Closed Bug 29502 Opened 25 years ago Closed 25 years ago

2000-02-27 segfaults in nsHTMLEditorlog destructor

Categories

(Core :: DOM: Editor, defect, P3)

Product:
Core
Component:
DOM: Editor
Platform:
Sun
Solaris
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: drl, Assigned: kinmoz)

Details

For several days, I've been seeing a reproducible segfault in the nightly builds. Environment: Solaris 7 (with Maintenance Update 4), SunPro WorkShop v5.0, gmake v3.76.1 I have the same problem with the program hanging on startup that has been reported elsewhere. I have discovered that supplying the -CreateProfile flag with an argument often (but not always) lets me get past the point where mozilla-bin otherwise hangs. In the case for which I provide dbx output below, I have provoked the segfault by 1) using 'File/Open Web Location ...' to bring up a dialog 2) entering "http://www.vuse.vanderbilt.edu/~drl/home.html" as the URI to be opened and 3) clicking 'Open' but you can also provoke it by simply entering nothing and clicking 'Cancel'. This indicates to me that the "fontset" stuff below is not entirely relevant. Anyway, here are three sets of logging info: 1) up to the point where I can enter info in the 'Open Web Location ...' dialog 2) after I clicked 'Okay' 3) dbx mozilla-bin core output after the core dump 11111111111111111111111111111111111111111111111 % ../../../../runit -CreateProfile drl .//run-mozilla.sh ./mozilla-bin -CreateProfile drl MOZILLA_FIVE_HOME=/ufs/sys/sys3/mozilla/src/0227/s7/dist/bin LD_LIBRARY_PATH=/ufs/sys/sys3/mozilla/src/0227/s7/dist/bin:/opt/pkgs/GTKglib/v1.2.7/lib:/opt/pkgs/GTKgtk/v1.2.7/lib:/opt/pkgs/MISCidl/v0.6.8/lib SHLIB_PATH=/ufs/sys/sys3/mozilla/src/0227/s7/dist/bin LIBPATH=/ufs/sys/sys3/mozilla/src/0227/s7/dist/bin MOZ_PROGRAM=./mozilla-bin MOZ_TOOLKIT= moz_debug=0 moz_debugger= nsNativeComponentLoader: autoregistering begins. nsNativeComponentLoader: autoregistering succeeded nNCL: registering deferred (0) nsUnixToolkitService: Using 'gtk' for the Widget Toolkit. nsUnixToolkitService: Using 'gtk' for the Gfx Toolkit. NS_SetupRegistry() MOZ_TOOLKIT=gtk, WIDGET_DLL=libwidget_gtk.so, GFX_DLL=libgfx_gtk.so initialized appshell Profile Manager : Profile Wizard and Manager activites : Begin Profile Manager : Command Line Options : Begin profileName & profileDir are: drl ProfileManager : CreateNewProfile Profile Name: drl Profile Dir: /nfs/jethro/users/drl/.mozilla before SetProfileDir ProfileManager : CreateUserDirectories after SetProfileDir ProfileManager : GetProfileDir ProfileName : drl ProfileDir : /nfs/jethro/users/drl/.mozilla/drl-2 ProfileManager : GetProfileDir DEBUG BUILDS ONLY: we are forcing you to use the profile manager to help smoke test it. Profile Manager : Command Line Options : End Profile Manager : Profile Wizard and Manager activites : End GFX: dpi=96 t2p=0.0666667 p2t=15 depth=8 Gdk-WARNING **: shmat failed! Gdk-WARNING **: shmat failed! WEBSHELL+ = 1 Initialized app shell component {18c2f989-b09f-11d2-bcde-00805f0e1353}, rv=0x00000000 Initialized app shell component {4a85a5d0-cddd-11d2-b7f6-00805f05ffa5}, rv=0x00000000 WEBSHELL+ = 2 Note: styleverifytree is disabled Note: frameverifytree is disabled Note: verifyreflow is disabled assuming d&d is off for Navigator nsCollationUnix::Initialize mLocale = C nsCollationUnix::Initialize mCharset = ISO-8859-1 Obtained name of Personal Toolbar from bookmarks string bundle. Start reading in bookmarks.html Finished reading in bookmarks.html (399634 microseconds) nsCollationUnix::Initialize mLocale = C nsCollationUnix::Initialize mCharset = ISO-8859-1 WARNING: unable to load datasource 'rdf:xpinstall-update-notifier', file ../../../../mozilla/rdf/content/src/nsXULDocument.cpp, line 5320 WEBSHELL+ = 3 WEBSHELL+ = 4 Setting content window FOR DEBUG BUILDS ONLY: we are forcing you to see the checkin guidelines when you open a browser window Opening file cookies.txt failed Opening file cookperm.txt failed got a request Document http://www.mozilla.org/quality/checkin-guidelines.html loaded successfully Document: Done (5.355 secs) assuming d&d is off for Bookmarks Mouse down WEBSHELL+ = 5 Move window by 319.5,96 screen x 16screen y 40 WEBSHELL+ = 6 2222222222222222222222222222222222222222222222222222222222 Mouse down Mouse down Mouse down Mouse down Mouse down Gdk-WARNING **: Missing charsets in FontSet creation Gdk-WARNING **: ISO8859-1 ###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().: 'mRawPtr != 0', file ../../dist/include/nsCOMPtr.h, line 591 ###!!! Break: at file ../../dist/include/nsCOMPtr.h, line 591 Segmentation Fault - core dumped 3333333333333333333333333333333333333333333333333333333333333333333333333 dbx mozilla-bin core Reading mozilla-bin core file header read successfully Reading ld.so.1 Reading libraptorgfx.so Reading libmozjs.so Reading libxpcom.so Reading libjsj.so Reading libplds4.so Reading libplc4.so Reading libnspr4.so Reading libpthread.so.1 Reading libraptorwebwidget.so Reading libdocshell.so Reading libjsdom.so Reading libw.so.1 Reading librt.so.1 Reading libintl.so.1 Reading libelf.so.1 Reading libnsl.so.1 Reading libsocket.so.1 Reading libresolv.so.2 Reading libCrun.so.1 Reading libdl.so.1 Reading libm.so.1 Reading libthread.so.1 Reading libc.so.1 Reading libaio.so.1 Reading libmp.so.2 Reading libc_psr.so.1 Reading libxpinstall.so Reading libMyService.so Reading libjsloader.so Reading libtoolkit_service.so Reading libnsappshell.so Reading libchardet.so Reading libuconv.so Reading libnecko.so Reading libnecko_res.so Reading libnecko_file.so Reading libmimetype.so Reading libunicharutil.so Reading libucvlatin.so Reading libwidget_gtk.so Reading libgtksuperwin.so Reading libgtk-1.2.so.0 Reading libgdk-1.2.so.0 Reading libgmodule-1.2.so.0 Reading libglib-1.2.so.0 Reading libXext.so.0 Reading libX11.so.4 Reading libpref.so Reading libxpconnect.so Reading librdf.so Reading libprofile.so Reading libnecko_about.so Reading libgfx_gtk.so Reading libraptorplugin.so Reading liburiloader.so Reading libhistory.so Reading libmork.so Reading libtbmb.so Reading libmailnews.so Reading libmsgbaseutil.so Reading libmozbrwsr.so Reading libchrome.so Reading libraptorhtml.so Reading libraptorhtmlpars.so Reading libcaps.so Reading libwallet.so Reading liboji.so Reading libraptorview.so Reading libtimer_gtk.so Reading libnslocale.so Reading libnsgif.so Reading libstrres.so Reading libbookmarks.so Reading libsearch.so Reading libxpiflash.so Reading liblwbrk.so Reading libnecko_http.so Reading libcookie.so Reading libnecko_cache.so Reading libender.so Reading libtxmgr.so detected a multithreaded program t@1 (l@3) terminated by signal SEGV (no mapping at the fault address) Current function is nsHTMLEditorLog::~nsHTMLEditorLog 51 StopLogging(); (/opt/SUNWspro/bin/../WS5.0/bin/sparcv9/dbx) where current thread: t@1 [1] 0xf94028fc(0x6c6888, 0x0, 0x0, 0xffbeadec, 0xfec4c55c, 0xff3bffac), at 0xf94028fb =>[2] nsHTMLEditorLog::~nsHTMLEditorLog(this = 0x6c6888), line 51 in "nsHTMLEditorLog.cpp" [3] __SLIP.DELETER__A(0x6c6888, 0x1, 0xf956e840, 0x1e, 0x60, 0x78f750), at 0xf94f5c78 [4] nsEditor::Release(this = 0x6c6888), line 362 in "nsEditor.cpp" [5] nsHTMLEditor::Release(this = 0x6c6888), line 335 in "nsHTMLEditor.cpp" [6] nsHTMLEditorLog::Release(this = 0x6c6888), line 55 in "nsHTMLEditorLog.cpp" [7] nsCOMPtr_base::assign_assuming_AddRef(this = 0x74cd00, newPtr = (nil)), line 392 in "nsCOMPtr.h" [8] nsCOMPtr_base::assign_with_AddRef(this = 0x74cd00, rawPtr = (nil)), line 58 in "nsCOMPtr.cpp" [9] nsCOMPtr<nsIEditor>::operator=(this = 0x74cd00, rhs = (nil)), line 526 in "nsCOMPtr.h" [10] nsGfxTextControlFrame::~nsGfxTextControlFrame(this = 0x74cc38), line 493 in "nsGfxTextControlFrame.cpp" [11] __SLIP.DELETER__H(0x74cc38, 0x1, 0xffbeaeb0, 0x0, 0xffbeae84, 0x79), at 0xfa3e45f8 [12] nsFrame::Destroy(this = 0x74cc38, aPresContext = 0x635e58), line 406 in "nsFrame.cpp" [13] nsGfxTextControlFrame::Destroy(this = 0x74cc38, aPresContext = 0x635e58), line 3204 in "nsGfxTextControlFrame.cpp" [14] nsFrameList::DestroyFrames(this = 0x74c9e8, aPresContext = 0x635e58), line 35 in "nsFrameList.cpp" [15] nsContainerFrame::Destroy(this = 0x74c9b4, aPresContext = 0x635e58), line 95 in "nsContainerFrame.cpp" [16] nsBoxFrame::Destroy(this = 0x74c9b4, aPresContext = 0x635e58), line 2628 in "nsBoxFrame.cpp" [17] nsFrameList::DestroyFrames(this = 0x74c814, aPresContext = 0x635e58), line 35 in "nsFrameList.cpp" [18] nsContainerFrame::Destroy(this = 0x74c7e0, aPresContext = 0x635e58), line 95 in "nsContainerFrame.cpp" [19] nsBoxFrame::Destroy(this = 0x74c7e0, aPresContext = 0x635e58), line 2628 in "nsBoxFrame.cpp" [20] nsFrameList::DestroyFrames(this = 0x74c7d8, aPresContext = 0x635e58), line 35 in "nsFrameList.cpp" [21] nsContainerFrame::Destroy(this = 0x74c7a4, aPresContext = 0x635e58), line 95 in "nsContainerFrame.cpp" [22] nsFrameList::DestroyFrames(this = 0x74c79c, aPresContext = 0x635e58), line 35 in "nsFrameList.cpp" [23] nsContainerFrame::Destroy(this = 0x74c768, aPresContext = 0x635e58), line 95 in "nsContainerFrame.cpp" [24] ViewportFrame::Destroy(this = 0x74c768, aPresContext = 0x635e58), line 139 in "nsViewportFrame.cpp" [25] FrameManager::~FrameManager(this = 0x6cb090), line 342 in "nsFrameManager.cpp" [26] __SLIP.DELETER__A(0x6cb090, 0x1, 0xfa9fb650, 0x2c, 0xfec4c55c, 0x0), at 0xf9fc29d8 [27] FrameManager::Release(this = 0x6cb090), line 328 in "nsFrameManager.cpp" [28] PresShell::~PresShell(this = 0x5e91e8), line 718 in "nsPresShell.cpp" [29] __SLIP.DELETER__A(0x5e91e8, 0x1, 0xfaa05a2c, 0x2c, 0xff3dc7ac, 0x109), at 0xfa04ade8 [30] PresShell::Release(this = 0x5e91e8), line 658 in "nsPresShell.cpp" [31] nsCOMPtr_base::~nsCOMPtr_base(this = 0x62118c), line 49 in "nsCOMPtr.cpp" [32] nsCOMPtr<nsIPresShell>::~nsCOMPtr(0x62118c, 0x0, 0xfdbc7038, 0xffbeb7ec, 0xfec4c55c, 0x0), at 0xfa748f4c [33] DocumentViewerImpl::~DocumentViewerImpl(this = 0x621158), line 377 in "nsDocumentViewer.cpp" [34] __SLIP.DELETER__A(0x621158, 0x1, 0xfaa72434, 0xfce3ca60, 0xff3dc7ac, 0x132), at 0xfa74e378 [35] DocumentViewerImpl::Release(this = 0x621158), line 304 in "nsDocumentViewer.cpp" [36] nsCOMPtr_base::assign_assuming_AddRef(this = 0x6da124, newPtr = (nil)), line 392 in "nsCOMPtr.h" [37] nsCOMPtr_base::assign_with_AddRef(this = 0x6da124, rawPtr = (nil)), line 58 in "nsCOMPtr.cpp" [38] nsCOMPtr<nsIContentViewer>::operator=(this = 0x6da124, rhs = (nil)), line 526 in "nsCOMPtr.h" [39] nsWebShell::Destroy(this = 0x6da0b0), line 3570 in "nsWebShell.cpp" [40] nsXULWindow::Destroy(this = 0x6aad58), line 334 in "nsXULWindow.cpp" [41] nsChromeTreeOwner::Destroy(this = 0x6c9e60), line 210 in "nsChromeTreeOwner.cpp" [42] GlobalWindowImpl::Close(this = 0x6cec78), line 1548 in "nsGlobalWindow.cpp" [43] GlobalWindowImpl::CloseWindow(aWindow = 0x6cec7c), line 2800 in "nsGlobalWindow.cpp" [44] nsJSContext::ScriptEvaluated(this = 0x6ceb88), line 753 in "nsJSEnvironment.cpp" [45] nsJSContext::EvaluateString(this = 0x6ceb88, aScript = CLASS, aScopeObject = 0x5f7928, aPrincipal = 0x1c72a8, aURL = 0x75a620 "chrome://navigator/content/openLocation.js", aLineNo = 106U, aVersion = 0xff0cd858 "default", aRetValue = CLASS, aIsUndefined = 0xffbebf60), line 315 in "nsJSEnvironment.cpp" [46] GlobalWindowImpl::RunTimeout(this = 0x6cec78, aTimeout = 0x7a71f8), line 3053 in "nsGlobalWindow.cpp" [47] nsGlobalWindow_RunTimeout(aTimer = 0x52fdb0, aClosure = 0x7a71f8), line 3323 in "nsGlobalWindow.cpp" [48] nsTimerGtk::FireTimeout(this = 0x52fdb0), line 58 in "nsTimerGtk.cpp" [49] nsTimerExpired(aCallData = 0x52fdb0), line 175 in "nsTimerGtk.cpp" [50] g_timeout_dispatch(source_data = 0x795910, dispatch_time = 0xffbec408, user_data = 0x52fdb0), line 1300 in "gmain.c" [51] g_main_dispatch(dispatch_time = 0xffbec408), line 658 in "gmain.c" [52] g_main_iterate(block = 1, dispatch = 1), line 877 in "gmain.c" [53] g_main_iteration(block = 1), line 907 in "gmain.c" [54] nsAppShell::DispatchNativeEvent(this = 0x6e2238, aRealEvent = 0, aEvent = (nil)), line 340 in "nsAppShell.cpp" [55] nsXULWindow::ShowModal(this = 0x6aad58), line 901 in "nsXULWindow.cpp" [56] nsWebShellWindow::ShowModal(this = 0x6aad58), line 1138 in "nsWebShellWindow.cpp" [57] nsChromeTreeOwner::ShowModal(this = 0x6c9e60), line 180 in "nsChromeTreeOwner.cpp" [58] GlobalWindowImpl::OpenInternal(this = 0x2b3620, cx = 0x2b36e8, argv = 0x3052c8, argc = 4U, aDialog = 1, aReturn = 0xffbecd48), line 2442 in "nsGlobalWindow.cpp" [59] GlobalWindowImpl::OpenDialog(this = 0x2b3620, cx = 0x2b36e8, argv = 0x3052c8, argc = 4U, aReturn = 0xffbecd48), line 1534 in "nsGlobalWindow.cpp" [60] WindowOpenDialog(cx = 0x2b36e8, obj = 0x266bc0, argc = 4U, argv = 0x3052c8, rval = 0xffbece60), line 2601 in "nsJSWindow.cpp" [61] js_Invoke(cx = 0x2b36e8, argc = 4U, flags = 0), line 665 in "jsinterp.c" [62] js_Interpret(cx = 0x2b36e8, result = 0xffbed2d8), line 2292 in "jsinterp.c" [63] js_Invoke(cx = 0x2b36e8, argc = 0, flags = 0), line 681 in "jsinterp.c" [64] js_Interpret(cx = 0x2b36e8, result = 0xffbed780), line 2292 in "jsinterp.c" [65] js_Invoke(cx = 0x2b36e8, argc = 1U, flags = 2U), line 681 in "jsinterp.c" [66] js_InternalInvoke(cx = 0x2b36e8, obj = 0x5f7908, fval = 6256920, flags = 0, argc = 1U, argv = 0xffbedb34, rval = 0xffbed9c0), line 754 in "jsinterp.c" [67] JS_CallFunctionValue(cx = 0x2b36e8, obj = 0x5f7908, fval = 6256920, argc = 1U, argv = 0xffbedb34, rval = 0xffbed9c0), line 2790 in "jsapi.c" [68] nsJSContext::CallEventHandler(this = 0x250dc8, aTarget = 0x5f7908, aHandler = 0x5f7918, argc = 1U, argv = 0xffbedb34, aBoolResult = 0xffbeda84), line 561 in "nsJSEnvironment.cpp" [69] nsJSEventListener::HandleEvent(this = 0x4b0960, aEvent = 0x6dfc84), line 128 in "nsJSEventListener.cpp" [70] nsEventListenerManager::HandleEventSubType(this = 0x48c748, aListenerStruct = 0x496868, aDOMEvent = 0x6dfc84, aSubType = 8U, aPhaseFlags = 7U), line 697 in "nsEventListenerManager.cpp" [71] nsEventListenerManager::HandleEvent(this = 0x48c748, aPresContext = 0x28ae18, aEvent = 0xffbee2f4, aDOMEvent = 0xffbee26c, aFlags = 7U, aEventStatus = 0xffbee334), line 1456 in "nsEventListenerManager.cpp" [72] nsXULElement::HandleDOMEvent(this = 0x41ece8, aPresContext = 0x28ae18, aEvent = 0xffbee2f4, aDOMEvent = 0xffbee26c, aFlags = 1U, aEventStatus = 0xffbee334), line 3078 in "nsXULElement.cpp" [73] nsMenuFrame::Execute(this = 0x6cfc08), line 1215 in "nsMenuFrame.cpp" [74] nsMenuFrame::HandleEvent(this = 0x6cfc08, aPresContext = 0x28ae18, aEvent = 0xffbee9e4, aEventStatus = 0xffbee7b0), line 317 in "nsMenuFrame.cpp" [75] PresShell::HandleEvent(this = 0x2cea78, aView = 0x6bb7a0, aEvent = 0xffbee9e4, aEventStatus = 0xffbee7b0), line 2954 in "nsPresShell.cpp" [76] nsView::HandleEvent(this = 0x6bb7a0, event = 0xffbee9e4, aEventFlags = 8U, aStatus = 0xffbee7b0, aHandled = 0), line 798 in "nsView.cpp" [77] nsView::HandleEvent(this = 0x2ce740, event = 0xffbee9e4, aEventFlags = 28U, aStatus = 0xffbee7b0, aHandled = 0), line 782 in "nsView.cpp" [78] nsViewManager2::DispatchEvent(this = 0x2756f0, aEvent = 0xffbee9e4, aStatus = 0xffbee7b0), line 1210 in "nsViewManager2.cpp" [79] HandleEvent(aEvent = 0xffbee9e4), line 68 in "nsView.cpp" [80] nsWidget::DispatchEvent(this = 0x2ce7b0, aEvent = 0xffbee9e4, aStatus = nsEventStatus_eIgnore), line 1363 in "nsWidget.cpp" [81] nsWidget::DispatchWindowEvent(this = 0x2ce7b0, event = 0xffbee9e4), line 1254 in "nsWidget.cpp" [82] nsWidget::DispatchMouseEvent(this = 0x2ce7b0, aEvent = STRUCT), line 1390 in "nsWidget.cpp" [83] nsWidget::OnButtonReleaseSignal(this = 0x679020, aGdkButtonEvent = 0x24e3b8), line 2083 in "nsWidget.cpp" [84] nsWindow::HandleGDKEvent(this = 0x679020, event = 0x24e3b8), line 1156 in "nsWindow.cpp" [85] handle_gdk_event(event = 0x24e3b8, data = (nil)), line 905 in "nsGtkEventHandler.cpp" [86] gdk_event_dispatch(source_data = (nil), current_time = 0xffbeed60, user_data = (nil)), line 2129 in "gdkevents.c" [87] g_main_dispatch(dispatch_time = 0xffbeed60), line 658 in "gmain.c" [88] g_main_iterate(block = 1, dispatch = 1), line 877 in "gmain.c" [89] g_main_run(loop = 0x1e5b28), line 935 in "gmain.c" [90] gtk_main(), line 476 in "gtkmain.c" [91] nsAppShell::Run(this = 0x154538), line 304 in "nsAppShell.cpp" [92] nsAppShellService::Run(this = 0x12eea8), line 399 in "nsAppShellService.cpp" [93] main1(argc = 3, argv = 0xffbef204, splashScreen = (nil)), line 763 in "nsAppRunner.cpp" [94] main(argc = 3, argv = 0xffbef204), line 883 in "nsAppRunner.cpp" (/opt/SUNWspro/bin/../WS5.0/bin/sparcv9/dbx)
This problem persists with the 2000-03-02 sources (02-29 and 03-01 didn't build due to a problem reported (and fixed) elsewhere.
Assignee: brade → kin
Target Milestone: M16
reassign to Kin for M16
This problem persists up through a build from the 2000-04-01 sources even though the appearance of the Open dialog has changed considerably. Furthermore, I no longer see the ASSERTION messages about nsCOMPtr, the "mouse down" messages or the GDK warning.
setting to m17
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Target Milestone: M16 → M17
In an attempt to learn more about what might be causing this seg fault and a bus error (bug #34526), I decided to check to see what configure options might be used to provide more information. I was surprised to learn that adding some configure options "fixed" both problems. I am working to learn which (combination) of the configure options I added are responsible for hiding the problems but, because I added several options, it may take a few days to figure out which is/are relevant to the "fix". In the meantime, I'm sumbitting this interim report in case anyone with familiarity with what the various configure options do to the code wants to compare the options that work with those that don't in order identify the underlying problem. The script that builds a mozilla with bugs 29502 and 34526 can be found at http://www.vuse.vanderbilt.edu/~drl/mozilla/with-29502-34526.sh while the script that builds a mozilla without those bugs can be found at http://www.vuse.vanderbilt.edu/~drl/mozilla/without-29502-34526.sh
we checked this out on Linux and it is working fine, David can you try this on a more current build, we are no longer using nsGfxTextControlFrame for text fields
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Unfortunately, I haven't been able to build Mozilla for about 6 weeks due to a bug in the Sun C++ v5.0 compiler so I am unable to test this. Sun has finally excepted the alleged bug as a real bug so they may produce a patch. If so, I will test ASAP.
verified in 7/25 build
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.