Closed
Bug 30894
Opened 25 years ago
Closed 25 years ago
CRASH: reply to a mail message, close the compose window before the reply is filled in
Categories
(MailNews Core :: Composition, defect, P3)
Tracking
(Not tracked)
VERIFIED
FIXED
M14
People
(Reporter: Bienvenu, Assigned: sfraser_bugs)
Details
(Whiteboard: [PDT+]w/b minus on 03/09 - Reviewed fix in hand)
I replied to a long message, and realized it was going to take too long to
quote, so I closed the compose window. I crashed in the editor code in
nsInterfaceState::SelectionIsCollapsed() with mEditor having been deleted. I'll
try to get a full stack trace in a minute.
|
Reporter | |
Comment 1•25 years ago
|
||
Looks like the editor has set some timer, but hasn't cancelled the timer when
the editor got deleted.
nsQueryInterface::operator()(const nsID & {...}, void * * 0x0012fc70) line 32 +
23 bytes
nsCOMPtr<nsIEditor>::assign_from_helper(const nsCOMPtr_helper & {...}, const
nsID & {...}) line 795 + 18 bytes
nsCOMPtr<nsIEditor>::nsCOMPtr<nsIEditor>(const nsQueryInterface & {...}) line
508
nsInterfaceState::SelectionIsCollapsed() line 320
nsInterfaceState::TimerCallback() line 248 + 11 bytes
nsInterfaceState::Notify(nsInterfaceState * const 0x04976e7c, nsITimer *
0x04b0ae30) line 528
nsTimer::Fire() line 200
nsTimerManager::FireNextReadyTimer(nsTimerManager * const 0x018ed880, unsigned
int 0) line 117
nsAppShell::Run(nsAppShell * const 0x0143ca40) line 116
nsAppShellService::Run(nsAppShellService * const 0x0143a370) line 393
main1(int 2, char * * 0x010a4cd0, nsISplashScreen * 0x00000000) line 769 + 32
bytes
|
|
Reporter | |
Comment 2•25 years ago
|
||
I'm nominating this as a beta bug, just because it's an easily reproducible
crash.
Keywords: beta1
|
Assignee | |
Comment 4•25 years ago
|
||
Hmm. nsInterfaceState should have cancelled that timer; it does it in the dtor.
Investigating.
Status: NEW → ASSIGNED
Target Milestone: M14
|
|
Assignee | |
Comment 5•25 years ago
|
||
Ah, I suck. The dtor never gets called in that situation because a ref is held by
the timer code.
The fix is to move the following lines:
// cancel any outstanding udpate timer
if (mUpdateTimer)
mUpdateTimer->Cancel();
from nsInterfaceState::~nsInterfaceState() to
nsInterfaceState::NotifyDocumentWillBeDestroyed().
(sorry, no diff, I have tons of other changes in that file).
Whiteboard: Fix in hand
|
|
Reporter | |
Comment 7•25 years ago
|
||
d'oh! thanks for finding and fixing this so quickly, Simon.
|
|
Assignee | |
Updated•25 years ago
|
Whiteboard: [PDT-] Fix in hand → [PDT-] Reviewed fix in hand
|
|
Reporter | |
Comment 9•25 years ago
|
||
I'm a little surprised this is PDT-, it looks like a very safe fix for a crasher
bug that actual users are going to run into. I'm not trying to be a pain, but
I'll try removing the PDT- once.
Whiteboard: [PDT-] Reviewed fix in hand → Reviewed fix in hand
|
|
||
Comment 10•25 years ago
|
||
I'd like to throw in my vote for PDT+ on this one as well. It's a very safe fix,
and stability will be the number 1 criteria on which we are judged in my
opinion. The chances of a regression from this fix are very slim.
|
|
||
Comment 11•25 years ago
|
||
Putting on PDT+ radar for beta1. Must fix by 03/09.
Whiteboard: Reviewed fix in hand → [PDT+]w/b minus on 03/09 - Reviewed fix in hand
|
|
Assignee | |
Comment 12•25 years ago
|
||
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
|
|
||
Comment 13•25 years ago
|
||
OK using 2000-03-10-09m15 commercial build on NT 4.0.
OK with both plain text and compose windows.
|
|
||
Comment 14•25 years ago
|
||
OK using 2000-03-10-13m15 commercial build linux rh6.0
|
|
||
Comment 15•25 years ago
|
||
OK using 2000-03-10-14m15 commercial build mac OS 9.0
Status: RESOLVED → VERIFIED
|
||
Updated•21 years ago
|
Product: MailNews → Core
|
||
Updated•17 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•