Closed Bug 299419 Opened 19 years ago Closed 19 years ago

Crash [@ nsEventStateManager::FireContextClick]

Categories

(Core :: DOM: UI Events & Focus Handling, defect, P1)

Product:
Core
Component:
DOM: UI Events & Focus Handling
Platform:
PowerPC
macOS
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.8beta3

People

(Reporter: moz, Assigned: sfraser_bugs)

References

Details

(Keywords: crash, topcrash, verified1.8, Whiteboard: [no l10n impact])

Crash Data

Attachments

(4 files)

Crash log.
4.25 KB, text/plain
Details
Patch to init the nsMouseEvent before setting the mouse state
2.37 KB, patch
roc
: review+
roc
: superreview+
roc
: approval1.8b4+
Details | Diff | Splinter Review
Check for null pres shell in FireContextClick() (branch)
1.70 KB, patch
roc
: review+
roc
: superreview+
asa
: approval1.8b5+
Details | Diff | Splinter Review
Check for null pres shell in FireContextClick() (trunk)
1.64 KB, patch
roc
: review+
roc
: superreview+
Details | Diff | Splinter Review 
I've been getting occasional (but frequent enough to cause worry) crashes with
nsEventStateManager::FireContextClick() on the top of the stack. Digging through
LXR leads me to believe that this is fired for click-hold context menus.
However, these aren't enabled in Camino, so I don't really understand why this
code is even called.
Attached file Crash log. β€” 

  

  



    
    

    
  
Context menus!  I needed that clue.  I may have found this recurring pest...

In a textarea, double-click on a word, then try to drag-extend the selection.

TB7199000W, TB7200472M, and TB7200493E.  And others, back at least to mid-May.

  

  



    
    

    
  
Wow; yeah, I can reproduce this every time by following your steps. (Double
click a word in a textarea, hold for a bit, then drag.)

  

  



    
    

    
  
I should clarify: the drag isn't required to reproduce the problem.
It just explains why the problem has been recurring for me so often.

Double-click-and-hold in an HTML form control -> crash

Click-and-hold after selecting separately, or on static content -> no crash

  

  



    
    

    
  
I believe this is a regression from the checkin in bug 255378.
Problem occurs in nightly build 2005-04-20-08, not in 2005-04-19-08.

However, I believe the proper fix is actually to change the condition
in nsEventStateManager.h to disable CLICK_HOLD_CONTEXT_MENUS for Camino
(if not maybe even for Mac OS X entirely?)

  

  



    
  
Priority: -- → P1
Target Milestone: --- → Camino0.9

    
    

    
  
This should probably block Gecko 1.8b4, but I can't set that flag while this is
in the camino product...

  

  



    
  
Component: General → Event Handling
Product: Camino → Core
Target Milestone: Camino0.9 → mozilla1.8beta3
Version: unspecified → Trunk
Blocks: 255378
Flags: blocking1.8b4?

    
  
Assignee: pinkerton → events
QA Contact: ian

    
  
Summary: Crash @ nsEventStateManager::FireContextClick() → Crash [@ nsEventStateManager::FireContextClick]

    
  
Whiteboard: [no l10n impact]

    
    

    
  
*** Bug 300406 has been marked as a duplicate of this bug. ***

  

  



    
    

    
  
This is a regression from roc's checkin, so over to him.

  

  


Assignee: events → roc

    
    

    
  
The crash happens because the call to frameSel->SetMouseDownState(PR_FALSE); a
few lines above the nsMouseEvent constructor causes a selection changed event to
fire, which re-enters the ESM, clearing mCurrentTarget.

I think the appropriate fix is to move the nsMouseEvent ctor higher up, while
mCurrentTarget is still valid (as it used to be before bug 255378 was fixed).

  

  



    
    

    
  


  

  

  



        Attachment #189370 -
        Flags: superreview?(bzbarsky)

        Attachment #189370 -
        Flags: review?(roc)

    
    

    
  
Comment on attachment 189370 [details] [diff] [review]
Patch to init the nsMouseEvent before setting the mouse state

Looks good. 

I'm a bit concerned that mCurrentTarget->GetWindow() could be destroyed in
here. Could you add an nsCOMPtr to hold a strong reference to it until we're
done firing the DOM event? Thanks!

  

  



        Attachment #189370 -
        Flags: superreview?(bzbarsky)

        Attachment #189370 -
        Flags: superreview+

        Attachment #189370 -
        Flags: review?(roc)

        Attachment #189370 -
        Flags: review+

    
    

    
  
Taking for checkin.

  

  


Assignee: roc → sfraser_bugs

    
    

    
  
Checked in, with a death grip on the nsIWidget.

  

  


Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED

    
    

    
  
Comment on attachment 189370 [details] [diff] [review]
Patch to init the nsMouseEvent before setting the mouse state

You forgot to request approval. I'll retroactively approve it so we don't get
sent to the firing squad!

  

  



        Attachment #189370 -
        Flags: approval1.8b4+

    
  
Flags: blocking1.8b4?

    
    

    
  
*** Bug 304178 has been marked as a duplicate of this bug. ***

  

  



    
    

    
  
FWIW, i managed to crash here again: TB9047933Y.

  

  



    
  
Flags: blocking1.8b5?

    
    

    
  


  
I came up with a good testcase for reproducing this by looking through talkback
report comments.  Hit a new XUL error page by, for example, visiting
http://127.0.0.1:10545/ and click the "Try Again" button in rapid succession. 
Vary your rate of clicking and amount of holding on the "Try Again" button
slightly if you can't reproduce it right away.

These are crashing now because mPresContext->GetPresShell() is null.  This
patch adds a check for a null pres shell.  I'm getting rid of the check for
mGestureDownContent because the function returns early when it's false.

  

  



        Attachment #195992 -
        Flags: review?(roc)

    
    

    
  
Comment on attachment 195992 [details] [diff] [review]
Check for null pres shell in FireContextClick() (branch)

(This patch was prepared against the 1.8 branch.)

  

  



        Attachment #195992 -
        Attachment description: Check for null pres shell in FireContextClick() → Check for null pres shell in FireContextClick() (branch)

    
    

    
  


  
This is the same patch, adapted to the trunk.  A different patch is required
since bug 303779 landed on the trunk.

  

  



    
    

    
  
this looks like a low risk, top crash bug fix that we should approve for the
branch once it has been reviewed and lands on the trunk. 

  

  


Flags: blocking1.8b5? → blocking1.8b5+

    
  

        Attachment #195992 -
        Flags: approval1.8b5?

    
    

    
  
Fixed on the trunk, need this on the branch.

  

  


Status: REOPENED → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → FIXED

    
  

        Attachment #195992 -
        Flags: approval1.8b5? → approval1.8b5+

    
    

    
  
...and now it's fixed there too.

  

  


Keywords: fixed1.8

    
    

    
  
Looks good using Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
rv:1.8b5) Gecko/20050927 Firefox/1.4. I tried to repro the crash using athe
testcase in Comment #18 and did not see any issues. Adding verified keyword.

  

  


Keywords: fixed1.8verified1.8
Crash Signature: [@ nsEventStateManager::FireContextClick]
Component: Event Handling → User events and focus handling

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: