Closed
Bug 343953
Opened 18 years ago
Closed 18 years ago
Crash [@ nsGenericHTMLElement::HandleDOMEventForAnchors]
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: glandium, Assigned: glandium)
References
Details
(Keywords: crash, fixed1.8.0.9, fixed1.8.1, Whiteboard: [needs testcase])
Crash Data
Attachments
(1 file, 1 obsolete file)
|
3.32 KB,
patch
|
bryner
:
review+
jst
:
superreview+
dveditz
:
approval1.8.0.9+
darin.moz
:
approval1.8.1+
|
Details | Diff | Splinter Review |
I get quite some random crashes, so I now have a permanent setting to dump a core whenever a crash occurs.
I got one just a few moments ago, and I can now provide some information. I don't know if this is the crash I get everytime, though.
Here is a full backtrace:
#0 0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1 0xa7d8ca6d in raise () from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#2 0x080825cc in nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:206
unblock_sigs = {__val = {1024, 0 <repeats 31 times>}}
oldact = <value optimized out>
#3 <signal handler called>
No symbol table info available.
#4 nsGenericHTMLElement::HandleDOMEventForAnchors (this=0xd9e74f0, aPresContext=0xb436398, aEvent=0xaffc0058, aDOMEvent=0x0, aFlags=1,
aEventStatus=0xaffbfed4) at nsGenericHTMLElement.cpp:1560
focusController = (class nsIFocusController *) 0x0
isActive = 0
win = {<nsCOMPtr_base> = {mRawPtr = 0xd4a83a0}, <No data fields>}
handler = (class nsILinkHandler *) 0xd35a4b4
document = (nsIDocument *) 0xaa16fe0
#5 0x082a568d in PresShell::HandleEventInternal (this=0xcbf1770, aEvent=0xaffc0058, aView=0xd93ad88, aFlags=1, aStatus=0xaffbfed4)
at nsPresShell.cpp:6379
isHandlingUserInput = 1
manager = {<nsCOMPtr_base> = {mRawPtr = 0xb4366e8}, <No data fields>}
rv = 0
#6 0x082a92e1 in PresShell::HandleEvent (this=0xcbf1770, aView=0xd93ad88, aEvent=0xaffc0058, aEventStatus=0xaffbfed4, aForceHandle=0,
aHandled=@0xaffbfecc) at nsPresShell.cpp:6215
esm = <value optimized out>
#7 0x084ac974 in nsViewManager::HandleEvent (this=0xb806750, aView=0xb8067c8, aEvent=0xaffc0058, aCaptured=0) at nsViewManager.cpp:2557
handled = 1
vVM = <value optimized out>
v = (class nsView *) 0xd93ad88
#8 0x084adc55 in nsViewManager::DispatchEvent (this=0xb806750, aEvent=0xaffc0058, aStatus=0xaffbffc0) at nsViewManager.cpp:2246
parent = <value optimized out>
t2p = 0.25
p2t = 13
view = (class nsView *) 0xb8067c8
capturedEvent = 0
#9 0x084a5966 in HandleEvent (aEvent=0xaffc0058) at nsView.cpp:171
result = nsEventStatus_eIgnore
#10 0x08268df5 in nsCommonWidget::DispatchEvent (this=0xd4a8060, aEvent=0xaffc0058, aStatus=@0xaffc00a8) at nsCommonWidget.cpp:219
No locals.
#11 0x08265ab5 in nsWindow::OnButtonPressEvent (this=0xd4a8060, aWidget=0x9992a08, aEvent=0x8b4c690) at nsWindow.cpp:1565
event = {<nsInputEvent> = {<nsGUIEvent> = {<nsEvent> = {eventStructType = 10 '\n', message = 302, point = {x = 4674, y = 5662}, refPoint = {
x = 359, y = 435}, time = 0, flags = 1024,
internalAppFlags = 2, userType = 0x0}, widget = 0xd4a8060, nativeMsg = 0x0}, isShift = 0,
isControl = 0, isAlt = 0, isMeta = 0}, clickCount = 1, acceptActivation = 0 '\0', reason = nsMouseEvent::eReal}
#12 0x08265c06 in button_press_event_cb (widget=0x0, event=0x8b4c690) at nsWindow.cpp:3724
window = (nsWindow *) 0xd542488
#13 0xa7bb6aa0 in _gtk_marshal_BOOLEAN__BOXED () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#14 0xa77d8a0b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#15 0xa77e8e83 in g_signal_chain_from_overridden () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#16 0xa77ea158 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#17 0xa77ea529 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#18 0xa7ca8624 in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#19 0xa7bb4ecd in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#20 0xa7bb5343 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#21 0xa7a48bfa in _gdk_events_queue () from /usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#22 0xa7768e2c in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#23 0xa776c176 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#24 0xa776c537 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#25 0xa7bb44e1 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#26 0x08268506 in nsAppShell::Run (this=0x8c357e8) at nsAppShell.cpp:139
No locals.
#27 0x08791102 in nsAppStartup::Run (this=0x8c357a8) at nsAppStartup.cpp:150
rv = <value optimized out>
#28 0x0807c5f4 in XRE_main (argc=1, argv=0xaffc0b14, aAppData=0x8908a60) at nsAppRunner.cpp:2374
remoteService = {<nsCOMPtr_base> = {mRawPtr = 0x9028468}, <No data fields>}
#29 0x08078587 in main (argc=0, argv=0x0) at nsBrowserApp.cpp:61
No locals.
#30 0xa72eaeb0 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#31 0x080784d1 in _start () at ../../../../dist/include/xpcom/nsCOMPtr.h:268
As you can see, the crash itself occurs in nsGenericHTMLElement::HandleDOMEventForAnchors in nsGenericHTMLElement.cpp at line 1560, which reads:
focusController->GetActive(&isActive);
... and focusController is ... NULL.
There's a need for a test there... or focusController is not supposed to be NULL in which case there's another bug leading to this crash.
|
Assignee | |
Comment 1•18 years ago
|
||
Seeing how other code uses focusControllers returned by GetRootFocusController, and what this method returns, it seems a test should be enough. I also added tests in other places of the code similar to this one, there may be crashers there too.
Attachment #228520 -
Flags: review?(bryner)
|
|
Assignee | |
Comment 2•18 years ago
|
||
Oops, I forgot the file where the crasher showed up.
Attachment #228520 -
Attachment is obsolete: true
Attachment #228521 -
Flags: review?(bryner)
Attachment #228520 -
Flags: review?(bryner)
|
||
Updated•18 years ago
|
Assignee: nobody → general
Component: General → DOM
Flags: review?(bryner)
Keywords: crash
Product: Firefox → Core
QA Contact: general → ian
Version: 1.5.0.x Branch → 1.8 Branch
|
|
Assignee | |
Comment 3•18 years ago
|
||
Hum. it'd be nice to know why the review flag has been removed.
|
||
Comment 4•18 years ago
|
||
(In reply to comment #3) > Hum. it'd be nice to know why the review flag has been removed. The fact that bugzilla bug 274802 isn't fixed :( Go ahead and request again.
|
|
||
Comment 5•18 years ago
|
||
I guess I clobbered it when changing the component. Feel free to re-request.
Summary: Crash in nsGenericHTMLElement::HandleDOMEventForAnchors → Crash [@ nsGenericHTMLElement::HandleDOMEventForAnchors]
|
|
Assignee | |
Updated•18 years ago
|
Attachment #228521 -
Flags: review?(bryner)
|
||
Comment 6•18 years ago
|
||
*** Bug 281035 has been marked as a duplicate of this bug. ***
|
||
Updated•18 years ago
|
Flags: blocking1.9a1?
|
||
Updated•18 years ago
|
Attachment #228521 -
Flags: review?(bryner) → review+
|
|
||
Updated•18 years ago
|
Attachment #228521 -
Flags: superreview?(jst)
|
|
||
Comment 7•18 years ago
|
||
I'll check this in once sr+
|
||
Comment 8•18 years ago
|
||
Comment on attachment 228521 [details] [diff] [review] Proposed patch sr=jst
Attachment #228521 -
Flags: superreview?(jst) → superreview+
|
|
||
Updated•18 years ago
|
Assignee: general → mh+mozilla
|
|
||
Comment 9•18 years ago
|
||
Checked in to trunk.
Status: NEW → RESOLVED
Closed: 18 years ago
Flags: blocking1.9a1?
Resolution: --- → FIXED
|
||
Comment 10•18 years ago
|
||
Is this patch also something useful for branch? The bug was filed on the 1.8 branch.
|
|
||
Comment 11•18 years ago
|
||
Comment on attachment 228521 [details] [diff] [review] Proposed patch These are a bunch of null checks, so is safe enough for branch.
Attachment #228521 -
Flags: approval1.8.1?
|
||
Comment 12•18 years ago
|
||
Comment on attachment 228521 [details] [diff] [review] Proposed patch a=darin on behalf of drivers for the MOZILLA_1_8_BRANCH.
Attachment #228521 -
Flags: approval1.8.1? → approval1.8.1+
|
|
||
Comment 13•18 years ago
|
||
Checking in content/html/content/src/nsGenericHTMLElement.cpp; /cvsroot/mozilla/content/html/content/src/nsGenericHTMLElement.cpp,v <-- nsGen ericHTMLElement.cpp new revision: 1.596.2.15; previous revision: 1.596.2.14 done Checking in content/html/content/src/nsHTMLInputElement.cpp; /cvsroot/mozilla/content/html/content/src/nsHTMLInputElement.cpp,v <-- nsHTMLI nputElement.cpp new revision: 1.390.2.14; previous revision: 1.390.2.13 done Checking in dom/src/base/nsGlobalWindow.cpp; /cvsroot/mozilla/dom/src/base/nsGlobalWindow.cpp,v <-- nsGlobalWindow.cpp new revision: 1.761.2.59; previous revision: 1.761.2.58 done Checked into the 1.8.1 branch.
Keywords: fixed1.8.1
|
|
||
Comment 14•18 years ago
|
||
Comment on attachment 228521 [details] [diff] [review] Proposed patch I think it's also important to get this on the 1.8.0.x branch.
Attachment #228521 -
Flags: approval1.8.0.8?
|
|
||
Comment 15•18 years ago
|
||
*** Bug 181169 has been marked as a duplicate of this bug. ***
|
||
Comment 16•18 years ago
|
||
Comment on attachment 228521 [details] [diff] [review] Proposed patch approved for 1.8.0 branch, a=dveditz for drivers
Attachment #228521 -
Flags: approval1.8.0.9? → approval1.8.0.9+
|
|
||
Comment 17•18 years ago
|
||
Checking in content/html/content/src/nsGenericHTMLElement.cpp; /cvsroot/mozilla/content/html/content/src/nsGenericHTMLElement.cpp,v <-- nsGen ericHTMLElement.cpp new revision: 1.596.2.7.2.3; previous revision: 1.596.2.7.2.2 done Checking in content/html/content/src/nsHTMLInputElement.cpp; /cvsroot/mozilla/content/html/content/src/nsHTMLInputElement.cpp,v <-- nsHTMLI nputElement.cpp new revision: 1.390.2.6.2.6; previous revision: 1.390.2.6.2.5 done Checking in dom/src/base/nsGlobalWindow.cpp; /cvsroot/mozilla/dom/src/base/nsGlobalWindow.cpp,v <-- nsGlobalWindow.cpp new revision: 1.761.2.22.2.12; previous revision: 1.761.2.22.2.11 done Checked in on the 1.8.0.x branch.
Keywords: fixed1.8.0.9
|
||
Comment 18•18 years ago
|
||
can I get a testcase/testing scenario for this bug for verification?
Whiteboard: [needs testcase]
|
||
Updated•13 years ago
|
Crash Signature: [@ nsGenericHTMLElement::HandleDOMEventForAnchors]
|
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•