Closed Bug 34148 Opened 26 years ago Closed 26 years ago

crash after focusing text field in Open Web Location

Categories

(SeaMonkey :: General, defect, P3)

Product:
SeaMonkey
Component:
General
Platform:
x86
Windows NT
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: danm.moz, Assigned: danm.moz)

Details

(Keywords: crash)

Launch. File > Open Web Location (dialog). Use the mouse or keyboard; doesn't matter. Mouseclick in the dialog's text edit field. Type or not, but dismiss the dialog with a keystroke (enter or escape, but not by clicking an exit button). In the browser window, click anywhere below the toolbar. Mozilla crashes (initially, it's an nsCOMPtr assertion exhorting you not to dereference null.) at the indicated line, #2176 in this morning's nsEventStateManager.cpp, where shell is null. gLastFocusedContent->GetDocument(*getter_AddRefs(doc)); if (doc) { nsCOMPtr<nsIPresShell> shell = getter_AddRefs(doc->GetShellAt(0)); nsCOMPtr<nsIPresContext> oldPresContext; -> shell->GetPresContext(getter_AddRefs(oldPresContext)); //fire blur nsEventStatus status = nsEventStatus_eIgnore; nsEvent event; event.eventStructType = NS_EVENT; (assertion noise) nsCOMPtr<nsIPresShell>::operator->() line 621 + 34 bytes nsEventStateManager::SendFocusBlur(nsEventStateManager * const 0x036ba1b0, nsIPresContext * 0x036b22f0, nsIContent * 0x00000000) line 2176 + 35 bytes nsEventStateManager::ChangeFocus(nsIContent * 0x00000000, nsIFrame * 0x02c73f28, int 0x00000001) line 1624 nsEventStateManager::PostHandleEvent(nsEventStateManager * const 0x036ba1b0, nsIPresContext * 0x036b22f0, nsGUIEvent * 0x0012fac8, nsIFrame * 0x02c73f28, nsEventStatus * 0x0012f9d4, nsIView * 0x036c30e0) line 748 PresShell::HandleEvent(PresShell * const 0x03687134, nsIView * 0x036c30e0, nsGUIEvent * 0x0012fac8, nsEventStatus * 0x0012f9d4, int & 0x00000001) line 3455 + 43 bytes nsView::HandleEvent(nsView * const 0x036c30e0, nsGUIEvent * 0x0012fac8, unsigned int 0x00000008, nsEventStatus * 0x0012f9d4, int & 0x00000001) line 811 nsView::HandleEvent(nsView * const 0x036c3ab0, nsGUIEvent * 0x0012fac8, unsigned int 0x00000008, nsEventStatus * 0x0012f9d4, int & 0x00000001) line 784 nsView::HandleEvent(nsView * const 0x03687b10, nsGUIEvent * 0x0012fac8, unsigned int 0x0000001c, nsEventStatus * 0x0012f9d4, int & 0x00000001) line 784 nsViewManager2::DispatchEvent(nsViewManager2 * const 0x03687cf0, nsGUIEvent * 0x0012fac8, nsEventStatus * 0x0012f9d4) line 1349 HandleEvent(nsGUIEvent * 0x0012fac8) line 69 nsWindow::DispatchEvent(nsWindow * const 0x036c3984, nsGUIEvent * 0x0012fac8, nsEventStatus & nsEventStatus_eIgnore) line 498 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fac8) line 519 nsWindow::DispatchMouseEvent(unsigned int 0x0000012e, nsPoint * 0x00000000) line 3081 + 21 bytes ChildWindow::DispatchMouseEvent(unsigned int 0x0000012e, nsPoint * 0x00000000) line 3288 nsWindow::ProcessMessage(unsigned int 0x00000201, unsigned int 0x00000001, long 0x008c00e2, long * 0x0012fd94) line 2268 + 24 bytes nsWindow::WindowProc(HWND__ * 0x00c2015c, unsigned int 0x00000201, unsigned int 0x00000001, long 0x008c00e2) line 676 + 27 bytes USER32
worksforme
works for me too, but I should put in a null check. The horkage late last week aggrovated this.
Status: NEW → ASSIGNED
Target Milestone: --- → M15
This is all disappointing that no one sees this but me. It crashes every time on both my NT boxes, with builds made the day I reported the problem and with one I pulled and built this morning. The good-ish news is, the crash goes away after I put in null checks for the lot of them (shell, oldPresContext and esm) there in nsEventStateManager::PreHandleEvent NS_DEACTIVATE *and* in the similar code at nsEventStateManager::SendFocusBlur.
danm, you run with a heap scrambler turned on, don't you? :-) Seriously, what could be causing memory shuffle on your machine? This sounds like a dangling pointer... I'll check that theory on MacOS tomorrow.
*I* can make saari's machine crash. It's nice to know I have an alternative career as a mechanoclast. And I was so careful to write the most explicit instructions I could ... I'm taking the bug because I happen to have a fix for it in my tree.
Assignee: saari → danm
Status: ASSIGNED → NEW
now with new null checks. mmmmmmmm.
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Adding crash keyword
Keywords: crash
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.