Closed Bug 340969 Opened 14 years ago Closed 13 years ago

crash at [@ nsFormFillController::GetTextValue]

Categories

(Toolkit :: Form Manager, defect, critical)

x86
Windows XP
defect
Not set
critical

Tracking

()

VERIFIED FIXED

People

(Reporter: bugzilla, Assigned: smaug)

Details

(Keywords: crash, verified1.8.1.1)

Crash Data

Attachments

(2 files)

I just crashed when trying to restart firefox

TB19682796Y

nsFormFillController::GetTextValue 6b810bd7

and looking at the stacktrace there seems to be others that have crashed there too.

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060608 Minefield/3.0a1 ID:2006060804 [cairo]
Severity: normal → critical
Its seems you are running on both different sytems linux ans windows, what are you are up to...???
sergedardenne@gmail.com: huh? this bug is listed as windows, the report only mentions windows.

gemal happens to be a long time bug filer (among the top 10 iirc), so your question seems really strange.
Keywords: crash
Summary: crash at restart in nsFormFillController::GetTextValue → crash at restart in [@ nsFormFillController::GetTextValue]
just closed a popup window and got the same crash again.
In the window I had filled out a form
Summary: crash at restart in [@ nsFormFillController::GetTextValue] → crash at [@ nsFormFillController::GetTextValue]
if you go to:
http://link.etyper.com/survey/survey_launch.asp?p1=105851196&p2=82&p3=LIST&p4=http://www.kilroytravels.dk?TId=10585119682
press the link and fill out the form and hit submit I crash when the window closes.

TB19977780W
TB19977736Y
TB19977228W
I don't crash, but after visiting the page, something strange happens to WARNINGS:
⎻␊␍.
CSS E⎼⎼⎺⎼ (␤├├⎻://┬┬┬.┐␋┌⎼⎺≤├⎼▒┴␊┌⎽.␍┐/NR/⎼␍⎺┼┌≤⎼␊⎽/8C19642E-1B70-43DE-9C62-BE6B4F294C6A/0/┐␋┌⎼⎺≤.␌⎽⎽ :232.64): U┼┐┼⎺┬┼ ⎻⎼⎺⎻␊⎼├≤ '␤␋±␤├'.  D␊␌┌▒⎼▒├␋⎺┼ ␍⎼⎺⎻⎻␊␍.
CSS E⎼⎼⎺⎼ (␤├├⎻://┬┬┬.┐␋┌⎼⎺≤├⎼▒┴␊┌⎽.␍┐/NR/⎼␍⎺┼┌≤⎼␊⎽/8C19642E-1B70-43DE-9C62-BE6B4F294C6A/0/┐␋┌⎼⎺≤.␌⎽⎽ :231.61): U┼┐┼⎺┬┼ ⎻⎼⎺⎻␊⎼├≤ '␤␋±␤├'.  D␊␌┌▒⎼▒├␋⎺┼ ␍⎼⎺⎻⎻␊␍.
CSS E⎼⎼⎺⎼ (␤├├⎻://┬┬┬.┐␋┌⎼⎺≤├⎼▒┴␊┌⎽.␍┐/NR/⎼␍⎺┼┌≤⎼␊⎽/8C19642E-1B70-43DE-9C62-BE6B4F294C6A/0/┐␋┌⎼⎺≤.␌⎽⎽ :232.64): U┼┐┼⎺┬┼ ⎻⎼⎺⎻␊⎼├≤ '␤␋±␤├'.  D␊␌┌▒⎼▒├␋⎺┼ ␍⎼⎺⎻⎻␊␍.
--WEBSHELL 0│8°02810 == 4
--WEBSHELL 0│96398▒8 == 3
--DOMWINDOW == 11
--DOMWINDOW == 10
--DOMWINDOW == 9
WARNING: ⎼␊␌┤⎼⎼␋┼± ␋┼├⎺ °⎼▒└␊ ␌⎺┼⎽├⎼┤␌├␋⎺┼: '└P⎼␊⎽C⎺┼├␊│├->└L▒≤⎺┤├P␤▒⎽␊C⎺┤┼├[␊L▒≤⎺┤├P␤▒⎽␊_F⎼▒└␊C] == 0', °␋┌␊ ../../␍␋⎽├/␋┼␌┌┤␍␊/┌▒≤⎺┤├/┼⎽P⎼␊⎽C⎺┼├␊│├.␤, ┌␋┼␊ 846
WARNING: ⎼␊␌┤⎼⎼␋┼± ␋┼├⎺ °⎼▒└␊ ␌⎺┼⎽├⎼┤␌├␋⎺┼: '└P⎼␊⎽C⎺┼├␊│├->└L▒≤⎺┤├P␤▒⎽␊C⎺┤┼├[␊L▒≤⎺┤├P␤▒⎽␊_F⎼▒└␊C] == 0', °␋┌␊ ../../␍␋⎽├/␋┼␌┌┤␍␊/┌▒≤⎺┤├/┼⎽P⎼␊⎽C⎺┼├␊│├.␤, ┌␋┼␊ 846
WARNING: ⎼␊␌┤⎼⎼␋┼± ␋┼├⎺ °⎼▒└␊ ␌⎺┼⎽├⎼┤␌├␋⎺┼: '└P⎼␊⎽C⎺┼├␊│├->└L▒≤⎺┤├P␤▒⎽␊C⎺┤┼├[␊L▒≤⎺┤├P␤▒⎽␊_F⎼▒└␊C] == 0', °␋┌␊ ../../␍␋⎽├/␋┼␌┌┤␍␊/┌▒≤⎺┤├/┼⎽P⎼␊⎽C⎺┼├␊│├.␤, ┌␋┼␊ 846
WARNING: ⎼␊␌┤⎼⎼␋┼± ␋┼├⎺ °⎼▒└␊ ␌⎺┼⎽├⎼┤␌├␋⎺┼: '└P⎼␊⎽C⎺┼├␊│├->└L▒≤⎺┤├P␤▒⎽␊C⎺┤┼├[␊L▒≤⎺┤├P␤▒⎽␊_F⎼▒└␊C] == 0', °␋┌␊ ../../␍␋⎽├/␋┼␌┌┤␍␊/┌▒≤⎺┤├/┼⎽P⎼␊⎽C⎺┼├␊│├.␤, ┌␋┼␊ 846
WARNING: ⎼␊␌┤⎼⎼␋┼± ␋┼├⎺ °⎼▒└␊ ␌⎺┼⎽├⎼┤␌├␋⎺┼: '└P⎼␊⎽C⎺┼├␊│├->└L▒≤⎺┤├P␤▒⎽␊C⎺┤┼├[␊L▒≤⎺┤├P␤▒⎽␊_F⎼▒└␊C] == 0', °␋┌␊ ../../␍␋⎽├/␋┼␌┌┤␍␊/┌▒≤⎺┤├/┼⎽P⎼␊⎽C⎺┼├␊│├.␤, ┌␋┼␊ 846
WARNING: ⎼␊␌┤⎼⎼␋┼± ␋┼├⎺ °⎼▒└␊ ␌⎺┼⎽├⎼┤␌├␋⎺┼: '└P⎼␊⎽C⎺┼├␊│├->└L▒≤⎺┤├P␤▒⎽␊C⎺┤┼├[␊L▒≤⎺┤├P␤▒⎽␊_F⎼▒└␊C] == 0', °␋┌␊ ../../␍␋⎽├/␋┼␌┌┤␍␊/┌▒≤⎺┤├/┼⎽P⎼␊⎽C⎺┼├␊│├.␤, ┌␋┼␊ 846
WARNING: ⎼␊␌┤⎼⎼␋┼± ␋┼├⎺ °⎼▒└␊ ␌⎺┼⎽├⎼┤␌├␋⎺┼: '└P⎼␊⎽C⎺┼├␊│├->└L▒≤⎺┤├P␤▒⎽␊C⎺┤┼├[␊L▒≤⎺┤├P␤▒⎽␊_F⎼▒└␊C] == 0', °␋┌␊ ../../␍␋⎽├/␋┼␌┌┤␍␊/┌▒≤⎺┤├/┼⎽P⎼␊⎽C⎺┼├␊│├.␤, ┌␋┼␊ 846
WARNING: ⎼␊␌┤⎼⎼␋┼± ␋┼├⎺ °⎼▒└␊ ␌⎺┼⎽├⎼┤␌├␋⎺┼: '└P⎼␊⎽C⎺┼├␊│├->└L▒≤⎺┤├P␤▒⎽␊C⎺┤┼├[␊L▒≤⎺┤├P␤▒⎽␊_F⎼▒└␊C] == 0', °␋┌␊ ../../␍␋⎽├/␋┼␌┌┤␍␊/┌▒≤⎺┤├/┼⎽P⎼␊⎽C⎺┼├␊│├.␤, ┌␋┼␊ 846
argh, sorry about that. Anyway, warnings are garbage
For instance http://talkback-public.mozilla.org/search/start.jsp?search=2&type=iid&id=22638013
has a more complete stacktrace (all branch crashes have a more complete stacktrace):
nsFormFillController::GetTextValue  [mozilla/toolkit/components/satchel/src/nsFormFillController.cpp, line 415]
XPCWrappedNative::CallMethod  [mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2169]
XPC_WN_GetterSetter  [mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1482]
js_Invoke  [mozilla/js/src/jsinterp.c, line 1350]
js_InternalInvoke  [mozilla/js/src/jsinterp.c, line 1448]
js_InternalGetOrSet  [mozilla/js/src/jsinterp.c, line 1508]
js_GetProperty  [mozilla/js/src/jsobj.c, line 3439]
JS_GetUCProperty  [mozilla/js/src/jsapi.c, line 3076]
leakmon.dll + 0x2796 (0x10002796)
leakmon.dll + 0x15a3 (0x100015a3)
leakmon.dll + 0x20ac (0x100020ac)
leakmon.dll + 0x1c85 (0x10001c85)
leakmon.dll + 0x1ce2 (0x10001ce2)
leakmon.dll + 0x1c4e (0x10001c4e)
js_ForceGC  [mozilla/js/src/jsgc.c, line 2251]
ScopedXPCOMStartup::~ScopedXPCOMStartup  [mozilla/toolkit/xre/nsAppRunner.cpp, line 551]
main  [mozilla/browser/app/nsBrowserApp.cpp, line 61]
kernel32.dll + 0x16d4f (0x7c816d4f)

So this seems to be happening in combination with the leak monitor.
A testcase for this is to run the following in the error console:
Components.classes["@mozilla.org/satchel/form-fill-controller;1"].createInstance().QueryInterface(Components.interfaces.nsIAutoCompleteInput).textValue;
Attached patch proposed patch.Splinter Review
Just adding null checks.
I decided to not to return error code when mFocusedInput is null.
That is how the situation is handled also in other similar methods,
like in ::GetSelectionStart
Assignee: nobody → Olli.Pettay
Status: NEW → ASSIGNED
Attachment #238609 - Flags: first-review?(dbaron)
Comment on attachment 238609 [details] [diff] [review]
proposed patch.

In GetTextValue you should call aTextValue.Truncate() if you're not calling mFocusedInput->GetValue so that you clear the string if it's non-empty.  With that, r=dbaron.
Attachment #238609 - Flags: first-review?(dbaron) → first-review+
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment on attachment 238609 [details] [diff] [review]
proposed patch.

This seems like a safe fix for the branch.
Attachment #238609 - Flags: approval1.8.1?
Comment on attachment 238609 [details] [diff] [review]
proposed patch.

too late for non-blockers, please renom for 1.8.11
Attachment #238609 - Flags: approval1.8.1? → approval1.8.1-
Flags: blocking1.8.1.1?
Flags: blocking1.8.1.1? → blocking1.8.1.1+
Attachment #238609 - Flags: approval1.8.1.1?
Comment on attachment 238609 [details] [diff] [review]
proposed patch.

approved for 1.8 branch, a=dveditz for drivers
Attachment #238609 - Flags: approval1.8.1.1? → approval1.8.1.1+
Attached patch with .Truncate()Splinter Review
Keywords: fixed1.8.1.1
v.fixed on 1.8.1 branch with 
Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.1pre) Gecko/20061128 BonEcho/2.0.0.1pre
Verified based on test in comment 8.

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1pre) Gecko/2008062306 GranParadiso/3.0.1pre
Status: RESOLVED → VERIFIED
Component: Satchel → Form Manager
Crash Signature: [@ nsFormFillController::GetTextValue]
You need to log in before you can comment on or make changes to this bug.