventHandler () from
/usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#35 0x0000002a9a20f40e in nsJSEventListener::SetEventName () from
/usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#36 0x0000002a9a078d56 in nsEventListenerManager::HandleEventSubType ()
from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#37 0x0000002a9a07a266 in nsCOMPtr<nsIEventListenerManager>::nsCOMPtr ()
from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#38 0x0000002a9a23579f in nsXULElement::HandleDOMEvent () from
/usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#39 0x0000002a9a23561a in nsXULElement::HandleDOMEvent () from
/usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#40 0x0000002a9a23561a in nsXULElement::HandleDOMEvent () from
/usr/local/lib/mozilla-1.8a3/components/libgklayout.so
---Type <return> to continue, or q <return> to quit---
#41 0x0000002a99ecbf75 in PresShell::HandleEventInternal () from
/usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#42 0x0000002a99ecc252 in PresShell::HandleEventInternal () from
/usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#43 0x0000002a9a080f1c in nsEventStateManager::CheckForAndDispatchClick ()
from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#44 0x0000002a9a081e48 in nsEventStateManager::DoScrollText () from
/usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#45 0x0000002a99ecc02a in PresShell::HandleEventInternal () from
/usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#46 0x0000002a99eccc7b in PresShell::RetargetEventToParent () from
/usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#47 0x0000002a9a1c64fe in nsViewManager::HandleEvent () from
/usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#48 0x0000002a9a1c6c01 in nsViewManager::HandleEvent () from
/usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#49 0x0000002a9a1b99c7 in nsView::GetViewFor () from
/usr/local/lib/mozilla-1.8a3/components/libgklayout.so
#50 0x0000002a9e66d0c9 in nsCommonWidget::DispatchResizeEvent ()
from /usr/local/lib/mozilla-1.8a3/components/libwidget_gtk2.so
#51 0x0000002a9e660ca6 in nsWindow::OnButtonReleaseEvent () from
/usr/local/lib/mozilla-1.8a3/components/libwidget_gtk2.so
#52 0x0000002a9e663260 in getter_AddRefs<nsISupports> () from
/usr/local/lib/mozilla-1.8a3/components/libwidget_gtk2.so
#53 0x0000002a95ebc976 in _gtk_marshal_BOOLEAN__BOXED () from
/usr/lib/libgtk-x11-2.0.so.0
#54 0x0000002a968bd02a in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#55 0x0000002a968d25ea in g_signal_has_handler_pending () from
/usr/lib/libgobject-2.0.so.0
#56 0x0000002a968d39fd in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#57 0x0000002a968d40e3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#58 0x0000002a95fa6d80 in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0
#59 0x0000002a95eba95e in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#60 0x0000002a95ebace5 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#61 0x0000002a961ee750 in _gdk_events_queue () from /usr/lib/libgdk-x11-2.0.so.0
#62 0x0000002a96b1e56d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#63 0x0000002a96b20247 in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0
#64 0x0000002a96b205e5 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#65 0x0000002a95eba141 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#66 0x0000002a9e66ab41 in nsCOMPtr<nsIEventQueue>::operator
nsDerivedSafe<nsIEventQueue>* ()
from /usr/local/lib/mozilla-1.8a3/components/libwidget_gtk2.so
#67 0x0000000000423e1a in ?? ()
#68 0x000000000041ba63 in main ()
|
||
Comment 8•20 years ago
|
||
isn't this the same as bug 255604 (similar stacks)
bug 255604 does indeed look like a dupe of this bug.
here is my build configuration, exchange disable-debug for enable, and
cflags/strip naturally; cflags would be -O2 -g with cpu/arch the same.
about:buildconfig
Build platform
target
x86_64-unknown-linux-gnu
Build tools
Compiler Version Compiler flags
gcc gcc version 3.4.1 20040803 (Gentoo Linux 3.4.1-r2, ssp-3.4-2,
pie-8.7.6.5) -Wall -W -Wno-unused -Wpointer-arith -Wcast-align -Wno-long-long
-pedantic -pthread -pipe
g++ gcc version 3.4.1 20040803 (Gentoo Linux 3.4.1-r2, ssp-3.4-2,
pie-8.7.6.5) -fno-rtti -fno-exceptions -Wall -Wconversion -Wpointer-arith
-Wcast-align -Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy
-Wno-non-virtual-dtor -Wno-long-long -pedantic -fshort-wchar -pthread -pipe
-I/usr/X11R6/include
Configure arguments
--disable-ldap --disable-gnomevfs --disable-gnomeui --disable-accessibility
--disable-tests --disable-debug '--enable-optimize=-Os -fomit-frame-pointer
-pipe -march=opteron -mtune=opteron -ffast-math -mfpmath=sse,387
-fexpensive-optimizations' --enable-strip --disable-toolkit-qt --enable-calendar
--enable-xft --enable-xprint --enable-crypto --enable-reorder
--enable-xterm-updates --enable-toolkit-gtk2 --enable-default-toolkit=gtk2
--enable-x11-shm --enable-freetype2 --enable-extensions=default
--without-system-nspr --with-system-jpeg --with-system-zlib --with-system-png
--with-system-mng
|
||
Comment 10•20 years ago
|
||
*** Bug 255604 has been marked as a duplicate of this bug. ***
|
|
||
Comment 11•20 years ago
|
||
Reassigning, please see end comment on bug 255604.
Assignee: sspitzer → caillon
Component: Mail Window Front End → XP Toolkit/Widgets
Product: MailNews → Browser
Summary: crash on "Attach file" → File picker calls crash mozilla (open file, file attach, file browser, etc)
|
|
||
Comment 12•20 years ago
|
||
(gdb) l
391 NS_IMETHODIMP
392 nsFilePicker::Show(PRInt16 *aReturn)
393 {
394 NS_ENSURE_ARG_POINTER(aReturn);
395
396 nsXPIDLCString title;
397 title.Adopt(ToNewUTF8String(mTitle));
398
399 GtkWidget *parent =
(GtkWidget*)mParentWidget->GetNativeData(NS_NATIVE_WIDGET);
400 GtkFileChooserAction action = GetGtkFileChooserAction(mMode);
401 const gchar *accept_button = (mMode == GTK_FILE_CHOOSER_ACTION_SAVE)
402 ? GTK_STOCK_SAVE : GTK_STOCK_OPEN;
403
404 GtkWidget *file_chooser =
405 _gtk_file_chooser_dialog_new(title, GTK_WINDOW(parent), action,
406 GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL,
407 accept_button, GTK_RESPONSE_ACCEPT,
408 NULL);
409 if (mMode == nsIFilePicker::modeOpenMultiple) {
410 _gtk_file_chooser_set_select_multiple
(GTK_FILE_CHOOSER(file_chooser), TRUE);
(gdb) p title
$4 = {<nsCString> = {<nsCSubstring> = {<nsACString> = {mVTable = 0xac2ff0,
mData = 0x2a984f123e
"\205ΐtnA\203ώ\005w*H\213T$\020D\211πA�ΖH\211,ΒA�ΕH\203Γ\030E9ύr€H\203Δ\030
[]A\\A]A^A_ΓI\211,$I\203Δ\bλΫfff\220H\215{\020θ§ρχ�\017Άΐ\203ψ\fw\022H\215\025\220'\002",
mLength = 3221200880,
mFlags = 0}, <No data fields>}, <No data fields>}, <No data fields>}
(gdb) p parent
$5 = (GtkWidget *) 0x1
(gdb) p action
$6 = 16154736
(gdb) p accept_button
$7 = (const gchar *) 0x2a9c9a8e41 "gtk-save"
(gdb) p mtitle
No symbol "mtitle" in current context.
(gdb) p mTitle
$8 = {<nsSubstring> = {<nsAString> = {mVTable = 0x54def0, mData = 0xf67518,
mLength = 9, mFlags = 5}, <No data fields>}, <No data fields>}
the 'parent' pointer looks suspicious.
|
Assignee | |
Updated•20 years ago
|
Keywords: helpwanted
|
|
Reporter | |
Comment 13•20 years ago
|
||
file xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_linux.cpp, line 205: I
am not sure, but doesn't "methodAddress += 8 * methodIndex" break the 16-byte
alignment necessary for amd64?
Regards
Harri
|
||
Comment 14•20 years ago
|
||
Does AMD64's ABI (as used on Linux) really require 16-byte alignment? I don't
have an x86-64 machine to test on, but that would surprise me tremendously,
since it would mean that you couldn't densely pack native (8-byte == 64-bit)
pointers.
I'm always happy to learn, though, so a pointer to a reference correcting me
would be welcome.
|
|
Reporter | |
Comment 15•20 years ago
|
||
Stack pointers must be aligned to 16 bytes in 64bit mode. See
http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/24592.pdf,
3.73, Page 94. But I am not sure whether this is the problem here.
|
|
||
Comment 16•20 years ago
|
||
Requesting blocking, this is starting to show up with a lot of people and it's a
fairly necessary item.
Flags: blocking1.8a4?
|
|
Reporter | |
Comment 17•20 years ago
|
||
I could reproduce the broken parent in nsFilePicker::Show() :
(gdb) print *parent
$4 = {object = {parent_instance = {g_type_instance = {g_class = 0x56e460},
ref_count = 2, qdata = 0x567220}, flags = 16503664}, private_flags = 53824,
state = 251 'û', saved_state = 0 '\0', name = 0x76d8c0 "\200\214y", style = 0x0,
requisition = {width = 0, height = 0}, allocation = {x = 0, y = 0, width =
5671232, height = 0}, window = 0x0, parent = 0x0}
But I do not know yet where this comes from. That is successfully hidden
by Smart Pointers.
Using brute force I checked when this problem was introduced. The snapshot in
nightly/2004-08-07-07-trunk/mozilla-source.tar.bz2 works, but the version
nightly/2004-08-08-07-trunk/mozilla-source.tar.bz2 is broken. The changes
include some new stuff in gtk2/nsFilePicker.{cpp,h}, gtk2/nsWidgetFactory.cpp
and the filepicker.properties. I can post the complete diffs, if somebody is
interested.
Regards
Harri
|
|
Reporter | |
Comment 19•20 years ago
|
||
|
|
Reporter | |
Comment 20•20 years ago
|
||
Maybe this helps: On amd64 I get a message
:
Document http://www.kernel.org/pub/linux/kernel/ loaded successfully
Document http://www.kernel.org/pub/linux/kernel/v2.6/ loaded successfully
Document http://www.kernel.org/pub/linux/kernel/v2.6/patch-2.6.8.1.gz loaded
successfully
(Gecko:13592): GLib-GObject-WARNING **: invalid cast from `GdkWindow' to `GtkWindow'
immediately before the crash. When I try the same on i386, then there is no
message about an invalid cast.
|
||
Comment 21•20 years ago
|
||
Also occurs on Firefox 1.0 preview as well as CVS trunk. I have an i386 (P4
2.8GHz) and I also see the invalid cast message. Occurs when opening any file
chooser (i.e. open file, import bookmarks).
|
|
||
Comment 22•20 years ago
|
||
On i386 this seems to be a problem with the GTK+ 2.5 series; it works fine with
v2.4.9.
|
||
Comment 23•20 years ago
|
||
|
|
||
Comment 24•20 years ago
|
||
Comment on attachment 159629 [details] [diff] [review]
Make our prototype for _gtk_file_chooser_dialog_new_fn() match reality (patch by bryner)
Chris, was this done this way intentionally, or would this be more appropriate
here?
Attachment #159629 -
Flags: superreview+
Attachment #159629 -
Flags: review?(caillon)
|
|
Assignee | |
Comment 25•20 years ago
|
||
Comment on attachment 159629 [details] [diff] [review]
Make our prototype for _gtk_file_chooser_dialog_new_fn() match reality (patch by bryner)
Hm, cool.
Attachment #159629 -
Flags: review?(caillon) → review+
|
||
Updated•20 years ago
|
Flags: blocking1.8a4?
|
|
Reporter | |
Comment 27•20 years ago
|
||
Sorry, but I cannot share your optimism here.
I've compiled the new Mozilla sources on AMD64. The core dump is gone, but I
still don't get the standard file picker that I get on i386. I get a strange
looking file picker with a floppy on the save button. It doesn't match the look
of other Mozilla components.
And I've got an assertion failure:
(Gecko:12493): Gtk-CRITICAL **: file gtkwindow.c: line 1883
(gtk_window_set_transient_for): assertion `parent == NULL || GTK_IS_WINDOW
(parent)' failed
If you think this is a serious problem, then would you mind to reopen this bug
report?
|
|
Assignee | |
Comment 28•20 years ago
|
||
Harald, this bug is about the crash only. The assertion is fixed with the patch
in bug 260872. The new dialog is the GTK2 dialog, which Mozilla is now using.
|
|
Reporter | |
Comment 29•20 years ago
|
||
Sorry, but since the new file picker looks so _completely_ different than the
rest of Mozilla (especially for the Modern theme), I thought that there is still
a serious problem.
I liked the old file picker of 1.7.
You need to log in
before you can comment on or make changes to this bug.
Description
•