339470 - Testcase in bug 210240 crashes [@ nsIMEStateManager::IsActive] after first alert

Status: RESOLVED FIXED

(Core :: DOM: UI Events & Focus Handling, defect)

Description

[Martijn Wargers (dead)]

The testcase in bug 210240 crashes now after the first alert.
This regressed between 2005-11-14 and 2005-11-15:
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2005-11-14+06&maxdate=2005-11-15+08&cvsroot=%2Fcvsroot
Not really sure which bug might be the culprit.

Comment 1

[Martijn Wargers (dead)]

Talkback ID: TB19197302K
nsIMEStateManager::IsActive   nsIMEStateManager::OnChangeFocus   nsEventStateManager::PreHandleEvent   PresShell::HandleEventInternal   PresShell::HandleEvent   nsViewManager::HandleEvent   nsViewManager::DispatchEvent   HandleEvent   nsWindow::DispatchEvent   nsWindow::DispatchFocus   nsWindow::ProcessMessage   0x7ffdfc00
0x7ffdfc00
0x7ffdfc00
0x7ffdfc00
0x7ffdfc00 (etc)

So based on talkback, maybe bug 55751 is the guilty one?

Comment 2

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

Is this accessing to null pointer?
# I cannot see bug 210240 and the testcase.

Comment 3

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

Isn't this is a regression of bug 338122?
That patch removes pointer check in nsIMEStateManager::IsActive.

Comment 4

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

(In reply to comment #3)
> Isn't this is a regression of bug 338122?
> That patch removes pointer check in nsIMEStateManager::IsActive.

Ah, sorry. It's not right. the comment 0 doesn't say so.

Comment 5

[Masayuki Nakano [:masayuki] (he/him)(JST, +0900)]

Attachment: test patch

If the cause is the mShell of nsPresContext is null, this *suppress* to crash.
But maybe roc hate this patch. However, I don't know why the case is existing.

Comment 6

[Olli Pettay [:smaug][bugs@pettay.fi]]

(In reply to comment #5)
> However, I don't know why the case is existing.
>

When presshell is being deleted, prescontext's pointer to it is set to
null. That may happen especially during event handling.

Does this crash still happen? Couldn't reproduce.

Comment 7

[Martijn Wargers (dead)]

I still crash with the testcase, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061203 Minefield/3.0a1

Comment 8

[Olli Pettay [:smaug][bugs@pettay.fi]]

This is 'just' a null pointer crash. 

Comment 9

[Olli Pettay [:smaug][bugs@pettay.fi]]

Comment on attachment 224341 [details] [diff] [review]
test patch

Could we take the patch?

Comment 10

[Robert O'Callahan (:roc) (email my personal email if necessary)]

Comment on attachment 224341 [details] [diff] [review]
test patch

We can take this, although since nsPresContext::PresShell is never supposed to return null, it's bad that it can. So I'd like to see a patch that fixes that ... I thought presshell lifetime was suppsed to fully enclose the lifetime of its prescontext?

Comment 11

[Olli Pettay [:smaug][bugs@pettay.fi]]

Checked in.

We do have if (presContext->presShell) tests elsewhere too, 
for example they are needed in ESM, unfortunately.