Closed
Bug 282772
Opened 20 years ago
Closed 18 years ago
Gecko crash when opening popup windows [@nsImageBoxFrame::DidSetStyleContext]
Categories
(Core :: Layout: Images, Video, and HTML Frames, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: mike, Unassigned)
Details
(Keywords: crash)
Crash Data
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10.1 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10.1 Seemingly at random, when Firefox opens a popup window it will crash with the following stack trace: http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=TB3782404H Reproducible: Sometimes Steps to Reproduce: Talkback ID: TB3782404H
|
Reporter | |
Comment 1•20 years ago
|
||
Stack trace is: 0x09655638 nsImageBoxFrame::UpdateImage() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/layout/xul/base/src/nsImageBoxFrame.cpp, line 607] nsImageBoxFrame::AttributeChanged() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/layout/xul/base/src/nsImageBoxFrame.cpp, line 266] nsCSSFrameConstructor::AttributeChanged() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/style/src/nsCSSFrameConstructor.cpp, line 10114] PresShell::AttributeChanged() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp, line 5192] nsXULDocument::AttributeChanged() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/xul/document/src/nsXULDocument.cpp, line 1137] nsXULElement::SetAttrAndNotify() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp, line 2223] nsXULElement::SetAttr() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp, line 2147] nsXBLPrototypeBinding::AttributeChanged() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/xbl/src/nsXBLPrototypeBinding.cpp, line 256] nsXBLBinding::AttributeChanged() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/xbl/src/nsXBLBinding.cpp, line 842] nsXULElement::SetAttrAndNotify() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp, line 710] nsXULElement::SetAttr() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp, line 2147] nsXBLPrototypeBinding::AttributeChanged() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/xbl/src/nsXBLPrototypeBinding.cpp, line 256] nsXBLBinding::AttributeChanged() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/xbl/src/nsXBLBinding.cpp, line 842] nsXULElement::SetAttrAndNotify() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp, line 710] nsXULElement::SetAttr() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp, line 2147] nsXULElement::SetAttribute() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/xul/content/src/nsXULElement.cpp, line 462] XPTC_InvokeByIndex() XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode)() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2027] XPC_WN_CallMethod() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1287] js_Invoke() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 941] js_Interpret() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 2973] js_Invoke() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 958] js_InternalInvoke() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 1036] js_InternalGetOrSet() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 1078] js_SetProperty() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsobj.c, line 2960] js_Interpret() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 2816] js_Invoke() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 958] js_InternalInvoke() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 1036] JS_CallFunctionValue() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsapi.c, line 3698] nsJSContext::CallEventHandler() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1296] GlobalWindowImpl::RunTimeout() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/dom/src/base/nsGlobalWindow.cpp, line 710] GlobalWindowImpl::TimerCallback() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/dom/src/base/nsGlobalWindow.cpp, line 5445] nsTimerImpl::Fire() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/xpcom/threads/nsTimerImpl.cpp, line 383] handleTimerEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/xpcom/threads/nsTimerImpl.cpp, line 450] PL_HandleEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/xpcom/threads/plevent.c, line 674] PL_ProcessPendingEvents() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/xpcom/threads/plevent.c, line 608] nsEventQueueImpl::ProcessPendingEvents() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/xpcom/threads/nsEventQueue.cpp, line 395] event_processor_callback() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/gtk2/nsAppShell.cpp, line 67] libglib-2.0.so.0 + 0x479c7 (0x002279c7) libglib-2.0.so.0 + 0x237bb (0x002037bb) libglib-2.0.so.0 + 0x25242 (0x00205242) libglib-2.0.so.0 + 0x25728 (0x00205728) nsAppShell::DispatchNativeEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/gtk2/nsAppShell.cpp, line 279] nsXULWindow::CreateNewContentWindow() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/xpfe/appshell/src/nsXULWindow.cpp, line 710] nsXULWindow::CreateNewWindow() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/xpfe/appshell/src/nsXULWindow.cpp, line 1716] nsWindowCreator::CreateChromeWindow2() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/toolkit/xre/nsWindowCreator.cpp, line 710] nsWindowWatcher::OpenWindowJS() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp, line 621] nsWindowWatcher::OpenWindow() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp, line 457] GlobalWindowImpl::OpenInternal() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/dom/src/base/nsGlobalWindow.cpp, line 710] GlobalWindowImpl::Open() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/dom/src/base/nsGlobalWindow.cpp, line 3280] XPTC_InvokeByIndex() XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode)() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2027] XPC_WN_CallMethod() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1287] js_Invoke() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 941] js_Interpret() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 2973] js_Invoke() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 958] js_InternalInvoke() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsinterp.c, line 1036] JS_CallFunctionValue() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/js/src/jsapi.c, line 3698] nsJSContext::CallEventHandler() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1296] nsJSEventListener::HandleEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/dom/src/events/nsJSEventListener.cpp, line 177] nsEventListenerManager::HandleEventSubType() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/events/src/nsEventListenerManager.cpp, line 1436] nsEventListenerManager::HandleEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/events/src/nsEventListenerManager.cpp, line 1529] nsGenericElement::HandleDOMEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/base/src/nsGenericElement.cpp, line 1960] nsHTMLInputElement::HandleDOMEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/html/content/src/nsHTMLInputElement.cpp, line 1398] PresShell::HandleEventInternal() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp, line 6056] PresShell::HandleEventWithTarget() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp, line 5982] nsEventStateManager::CheckForAndDispatchClick() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/events/src/nsEventStateManager.cpp, line 2921] nsEventStateManager::PostHandleEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/content/events/src/nsEventStateManager.cpp, line 142] PresShell::HandleEventInternal() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp, line 710] PresShell::HandleEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp, line 5918] nsViewManager::HandleEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/view/src/nsViewManager.cpp, line 710] nsViewManager::DispatchEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/view/src/nsViewManager.cpp, line 2030] HandleEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/view/src/nsView.cpp, line 243] nsCommonWidget::DispatchEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/gtk2/nsCommonWidget.cpp, line 215] nsWindow::OnButtonReleaseEvent() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/gtk2/nsWindow.cpp, line 1449] button_release_event_cb() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/gtk2/nsWindow.cpp, line 3277] libgtk-x11-2.0.so.0 + 0x10d757 (0x004f3757) libgobject-2.0.so.0 + 0x9347 (0x00f90347) libgobject-2.0.so.0 + 0x1fae1 (0x00fa6ae1) libgobject-2.0.so.0 + 0x20913 (0x00fa7913) libgobject-2.0.so.0 + 0x20f5a (0x00fa7f5a) libgtk-x11-2.0.so.0 + 0x201545 (0x005e7545) libgtk-x11-2.0.so.0 + 0x10ba1b (0x004f1a1b) libgtk-x11-2.0.so.0 + 0x10bd20 (0x004f1d20) libgdk-x11-2.0.so.0 + 0x3d0a2 (0x001b10a2) libglib-2.0.so.0 + 0x237bb (0x002037bb) libglib-2.0.so.0 + 0x25242 (0x00205242) libglib-2.0.so.0 + 0x254ef (0x002054ef) libgtk-x11-2.0.so.0 + 0x10b07e (0x004f107e) nsAppShell::Run() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/widget/src/gtk2/nsAppShell.cpp, line 144] nsAppShellService::Run() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/xpfe/appshell/src/nsAppShellService.cpp, line 495] xre_main() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/toolkit/xre/nsAppRunner.cpp, line 692] main() [/builds/tinderbox/firefox-1.0/Linux_2.4.20-28.8_Clobber/mozilla/browser/app/nsBrowserApp.cpp, line 59] libc.so.6 + 0x14e33 (0x008a7e33)
|
|
Reporter | |
Comment 2•20 years ago
|
||
Oddly, I can't find GetStyleList() anywhere, and LXR doesn't know anything about it. Yet it's quite clearly returning NULL when it's not expected to.
STYLE_STRUCT in nsIFrame.h 76 STYLE_STRUCT_INHERITED(List, nsnull, ())
The TB report shows [@nsImageBoxFrame::UpdateImage()] as stack signature, not the one noted in the summary. Is the summary correct?
Keywords: crash
Version: Trunk → 1.7 Branch
|
|
Reporter | |
Comment 5•20 years ago
|
||
I think that's GCC static inlining at work. If you look at the line number it's inside DidSetStyleContext. It appears that with certain optimization levels GCC will always inline static functions that are only used once in a file. Unfortunately this can make backtraces much harder to read.
|
|
Reporter | |
Comment 6•20 years ago
|
||
Sorry, I think I'm talking rubbish. I looked at nsImageBoxFrame::UpdateImage and it doesn't seem to call DidSetStyleContext, which isn't static anyway. If you click the bonsai link in Talkback it takes you to DidSetStyleContext but you are right, the backtrace says something different (unless the last frame is it ...)
|
||
Comment 7•20 years ago
|
||
Hmm... Is this a problem with trunk builds? Or just 1.7 branch?
|
||
Comment 8•19 years ago
|
||
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
Assignee: jdunn → nobody
|
||
Comment 9•18 years ago
|
||
I haven't seen this in a current build, the build this bug was reported against is ancient, and there's been no activity on this for a long time, so I'm resolving this. However, if you see this problem in a recent build of Firefox, feel free to return and ask for this bug to be reopened. Marking INVALID (don't take it personally, Bugzilla doesn't have a politer option ;-)
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@nsImageBoxFrame::DidSetStyleContext]
|
||
Updated•6 years ago
|
Product: Core → Core Graveyard
|
|
||
Updated•6 years ago
|
Product: Core Graveyard → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•