Closed
Bug 331561
Opened 18 years ago
Closed 18 years ago
nsAutoComplete crash on entering URL [@ nsAutoCompleteController::HandleEnter]
Categories
(Firefox :: Address Bar, defect)
Tracking
()
VERIFIED
FIXED
Firefox 2 beta1
People
(Reporter: jeanmichel.reghem, Assigned: smaug)
References
Details
(4 keywords, Whiteboard: 181b1+)
Crash Data
Attachments
(1 file)
3.32 KB,
patch
|
bryner
:
review+
bryner
:
superreview+
jay
:
approval1.8.0.5+
mtschrep
:
approval1.8.1+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 i don't really remember what i've done to have this crash. I think i had an open FF, closing it, trying to reopen immediatly and type an url ... here is the talkback: TB16773954Z Incident ID: 16773954 Stack Signature nsAutoCompleteController::HandleEnter 4dedd470 Product ID Firefox15 Build ID 2006011112 Trigger Time 2006-03-24 00:47:38.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module firefox.exe + (003feb8c) URL visited crash after closing firefox User Comments Since Last Crash 265843 sec Total Uptime 1582755 sec Trigger Reason Access violation Source File, Line No. c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/toolkit/components/autocomplete/src/nsAutoCompleteController.cpp, line 260 Stack Trace nsAutoCompleteController::HandleEnter [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/toolkit/components/autocomplete/src/nsAutoCompleteController.cpp, line 260] XPTC_InvokeByIndex [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 102] XPCWrappedNative::CallMethod [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2152] XPC_WN_CallMethod [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1444] js_Invoke [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1177] js_Interpret [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3551] js_Invoke [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1197] js_InternalInvoke [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1274] JS_CallFunctionValue [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/js/src/jsapi.c, line 4158] nsJSContext::CallEventHandler [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1411] nsJSEventListener::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/dom/src/events/nsJSEventListener.cpp, line 195] nsXBLPrototypeHandler::ExecuteHandler [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xbl/src/nsXBLPrototypeHandler.cpp, line 505] nsXBLKeyEventHandler::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xbl/src/nsXBLEventHandler.cpp, line 151] nsEventListenerManager::HandleEventSubType [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1685] nsEventListenerManager::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1786] nsXULElement::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2153] nsXULElement::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2132] nsXULElement::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp, line 2132] nsGenericElement::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 2117] nsHTMLInputElement::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/content/html/content/src/nsHTMLInputElement.cpp, line 1395] PresShell::HandleEventInternal [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6374] PresShell::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6210] nsViewManager::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp, line 2514] nsViewManager::DispatchEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp, line 2246] HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/view/src/nsView.cpp, line 174] nsWindow::DispatchEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1252] nsWindow::DispatchKeyEvent [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 3448] nsWindow::OnKeyDown [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 3586] nsWindow::ProcessMessage [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 4492] nsWindow::WindowProc [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1434] USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0x89cd (0x77d489cd) USER32.dll + 0x8a10 (0x77d48a10) nsAppShell::Run [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/widget/src/windows/nsAppShell.cpp, line 159] nsAppStartup::Run [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 151] main [c:/builds/tinderbox/Fx-Mozilla1.8.0/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 61] kernel32.dll + 0x16d4f (0x7c816d4f) Reproducible: Couldn't Reproduce Steps to Reproduce: --> trying to find similar bug Bug 280084 FF101 nsAutoComplete crash on entering URL [@ nsAutoCompleteController::HandleEnter] ( VERIFIED + FIXED ) --> but seems to not solve all the issues Bug 326468 Possibility of crash when autocomplete is open, document is reloaded and then autocomplete is clicked (NEW) --> but crash in nsFormFillController::OnTextEntered , not nsAutoCompleteController::HandleEnter Bug 320659 crash [@ nsFormFillController::OnTextEntered] (UNCONFIRMED) --> but seems also different ... Bug 296526 While autocomplete list is visible opening the context menu causes a misplacement, the focus is lost and a crash occurs when trying to load another URL [@nsAutoCompleteController::HandleEnter] --> line 450 ... So, i've decided to open a new bug ... i will try to reproduce it ...
Reporter | ||
Updated•18 years ago
|
Component: General → Autocomplete
Product: Firefox → Toolkit
Version: unspecified → 1.8 Branch
Reporter | ||
Comment 1•18 years ago
|
||
sorry for the spam ... wrong operation: moving to toolkit was an error
Component: Autocomplete → Location Bar and Autocomplete
Product: Toolkit → Firefox
Version: 1.8 Branch → 1.5.0.x Branch
Comment 2•18 years ago
|
||
bryner, can you take a look at this?
Assignee: nobody → bryner
Flags: blocking1.8.0.3? → blocking1.8.0.3+
Comment 3•18 years ago
|
||
Bug 296526 has a patch...
Comment 4•18 years ago
|
||
No baked patch, too late to make 1.8.0.4
Flags: blocking1.8.0.5?
Flags: blocking1.8.0.4-
Flags: blocking1.8.0.4+
Comment 5•18 years ago
|
||
Need to get traction on Martijn's patch in bug 296526
Flags: blocking-firefox2? → blocking-firefox2+
Updated•18 years ago
|
QA Contact: general → location.bar
Comment 6•18 years ago
|
||
*** Bug 339467 has been marked as a duplicate of this bug. ***
Updated•18 years ago
|
Target Milestone: --- → Firefox 2 beta1
Updated•18 years ago
|
Flags: blocking1.8.0.5? → blocking1.8.0.5+
Comment 7•18 years ago
|
||
Is this one distinct from bug 296526 (which has a patch)? You say it *is* distinct from bug 339467 which has a testcase but no patch, and isn't nominated for any 1.8 branch.
Assignee: bryner → martijn.martijn
Comment 8•18 years ago
|
||
Yeah, all those bugs are distinct from each other. There are different ways to trigger the crash (not sure how is triggered in this bug, though). It happens when something bad has happened focus related. So maybe the crash could/should also be fixed by adding some kind of checks in nsAutoCompleteController::HandleEnter and related functions, but the bad focus state should also really not be happening.
Comment 9•18 years ago
|
||
Looks like this nsAutoCompleteController::HandleEnter crash isn't going to get fixed for 1.8.0.5 If we get a 1.8 fix for firefox 2 please request 1.8.0.x approval for the patch, but otherwise this probably isn't a blocker.
Flags: blocking1.8.0.5+ → blocking1.8.0.5-
Assignee | ||
Comment 10•18 years ago
|
||
Is it just so that mInput is nsnull when nsAutoCompleteController::HandleEnter is called? In nsAutoCompleteController there is |if (mInput)| checks in quite many places, but not in ::HandleEnter, ::HandleDelete or ::HandleEscape. I haven't seen this crash, nor bug 339467. ...trying to write a test case.
Assignee | ||
Comment 11•18 years ago
|
||
Not a good test case, but makes FF to crash. Run this in JS Console: var a = Components.classes["@mozilla.org/autocomplete/controller;1"].createInstance().QueryInterface(Components.interfaces.nsIAutoCompleteController); a.handleEnter();
Assignee | ||
Comment 12•18 years ago
|
||
Adding few null checks to prevent testcase -like crashes. I went through all the uses of mInput and added either if (!mInput) or NS_ENSURE_STATE(mInput) in those cases where I think it might be possible to crash. |if| is used in public methods, NS_ENSURE_STATE in protected methods.
Attachment #227253 -
Flags: superreview?(bryner)
Attachment #227253 -
Flags: review?(bryner)
Assignee | ||
Comment 13•18 years ago
|
||
Comment on attachment 227253 [details] [diff] [review] add few null checks Asking also approvals, since this may (or may not) help with some of the common nsAutoCompleteController::HandleEnter crashes. And at least fixes one way to crash the browser.
Attachment #227253 -
Flags: approval1.8.1?
Attachment #227253 -
Flags: approval1.8.0.5?
Assignee | ||
Comment 14•18 years ago
|
||
If TB stacks don't lie, most of the crashes happen when mInput is null, I think. So the patch should help there.
Updated•18 years ago
|
Attachment #227253 -
Flags: superreview?(bryner)
Attachment #227253 -
Flags: superreview+
Attachment #227253 -
Flags: review?(bryner)
Attachment #227253 -
Flags: review+
Updated•18 years ago
|
Attachment #227253 -
Flags: approval1.8.1?
Assignee | ||
Comment 15•18 years ago
|
||
Comment on attachment 227253 [details] [diff] [review] add few null checks Checked in to trunk
Comment 16•18 years ago
|
||
*** Bug 341885 has been marked as a duplicate of this bug. ***
Updated•18 years ago
|
Whiteboard: 181b1+
Assignee | ||
Comment 17•18 years ago
|
||
Comment on attachment 227253 [details] [diff] [review] add few null checks Re-asking approval for 1.8.1. This is just adding null checks to places where mInput can be nsnull even in 'valid' cases.
Attachment #227253 -
Flags: approval1.8.1?
Assignee | ||
Comment 18•18 years ago
|
||
And according to TB, there hasn't been crashes @nsAutoCompleteController::HandleEnter since this landed to trunk. (though, the patch has been in only ~2 days)
Updated•18 years ago
|
Assignee: martijn.martijn → Olli.Pettay
Comment 19•18 years ago
|
||
*** Bug 339467 has been marked as a duplicate of this bug. ***
Updated•18 years ago
|
Attachment #227253 -
Flags: approval1.8.1? → approval1.8.1+
Assignee | ||
Updated•18 years ago
|
Comment 20•18 years ago
|
||
Comment on attachment 227253 [details] [diff] [review] add few null checks approved for 1.8.0 branch, a=jay for drivers. please land asap, so we can respin and get RC2 out for testing.
Attachment #227253 -
Flags: approval1.8.0.5? → approval1.8.0.5+
Assignee | ||
Updated•18 years ago
|
Keywords: fixed1.8.0.5
Updated•13 years ago
|
Crash Signature: [@ nsAutoCompleteController::HandleEnter]
You need to log in
before you can comment on or make changes to this bug.
Description
•