Closed
Bug 307562
Opened 18 years ago
Closed 14 years ago
Crash [@ nsXBLBinding::AllowScripts]
Categories
(Core :: XBL, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: csthomas, Unassigned)
References
()
Details
if (!mgr) {
return PR_FALSE;
}
--> nsIDocument* doc = mBoundElement->GetOwnerDoc();
if (!doc) {
return PR_FALSE;
}
Debugger shows mBoundElement->nsISupports->__vfptr = 0xfdfdfdfd
I was messing around with the <toolbox> constructor - having it create some
<hbox>es and moving its children into these hboxes. I worked around the crash
by moving the logic to a separate function and using setTimeout() to call it
with 0 delay.
nsXBLBinding::AllowScripts() line 1195 + 14 bytes
nsXBLBinding::ExecuteAttachedHandler() line 772 + 8 bytes
nsXBLBinding::ExecuteAttachedHandler() line 772
nsBindingManager::ProcessAttachedQueue(nsBindingManager * const 0x01bfcbb8) line 764
nsCSSFrameConstructor::ContentInserted(nsIContent * 0x00000000, nsIFrame *
0x00000000, nsIContent * 0x0278d080, int 0, nsILayoutHistoryState * 0x00000000,
int 0) line 9020
PresShell::InitialReflow(PresShell * const 0x01bf3da8, int 0, int 0) line 2828
nsXULDocument::StartLayout() line 2165
nsXULDocument::ResumeWalk() line 3187
nsXULDocument::EndLoad() line 744
XULContentSinkImpl::DidBuildModel(XULContentSinkImpl * const 0x02afa260) line 408
nsExpatDriver::DidBuildModel(nsExpatDriver * const 0x02af92d8, unsigned int 0,
int 1, nsIParser * 0x02afa2e8, nsIContentSink * 0x02afa260) line 1079 + 12 bytes
nsParser::DidBuildModel(unsigned int 0) line 1315 + 46 bytes
nsParser::ResumeParse(int 1, int 1, int 1) line 2037
nsParser::OnStopRequest(nsParser * const 0x02afa2ec, nsIRequest * 0x02af9738,
nsISupports * 0x00000000, unsigned int 0) line 2706 + 21 bytes
nsJARChannel::OnStopRequest(nsJARChannel * const 0x02af9740, nsIRequest *
0x02af9a58, nsISupports * 0x00000000, unsigned int 0) line 712
nsInputStreamPump::OnStateStop() line 507
nsInputStreamPump::OnInputStreamReady(nsInputStreamPump * const 0x02af9a5c,
nsIAsyncInputStream * 0x02af9068) line 343 + 11 bytes
nsInputStreamReadyEvent::EventHandler(PLEvent * 0x02af8ff4) line 120
PL_HandleEvent(PLEvent * 0x02af8ff4) line 688 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x009f6598) line 623 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x002103f6, unsigned int 49510, unsigned int 0,
long 10446232) line 1408 + 9 bytes
USER32! 77d48734()
USER32! 77d48816()
USER32! 77d489cd()
USER32! 77d48a10()
nsAppShell::Run(nsAppShell * const 0x01b07368) line 135
nsAppStartup::Run(nsAppStartup * const 0x01b07108) line 208
main1(int 3, char * * 0x002a4358, nsISupports * 0x009f4010) line 1249 + 32 bytes
main(int 3, char * * 0x002a4358) line 1736 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 7c816d4f()
|
||
Comment 1•18 years ago
|
||
So you're saying the mBoundElement of the binding is dead?
|
Reporter | |
Comment 2•18 years ago
|
||
(In reply to comment #1) > So you're saying the mBoundElement of the binding is dead? <word> hmmm... 0xfdfdfdfd is crt: no man's land (off the end) If that fits the category of "dead", yes. It would be 0xdddddddd if it were actually deleted though, right?
|
|
||
Comment 3•18 years ago
|
||
Yeah. So how did we end up with a bogus mContent, I wonder... Is the binding itself destroyed by this time or something?
|
||
Updated•18 years ago
|
Severity: normal → critical
Summary: Crash @nsXBLBinding::AllowScripts() → Crash [@ nsXBLBinding::AllowScripts]
|
||
Comment 4•16 years ago
|
||
Fixed by bug 400735? WFM?
|
||
Updated•14 years ago
|
Assignee: xbl → nobody
QA Contact: ian → xbl
|
||
Comment 5•14 years ago
|
||
This never had a testcase, and the stack wasn't enough information.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•