Closed
Bug 262095
Opened 20 years ago
Closed 6 years ago
Crash if View/Messages/All is reenabled after message list was emptied by move message [@ nsTreeSelection::SetCurrentIndex]
Categories
(Core :: XUL, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: baldauf--2015--bugzilla.mozilla.org, Assigned: timeless)
References
Details
(Keywords: crash, Whiteboard: [patchlove][has draft patch][needs re-eval])
Crash Data
Attachments
(1 file)
|
6.38 KB,
patch
|
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a4) Gecko/20040927 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a4) Gecko/20040927 See steps to reproduce Reproducible: Always Steps to Reproduce: 1. Receive some new (unread) messages while the message list pane (upper right) is on "View/Messages/All" state. 2. Select the "View/Messages/Unread" menu item. 3. Move select all messages and move them to another folder (e.g. by drag&drop into another folder in the folder pane at the left) 4. Select the "View/Messages/All" menu item again. Actual Results: Mozilla crashed Expected Results: It should not crash.
|
Reporter | |
Comment 1•20 years ago
|
||
This bug seems to be in 1.8a1, 1.8a2, 1.8a3, 1.8a4.
|
||
Comment 2•20 years ago
|
||
No crash for me with Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a4) Gecko/20040924
|
||
Comment 3•20 years ago
|
||
I'll try to reproduce this.
Assignee: sspitzer → bienvenu
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking-aviary1.0?
|
|
||
Comment 4•20 years ago
|
||
I was not able to reproduce this either...
|
||
Comment 5•20 years ago
|
||
David I'm gonna minus this for now since we couldn't seem to reproduce it. Feel free to disagree. Xuan any talkback / crash report IDs?
Flags: blocking-aviary1.0? → blocking-aviary1.0-
|
|
Reporter | |
Comment 6•20 years ago
|
||
Okay, I today enabled talkback, but todays bunch of spam mail did not trigger this bug (yesterday, it was still there with the same mozilla). I also have forgotten 2 steps to reproduce: Before step 1, mails are sorted by date. After step 2 and before step 3, mails are re-sorted by size.
|
|
Reporter | |
Comment 7•20 years ago
|
||
I was able to reproduce it by chance, but unfortunately, talkback did not appear while it was enabled. Does the VS.NET debugger interfere with talkback?
|
|
Reporter | |
Comment 8•20 years ago
|
||
Okay, I got talkback running. A talkback ID of such a crash is: TB1054771Z
|
|
Reporter | |
Updated•20 years ago
|
Flags: blocking-aviary1.0- → blocking-aviary1.0?
|
||
Comment 9•20 years ago
|
||
Stack Signature nsTreeSelection::SetCurrentIndex 41befff5 Product ID MozillaTrunk Build ID 2004092716 Trigger Time 2004-09-30 16:07:03.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module gklayout.dll + (00158130) URL visited User Comments Since Last Crash 26439 sec Total Uptime 26935 sec Trigger Reason Access violation Source File, Line No. c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/xul/base/src/tree/src/nsTreeSelection.cpp, line 595 Stack Trace nsTreeSelection::SetCurrentIndex [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/xul/base/src/tree/src/nsTreeSelection.cpp, line 595] nsMsgDBView::RestoreSelection [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/mailnews/base/src/nsMsgDBView.cpp, line 870] nsMsgThreadedDBView::Sort [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/mailnews/base/src/nsMsgThreadedDBView.cpp, line 393] XPTC_InvokeByIndex [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 102] XPCWrappedNative::CallMethod [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2030] XPC_WN_CallMethod [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1288] js_Invoke [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 1282] js_Interpret [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 3374] js_Invoke [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 1301] js_InternalInvoke [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 1378] JS_CallFunctionValue [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/js/src/jsapi.c, line 3713] nsJSContext::CallEventHandler [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1346] nsJSEventListener::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/dom/src/events/nsJSEventListener.cpp, line 181] nsEventListenerManager::HandleEventSubType [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/events/src/nsEventListenerManager.cpp, line 1513] nsEventListenerManager::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/events/src/nsEventListenerManager.cpp, line 1589] nsXULElement::HandleDOMEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp, line 2824] PresShell::HandleDOMEventWithTarget [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp, line 6006] nsMenuFrame::Execute [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/xul/base/src/nsMenuFrame.cpp, line 1633] nsMenuFrame::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/xul/base/src/nsMenuFrame.cpp, line 437] PresShell::HandleEventInternal [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp, line 5977] PresShell::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp, line 5814] nsViewManager::HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsViewManager.cpp, line 2300] nsViewManager::DispatchEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsViewManager.cpp, line 2030] HandleEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/view/src/nsView.cpp, line 168] nsWindow::DispatchEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp, line 1078] nsWindow::DispatchWindowEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp, line 1095] nsWindow::DispatchMouseEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp, line 5348] ChildWindow::DispatchMouseEvent [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp, line 5600] nsWindow::ProcessMessage [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp, line 4106] nsWindow::WindowProc [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp, line 1356] USER32.dll + 0x8709 (0x77d18709) USER32.dll + 0x87eb (0x77d187eb) USER32.dll + 0x89a5 (0x77d189a5) USER32.dll + 0x89e8 (0x77d189e8) nsAppShell::Run [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsAppShell.cpp, line 159] nsAppShellService::Run [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/appshell/src/nsAppShellService.cpp, line 489] main1 [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1331] main [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1802] WinMain [c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp, line 1828] WinMainCRTStartup() kernel32.dll + 0x16d4f (0x7c816d4f)
|
|
||
Comment 10•20 years ago
|
||
Wait, according to the talkback report you were using a trunkk build. did you actually see this using a 0.8 build or just the trunk? We should minus this if it's trunk only.
|
|
Reporter | |
Comment 11•20 years ago
|
||
I'm using "Mozilla 1.8a4", which is downloadable at http://ftp.mozilla.org/pub/mozilla.org/mozilla/releases/mozilla1.8a4/mozilla-win32-1.8a4-installer.exe
|
|
||
Comment 12•20 years ago
|
||
Xuan Baldauf, you apparently don't understand the flags, so I advise you stop setting them. If Scott minuses a flag, you had better let it stay minused. Since you're encountering the problem on a Moz trunk build, there is no reason at all to interfere with Aviary.
Flags: blocking-aviary1.0? → blocking-aviary1.0-
|
|
||
Comment 13•20 years ago
|
||
I'm pretty sure a null check in nsMsgDBView::RestoreSelection will fix this...I have that change in my tree.
|
||
Updated•20 years ago
|
Product: Browser → Seamonkey
|
|
Reporter | |
Comment 14•20 years ago
|
||
The bug is still present in Mozilla 1.8a6 (as you can see here http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=3049668G )
|
||
Comment 15•19 years ago
|
||
Yes, it's still present in build 1.8a6 (it occurred while I was using the messages views): http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=3847242Z
Assignee: bienvenu → timeless
Component: MailNews: Main Mail Window → XP Toolkit/Widgets: Trees
Keywords: crash
Product: Mozilla Application Suite → Core
|
Assignee | |
Comment 16•19 years ago
|
||
Attachment #175227 -
Flags: superreview?(bzbarsky)
Attachment #175227 -
Flags: review?(neil.parkwaycc.co.uk)
|
|
Assignee | |
Comment 17•19 years ago
|
||
*** Bug 283279 has been marked as a duplicate of this bug. ***
|
|
Assignee | |
Comment 18•19 years ago
|
||
*** Bug 189005 has been marked as a duplicate of this bug. ***
Summary: Crash if View/Messages/All is reenabled after message list was emptied by move message → Crash if View/Messages/All is reenabled after message list was emptied by move message [@ nsTreeSelection::SetCurrentIndex]
|
||
Comment 19•19 years ago
|
||
Requesting blocking 1.1. This crashes Thunderbird as well.
Flags: blocking-aviary1.1?
|
||
Comment 20•19 years ago
|
||
Comment on attachment 175227 [details] [diff] [review] look before leaping into mTree and after trying to alloc sr=bzbarsky if you make those NS_ERROR_NOT_INITIALIZED returns use NS_ENSURE_TRUE -- I think having a warning there instead of silently bailing is a good idea.
Attachment #175227 -
Flags: superreview?(bzbarsky) → superreview+
|
||
Comment 21•19 years ago
|
||
we'd certainly consider a reviews patch for inclusion but we're not gonna block on this.
Flags: blocking-aviary1.1? → blocking-aviary1.1-
Component: XP Toolkit/Widgets: Trees → XUL
QA Contact: xptoolkit.widgets
|
||
Updated•15 years ago
|
Whiteboard: [needs review neil]
|
||
Comment 22•14 years ago
|
||
I was looking for some strange double free() problems with thunderbird 2.0.0.23. While running thunderbird with gdb i found this crash. It happened without any intervention. The bug seems not related to any action it seems sufficient to run thunderbird for some time. here is my bt Program received signal SIGSEGV, Segmentation fault. 0x00000000008d1374 in nsTreeSelection::SetCurrentIndex (this=0x60eed90, aIndex=-1) at nsTreeSelection.cpp:599 in nsTreeSelection.cpp (gdb) bt #0 0x00000000008d1374 in nsTreeSelection::SetCurrentIndex (this=0x60eed90, aIndex=-1) at nsTreeSelection.cpp:599 #1 0x00000000008d4594 in nsTreeSelection::ToggleSelect (this=0x0, aIndex=1) at nsTreeSelection.cpp:394 #2 0x0000000000d34896 in nsMsgDBView::RestoreSelection (this=0x50e53c0, aCurrentMsgKey=4294956260, aMsgKeyArray=0x7fffffffd450) at nsMsgDBView.cpp:820 #3 0x0000000000b8debf in nsMsgGroupView::HandleDayChange (this=<value optimized out>) at nsMsgGroupView.cpp:431 #4 0x0000000000b8df4d in nsMsgGroupView::OnHdrChange (this=0x0, aHdrChanged=0x7fffe4b39310, aOldFlags=0, aNewFlags=128, aInstigator=0x0) at nsMsgGroupView.cpp:525 #5 0x0000000000c1bae7 in nsMsgDatabase::NotifyHdrChangeAll (this=0x282c3f0, aHdrChanged=0x7fffe4b39310, oldFlags=0, newFlags=128, instigator=0x0) at nsMsgDatabase.cpp:616 #6 0x0000000000c1ac9b in nsMsgDatabase::SetKeyFlag (this=0x282c3f0, key=168087, set=1, flag=128, instigator=0x0) at nsMsgDatabase.cpp:2338 #7 0x0000000000c19805 in nsMsgDatabase::MarkOffline (this=0x0, key=1, offline=2100, instigator=<value optimized out>) at nsMsgDatabase.cpp:2212 #8 0x0000000000d1605b in nsMsgDBFolder::EndNewOfflineMessage (this=0x1ca5060) at nsMsgDBFolder.cpp:1520 #9 0x0000000000c40ce4 in nsImapMailFolder::NormalEndMsgWriteStream (this=0x0, uidOfMessage=168087, markRead=2100, imapUrl=0x80004003) at nsImapMailFolder.cpp:4326 #10 0x00007ffff746dd81 in XPTC_InvokeByIndex (that=0x1ca5210, methodIndex=5, paramCount=3, params=0x7fffe4b38650) at xptcinvoke_x86_64_linux.cpp:209 #11 0x00007ffff745c532 in EventHandler (self=<value optimized out>) at nsProxyEvent.cpp:561 #12 0x00007ffff74570e8 in PL_HandleEvent (self=0x0) at plevent.c:688 #13 0x00007ffff745739f in PL_ProcessPendingEvents (self=0x15d2480) at plevent.c:623 #14 0x00007ffff7458db9 in nsEventQueueImpl::ProcessPendingEvents (this=0x15d2760) at nsEventQueue.cpp:448 #15 0x0000000000637172 in event_processor_callback (source=<value optimized out>, condition=G_IO_IN, data=0x834) at nsAppShell.cpp:67 #16 0x00007ffff435c0fb in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0 #17 0x00007ffff435f8cd in ?? () from /usr/lib64/libglib-2.0.so.0 #18 0x00007ffff435fdfd in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0 #19 0x00007ffff647aa17 in gtk_main () from /usr/lib64/libgtk-x11-2.0.so.0 #20 0x0000000000637675 in nsAppShell::Run (this=0x1747cb0) at nsAppShell.cpp:139 #21 0x0000000000ac5d8c in nsAppStartup::Run (this=0x1747c30) at nsAppStartup.cpp:151 #22 0x000000000044eced in XRE_main (argc=<value optimized out>, argv=<value optimized out>, aAppData=<value optimized out>) at nsAppRunner.cpp:2817 #23 0x000000000044a01a in main (argc=0, argv=0x1) at nsMailApp.cpp:62 (gdb)
|
||
Comment 23•14 years ago
|
||
All or most of this bug may be fixed in current trunk because most of timeless' nsTreeSelection.cpp patch landed via some other bug(s) prior to the move to Mercurial. And if this crash still exists in thunderbird it's very rare - I only bp-5aa8570f-9779-4fa0-a1df-f452a2100406 in the last 3 months of crashes and the stack doesn't match. walter, can you reproduce this using version thunderbird 3.0 or 3.1?
|
|
||
Comment 24•14 years ago
|
||
I have not moved to TB3 since i was hunting for bugs in TB2. If you close the bug it is fine for me as i plan to update soon.
|
|
Reporter | |
Comment 25•14 years ago
|
||
When trying to reproduce the bug under Seamonkey 2.0.10 (but as the bug is more than 6 years old, I have forgotten how to do it exactly and thus stick to the description written by miself ;-)), I was unable to reproduce it. So I think it is probably fixed.
|
|
||
Comment 26•14 years ago
|
||
(checking vers=1.8/2.0 crash bugs) Xuân, thanks for testing. Not surprising it works because much of timeless' patch landed in bug 296040 via attachment 224577 [details] [diff] [review]. But not all of timeless' patch got incorporated. And I had begun to enumerate what still needed to land, but I lost it a week or two ago. But it should not be hard to figure it out again by comparing https://bugzilla.mozilla.org/attachment.cgi?id=175227&action=diff (bug 262095) to https://bugzilla.mozilla.org/attachment.cgi?id=224577&action=diff (fixed bug 296040)
|
|
||
Updated•14 years ago
|
Whiteboard: [needs review neil] → [patchlove][has draft patch][needs review neil][needs re-eval]
|
||
Updated•13 years ago
|
Crash Signature: [@ nsTreeSelection::SetCurrentIndex]
|
||
Comment 27•10 years ago
|
||
Comment on attachment 175227 [details] [diff] [review] look before leaping into mTree and after trying to alloc Cancelling outdated review requests. Feel free to re-request review after ensuring patch still applies.
Attachment #175227 -
Flags: review?(neil)
|
|
||
Updated•10 years ago
|
Whiteboard: [patchlove][has draft patch][needs review neil][needs re-eval] → [patchlove][has draft patch][needs re-eval]
|
|
||
Comment 28•6 years ago
|
||
WFM based on comment 25, rarity, and lack of decent stacks in the few reports on crash-stats. the only decent one has a different signature nsTreeSelection::AdjustSelection bp-e9a9282b-205a-4045-af08-eb6f80180713
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•