Closed Bug 343953 Opened 18 years ago Closed 17 years ago

Crash [@ nsGenericHTMLElement::HandleDOMEventForAnchors]

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: glandium, Assigned: glandium)

References

Details

(Keywords: crash, fixed1.8.0.9, fixed1.8.1, Whiteboard: [needs testcase])

Crash Data

Attachments

(1 file, 1 obsolete file)

Proposed patch 18 years ago Mike Hommey [:glandium] 2.18 KB, patch		Details \| Diff \| Splinter Review
Proposed patch 18 years ago Mike Hommey [:glandium] 3.32 KB, patch	bryner : review+ jst : superreview+ dveditz : approval1.8.0.9+ darin.moz : approval1.8.1+	Details \| Diff \| Splinter Review

Mike Hommey [:glandium]

Assignee

Description

•

18 years ago

I get quite some random crashes, so I now have a permanent setting to dump a core whenever a crash occurs.

I got one just a few moments ago, and I can now provide some information. I don't know if this is the crash I get everytime, though.

Here is a full backtrace:

#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xa7d8ca6d in raise () from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#2  0x080825cc in nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:206
        unblock_sigs = {__val = {1024, 0 <repeats 31 times>}}
        oldact = <value optimized out>
#3  <signal handler called>
No symbol table info available.
#4  nsGenericHTMLElement::HandleDOMEventForAnchors (this=0xd9e74f0, aPresContext=0xb436398, aEvent=0xaffc0058, aDOMEvent=0x0, aFlags=1,
    aEventStatus=0xaffbfed4) at nsGenericHTMLElement.cpp:1560
        focusController = (class nsIFocusController *) 0x0
        isActive = 0
        win = {<nsCOMPtr_base> = {mRawPtr = 0xd4a83a0}, <No data fields>}
        handler = (class nsILinkHandler *) 0xd35a4b4
        document = (nsIDocument *) 0xaa16fe0
#5  0x082a568d in PresShell::HandleEventInternal (this=0xcbf1770, aEvent=0xaffc0058, aView=0xd93ad88, aFlags=1, aStatus=0xaffbfed4)
    at nsPresShell.cpp:6379
        isHandlingUserInput = 1
        manager = {<nsCOMPtr_base> = {mRawPtr = 0xb4366e8}, <No data fields>}
        rv = 0
#6  0x082a92e1 in PresShell::HandleEvent (this=0xcbf1770, aView=0xd93ad88, aEvent=0xaffc0058, aEventStatus=0xaffbfed4, aForceHandle=0,
    aHandled=@0xaffbfecc) at nsPresShell.cpp:6215
        esm = <value optimized out>
#7  0x084ac974 in nsViewManager::HandleEvent (this=0xb806750, aView=0xb8067c8, aEvent=0xaffc0058, aCaptured=0) at nsViewManager.cpp:2557
        handled = 1
        vVM = <value optimized out>
        v = (class nsView *) 0xd93ad88
#8  0x084adc55 in nsViewManager::DispatchEvent (this=0xb806750, aEvent=0xaffc0058, aStatus=0xaffbffc0) at nsViewManager.cpp:2246
        parent = <value optimized out>
        t2p = 0.25
        p2t = 13
        view = (class nsView *) 0xb8067c8
        capturedEvent = 0
#9  0x084a5966 in HandleEvent (aEvent=0xaffc0058) at nsView.cpp:171
        result = nsEventStatus_eIgnore
#10 0x08268df5 in nsCommonWidget::DispatchEvent (this=0xd4a8060, aEvent=0xaffc0058, aStatus=@0xaffc00a8) at nsCommonWidget.cpp:219
No locals.
#11 0x08265ab5 in nsWindow::OnButtonPressEvent (this=0xd4a8060, aWidget=0x9992a08, aEvent=0x8b4c690) at nsWindow.cpp:1565
        event = {<nsInputEvent> = {<nsGUIEvent> = {<nsEvent> = {eventStructType = 10 '\n', message = 302, point = {x = 4674, y = 5662}, refPoint = {
x = 359, y = 435}, time = 0, flags = 1024,
internalAppFlags = 2, userType = 0x0}, widget = 0xd4a8060, nativeMsg = 0x0}, isShift = 0,
    isControl = 0, isAlt = 0, isMeta = 0}, clickCount = 1, acceptActivation = 0 '\0', reason = nsMouseEvent::eReal}
#12 0x08265c06 in button_press_event_cb (widget=0x0, event=0x8b4c690) at nsWindow.cpp:3724
        window = (nsWindow *) 0xd542488
#13 0xa7bb6aa0 in _gtk_marshal_BOOLEAN__BOXED () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#14 0xa77d8a0b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#15 0xa77e8e83 in g_signal_chain_from_overridden () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#16 0xa77ea158 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#17 0xa77ea529 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
No symbol table info available.
#18 0xa7ca8624 in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#19 0xa7bb4ecd in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#20 0xa7bb5343 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#21 0xa7a48bfa in _gdk_events_queue () from /usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#22 0xa7768e2c in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#23 0xa776c176 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#24 0xa776c537 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#25 0xa7bb44e1 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#26 0x08268506 in nsAppShell::Run (this=0x8c357e8) at nsAppShell.cpp:139
No locals.
#27 0x08791102 in nsAppStartup::Run (this=0x8c357a8) at nsAppStartup.cpp:150
        rv = <value optimized out>
#28 0x0807c5f4 in XRE_main (argc=1, argv=0xaffc0b14, aAppData=0x8908a60) at nsAppRunner.cpp:2374
        remoteService = {<nsCOMPtr_base> = {mRawPtr = 0x9028468}, <No data fields>}
#29 0x08078587 in main (argc=0, argv=0x0) at nsBrowserApp.cpp:61
No locals.
#30 0xa72eaeb0 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#31 0x080784d1 in _start () at ../../../../dist/include/xpcom/nsCOMPtr.h:268

As you can see, the crash itself occurs in nsGenericHTMLElement::HandleDOMEventForAnchors in nsGenericHTMLElement.cpp at line 1560, which reads:
focusController->GetActive(&isActive);
... and focusController is ... NULL.

There's a need for a test there... or focusController is not supposed to be NULL in which case there's another bug leading to this crash.

Mike Hommey [:glandium]

Assignee

Comment 1

•

18 years ago

Attached patch Proposed patch (obsolete) — Details — Splinter Review

Seeing how other code uses focusControllers returned by GetRootFocusController, and what this method returns, it seems a test should be enough.

I also added tests in other places of the code similar to this one, there may be crashers there too.

Attachment #228520 - Flags: review?(bryner)

Mike Hommey [:glandium]

Assignee

Comment 2

•

18 years ago

Attached patch Proposed patch — Details — Splinter Review

Oops, I forgot the file where the crasher showed up.

Attachment #228520 - Attachment is obsolete: true

Attachment #228521 - Flags: review?(bryner)

Attachment #228520 - Flags: review?(bryner)

Adam Guthrie

Updated

•

18 years ago

Assignee: nobody → general

Component: General → DOM

Flags: review?(bryner)

Keywords: crash

Product: Firefox → Core

QA Contact: general → ian

Version: 1.5.0.x Branch → 1.8 Branch

Mike Hommey [:glandium]

Assignee

Comment 3

•

18 years ago

Hum. it'd be nice to know why the review flag has been removed.

:Gavin Sharp [email: gavin@gavinsharp.com]

Comment 4

•

18 years ago

(In reply to comment #3)
> Hum. it'd be nice to know why the review flag has been removed.

The fact that bugzilla bug 274802 isn't fixed :( Go ahead and request again.

Adam Guthrie

Comment 5

•

18 years ago

I guess I clobbered it when changing the component. Feel free to re-request.

Summary: Crash in nsGenericHTMLElement::HandleDOMEventForAnchors → Crash [@ nsGenericHTMLElement::HandleDOMEventForAnchors]

Mike Hommey [:glandium]

Assignee

Updated

•

18 years ago

Attachment #228521 - Flags: review?(bryner)

Olli Pettay [:smaug][bugs@pettay.fi]

Comment 6

•

18 years ago

*** Bug 281035 has been marked as a duplicate of this bug. ***

Boris Zbarsky [:bzbarsky]

Updated

•

17 years ago

Flags: blocking1.9a1?

Brian Ryner (not reading)

Updated

•

17 years ago

Attachment #228521 - Flags: review?(bryner) → review+

Olli Pettay [:smaug][bugs@pettay.fi]

Updated

•

17 years ago

Attachment #228521 - Flags: superreview?(jst)

Olli Pettay [:smaug][bugs@pettay.fi]

Comment 7

•

17 years ago

I'll check this in once sr+

Johnny Stenback (:jst)

Comment 8

•

17 years ago

Comment on attachment 228521 [details] [diff] [review]
Proposed patch

sr=jst

Attachment #228521 - Flags: superreview?(jst) → superreview+

Olli Pettay [:smaug][bugs@pettay.fi]

Updated

•

17 years ago

Assignee: general → mh+mozilla

Olli Pettay [:smaug][bugs@pettay.fi]

Comment 9

•

17 years ago

Checked in to trunk.

Status: NEW → RESOLVED

Closed: 17 years ago

Flags: blocking1.9a1?

Resolution: --- → FIXED

Martijn Wargers (dead)

Comment 10

•

17 years ago

Is this patch also something useful for branch?
The bug was filed on the 1.8 branch.

Martijn Wargers (dead)

Comment 11

•

17 years ago

Comment on attachment 228521 [details] [diff] [review]
Proposed patch

These are a bunch of null checks, so is safe enough for branch.

Attachment #228521 - Flags: approval1.8.1?

Darin Fisher

Comment 12

•

17 years ago

Comment on attachment 228521 [details] [diff] [review]
Proposed patch

a=darin on behalf of drivers for the MOZILLA_1_8_BRANCH.

Attachment #228521 - Flags: approval1.8.1? → approval1.8.1+

Martijn Wargers (dead)

Comment 13

•

17 years ago

Checking in content/html/content/src/nsGenericHTMLElement.cpp;
/cvsroot/mozilla/content/html/content/src/nsGenericHTMLElement.cpp,v  <--  nsGen
ericHTMLElement.cpp
new revision: 1.596.2.15; previous revision: 1.596.2.14
done
Checking in content/html/content/src/nsHTMLInputElement.cpp;
/cvsroot/mozilla/content/html/content/src/nsHTMLInputElement.cpp,v  <--  nsHTMLI
nputElement.cpp
new revision: 1.390.2.14; previous revision: 1.390.2.13
done
Checking in dom/src/base/nsGlobalWindow.cpp;
/cvsroot/mozilla/dom/src/base/nsGlobalWindow.cpp,v  <--  nsGlobalWindow.cpp
new revision: 1.761.2.59; previous revision: 1.761.2.58
done

Checked into the 1.8.1 branch.

Keywords: fixed1.8.1

Martijn Wargers (dead)

Comment 14

•

17 years ago

Comment on attachment 228521 [details] [diff] [review]
Proposed patch

I think it's also important to get this on the 1.8.0.x branch.

Attachment #228521 - Flags: approval1.8.0.8?

Olli Pettay [:smaug][bugs@pettay.fi]

Comment 15

•

17 years ago

*** Bug 181169 has been marked as a duplicate of this bug. ***

Daniel Veditz [:dveditz]

Comment 16

•

17 years ago

Comment on attachment 228521 [details] [diff] [review]
Proposed patch

approved for 1.8.0 branch, a=dveditz for drivers

Attachment #228521 - Flags: approval1.8.0.9? → approval1.8.0.9+

Martijn Wargers (dead)

Comment 17

•

17 years ago

Checking in content/html/content/src/nsGenericHTMLElement.cpp;
/cvsroot/mozilla/content/html/content/src/nsGenericHTMLElement.cpp,v  <--  nsGen
ericHTMLElement.cpp
new revision: 1.596.2.7.2.3; previous revision: 1.596.2.7.2.2
done
Checking in content/html/content/src/nsHTMLInputElement.cpp;
/cvsroot/mozilla/content/html/content/src/nsHTMLInputElement.cpp,v  <--  nsHTMLI
nputElement.cpp
new revision: 1.390.2.6.2.6; previous revision: 1.390.2.6.2.5
done
Checking in dom/src/base/nsGlobalWindow.cpp;
/cvsroot/mozilla/dom/src/base/nsGlobalWindow.cpp,v  <--  nsGlobalWindow.cpp
new revision: 1.761.2.22.2.12; previous revision: 1.761.2.22.2.11
done

Checked in on the 1.8.0.x branch.

Keywords: fixed1.8.0.9

alice nodelman [:alice] [:anode]

Comment 18

•

17 years ago

can I get a testcase/testing scenario for this bug for verification?

Whiteboard: [needs testcase]

Nobody; OK to take it and work on it

Updated

•

13 years ago

Crash Signature: [@ nsGenericHTMLElement::HandleDOMEventForAnchors]

Nobody; OK to take it and work on it

Updated

•

5 years ago

Component: DOM → DOM: Core & HTML

You need to log in before you can comment on or make changes to this bug.