Closed Bug 267584 Opened 20 years ago Closed 3 years ago

HEAP[winEmbed.exe]: Dedicated (0002) free list element 039F6700 is wrong size (0000)

Categories

(Core :: DOM: UI Events & Focus Handling, defect, P5)

Product:
Core
Component:
DOM: UI Events & Focus Handling
Platform:
x86
Windows XP
Type:
defect

Tracking

()

Status:
RESOLVED INACTIVE

People

(Reporter: timeless, Unassigned)

Details

run winEmbed
load javascript:
tools>password manager>manage stored passwords
help
try to resize the window

HEAP[winEmbed.exe]: Dedicated (0002) free list element 039F6700 is wrong size (0000)
Unhandled exception at 0x77f75a58 (ntdll.dll) in winEmbed.exe: User breakpoint.

 	ntdll.dll!RtlCreateHeap()  + 0x52e	
 	ntdll.dll!RtlInitializeSListHead()  + 0x3345	
 	kernel32.dll!lstrcpy()  + 0x31	
 	msvcr70d.dll!_heapchk()  Line 104 + 0x10	C
 	msvcr70d.dll!_CrtCheckMemory()  Line 1500 + 0x5	C
 	msvcr70d.dll!_free_dbg_lk(void * pUserData=0x03c62f58, int
nBlockUse=0x00000001)  Line 1100 + 0x5	C
 	msvcr70d.dll!_free_dbg(void * pUserData=0x03c62f58, int nBlockUse=0x00000001)
 Line 1070 + 0xd	C
 	msvcr70d.dll!operator delete(void * pUserData=0x03c62f58)  Line 53 + 0x10	C++
 	gklayout.dll!nsJSEventListener::`scalar deleting destructor'()  + 0x15	C++
>	gklayout.dll!nsJSEventListener::Release()  Line 87 + 0x73	C++
 	gklayout.dll!nsXBLPrototypeHandler::ExecuteHandler(nsIDOMEventReceiver *
aReceiver=0x1021a782, nsIDOMEvent * aEvent=0x00350000)  Line 491 + 0x1a	C++
 	gklayout.dll!nsXBLEventHandler::HandleEvent(nsIDOMEvent * aEvent=0x03b59f88) 
Line 85	C++
 	gklayout.dll!nsEventListenerManager::HandleEventSubType(nsListenerStruct *
aListenerStruct=0x03af86b0, nsIDOMEvent * aDOMEvent=0x03b148a0,
nsIDOMEventTarget * aCurrentTarget=0x03b59f88, unsigned int aSubType=0x03b148a8,
unsigned int aPhaseFlags=0x00000007)  Line 1523	C++
 	gklayout.dll!nsEventListenerManager::HandleEvent(nsPresContext *
aPresContext=0x00000000, nsEvent * aEvent=0x00124da8, nsIDOMEvent * *
aDOMEvent=0x00124cc8, nsIDOMEventTarget * aCurrentTarget=0x03b59f88, unsigned
int aFlags=0x00000007, nsEventStatus * aEventStatus=0x00124e18)  Line 1599	C++
 	gklayout.dll!nsXULElement::HandleDOMEvent(nsPresContext *
aPresContext=0x00000000, nsEvent * aEvent=0x00000000, nsIDOMEvent * *
aDOMEvent=0x001245b0, unsigned int aFlags=0x1021a782, nsEventStatus *
aEventStatus=0x00350000)  Line 2820	C++
 	gklayout.dll!nsEventStateManager::SendFocusBlur(nsPresContext *
aPresContext=0x00000000, nsIContent * aContent=0x00000001, int
aEnsureWindowHasFocus=0x00000000)  Line 4140	C++
 	gklayout.dll!nsEventStateManager::SetContentState(nsIContent *
aContent=0x00000000, int aState=0x00000002)  Line 3789	C++
 	gklayout.dll!nsXULElement::SetFocus(nsPresContext * aPresContext=0x00350000) 
Line 3866	C++
 	gklayout.dll!nsEventStateManager::PreHandleEvent(nsPresContext *
aPresContext=0x039dc56c, nsEvent * aEvent=0x039dc56c, nsIFrame *
aTargetFrame=0x03a472e8, nsEventStatus * aStatus=0x03a09bf0, nsIView *
aView=0x039d4b08)  Line 799	C++
 	gklayout.dll!PresShell::HandleEventInternal(nsEvent * aEvent=0x0012516c,
nsIView * aView=0x039d4b08, unsigned int aFlags=0x00000001, nsEventStatus *
aStatus=0x00125108)  Line 5956	C++
 	gklayout.dll!PresShell::HandleEvent(nsIView * aView=0x039d4b08, nsGUIEvent *
aEvent=0x0012516c, nsEventStatus * aEventStatus=0x00125108, int
aForceHandle=0x00000001, int & aHandled=0x01ab0be8)  Line 5814 + 0x11	C++
 	gklayout.dll!nsViewManager::HandleEvent(nsView * aView=0x001245b0, nsGUIEvent
* aEvent=0x1021a782, int aCaptured=0x00350000)  Line 2334	C++
 	gklayout.dll!nsViewManager::DispatchEvent(nsGUIEvent * aEvent=0x3d888889,
nsEventStatus * aStatus=0x0012519c)  Line 2107 + 0x14	C++
 	gklayout.dll!GlobalWindowImpl::Activate()  Line 4318	C++
 	webbrwsr.dll!nsWebBrowser::Activate()  Line 1816	C++
 	winEmbed.exe!BrowserDlgProc(HWND__ * hwndDlg=0x00000000, unsigned int
uMsg=0x001245b0, unsigned int wParam=0x1021a782, long lParam=0x00350000)  Line
703	C++
 	user32.dll!77d43a50() 	
 	user32.dll!CharLowerBuffA()  + 0x404	
 	user32.dll!SetRect()  + 0x15d	
 	0000001e()	

-	this	0x03c62f58 {mRefCnt={mValue=0x00000001 }
_mOwningThread={mThread=0x003551c8 } mEventName={mRawPtr=0x03a8c088
{mRefCnt={mValue=0x00000001 } _mOwningThread={mThread=0x003551c8 }
mString=0x03a8c094 "onxblfocus" } } ...}	nsJSEventListener * const
|-	nsIDOMEventListener	{...}	nsIDOMEventListener
|\-	nsISupports	{...}	nsISupports
| \-	__vfptr	0x01aae644 const nsJSEventListener::`vftable'{for
`nsIDOMEventListener'}	*
|  |	[0x0]	0x01920b05 nsJSEventListener::QueryInterface(const nsID &, void * *)	*
|  |	[0x1]	0x0192094b nsJSEventListener::AddRef(void)	*
|  \	[0x2]	0x019209b6 nsJSEventListener::Release(void)	*
|-	nsIJSEventListener	{mContext=0x00000000 mTarget=0x03b59f88
{mCachedEventTearoff=??? mCachedEventTearoffCount=??? mRefCnt=??? ...} }
nsIJSEventListener
||-	nsISupports	{...}	nsISupports
||\-	__vfptr	0x01aae5cc const nsIJSEventListener::`vftable'	*
|| \	[0x0]	0x0196782c _purecall	*
|| |	[0x1]	0x0196782c _purecall	*
|| \	[0x2]	0x0196782c _purecall	*
||+	mContext	0x00000000	nsIScriptContext *
|\-	mTarget	0x03b59f88 {mCachedEventTearoff=??? mCachedEventTearoffCount=???
mRefCnt=??? ...}	nsISupports *
| \-	__vfptr	0x01a7e34c const nsDOMEventRTTearoff::`vftable'{for
`nsIDOMEventReceiver'}	*
|  |	[0x0]	0x018410a8 nsDOMEventRTTearoff::QueryInterface(const nsID &, void * *)	*
|  |	[0x1]	0x01840217 nsDOMEventRTTearoff::AddRef(void)	*
|  \	[0x2]	0x01842c25 nsDOMEventRTTearoff::Release(void)	*
|-	mRefCnt	{mValue=0x00000001 }	nsAutoRefCnt
|\	mValue	0x00000001	unsigned long
|-	_mOwningThread	{mThread=0x003551c8 }	nsAutoOwningThread
|\	mThread	0x003551c8	void *
|-	mEventName	{mRawPtr=0x03a8c088 {mRefCnt={mValue=0x00000001 }
_mOwningThread={mThread=0x003551c8 } mString=0x03a8c094 "onxblfocus" } }
nsCOMPtr<nsIAtom>
|\-	mRawPtr	0x03a8c088 {mRefCnt={mValue=0x00000001 }
_mOwningThread={mThread=0x003551c8 } mString=0x03a8c094 "onxblfocus" }	nsIAtom *
| ||-	[AtomImpl]	{mRefCnt={mValue=0x00000001 }
_mOwningThread={mThread=0x003551c8 } mString=0x03a8c094 "onxblfocus" }	AtomImpl
| ||+	nsIAtom	{...}	nsIAtom
| ||+	mRefCnt	{mValue=0x00000001 }	nsAutoRefCnt
| ||+	_mOwningThread	{mThread=0x003551c8 }	nsAutoOwningThread
| |\+	mString	0x03a8c094 "onxblfocus"	char [1]
| \+	nsISupports	{...}	nsISupports
\	mReturnResult	nsReturnResult_eNotSet	nsJSEventListener::nsReturnResult
reproducable: yes
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
Assignee: events → nobody
QA Contact: ian → events
Is this bug still around?
Severity: normal → critical
Component: Event Handling → User events and focus handling

Hey Timeless, It's been a long time since this issue was reported. However, it should be closed if it is no longer reproducible or updated with current affected versions. Could you please look into it? Thanks!

Flags: needinfo?(timeless)

Hi Simona. This bug is probably older than many contributors. Yes, it can be killed.

Please feel free to resolve bugs as obsolete without asking me. I'm no longer a stakeholder in anything and asking me is not a good use of anyone's time.

I will note that current affected versions is a bit of a joke, I'd bet that winembed hasn't been built in a very long time probably over a dozen years ago.

Status: NEW → RESOLVED
Closed: 3 years ago
Flags: needinfo?(timeless)
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.