Closed
Bug 344884
Opened 18 years ago
Closed 18 years ago
Flickr - Attempt to delete note from picture causes crash [@ nsTextControlFrame::SetValue]
Categories
(Core :: DOM: Editor, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 344560
People
(Reporter: kpesavento, Unassigned)
References
()
Details
(Keywords: crash, regression, top100)
Crash Data
Attachments
(1 file)
14.69 KB,
text/plain; charset=utf-8
|
Details |
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1 Firefox 2 Beta 1 crashes when one attempts to delete a note from a picture of theirs on Flickr. Reproducible: Always Steps to Reproduce: 1. Log in to flickr. 2. View a picture in your account with a note attached to it. 3. Click on the Note. 4. Click on Delete button for Note. Actual Results: Browser Crashes Expected Results: Note successfully deletes, Browser does not crash.
Reporter | ||
Comment 1•18 years ago
|
||
Other things to note: this does NOT happen in 1.5.0.4. It DOES happen in 2.0b1 Safe Mode.
Comment 2•18 years ago
|
||
Please install (or enable) Talkback and get a Talkback ID for the crash. http://kb.mozillazine.org/Talkback
Updated•18 years ago
|
Severity: normal → critical
Reporter | ||
Comment 3•18 years ago
|
||
Last Talkback ID from this bug: TB21019918Y
Comment 4•18 years ago
|
||
Bug also occurs in Firefox 2.0b1 on Linux: TB21047986G Bug 209270 and bug 301270 also have nsTextControlFrame::SetValue at the top, but they have a different stack leading up to it so I'm confirming this bug as a separate issue for now.
Status: UNCONFIRMED → NEW
Component: General → Editor
Ever confirmed: true
OS: Windows XP → All
Product: Firefox → Core
QA Contact: general
Summary: Flickr - Attempt to delete note from picture causes crash → Flickr - Attempt to delete note from picture causes crash [@ nsTextControlFrame::SetValue]
Version: unspecified → 1.8 Branch
Updated•18 years ago
|
Keywords: talkbackid
Comment 5•18 years ago
|
||
Incident ID: 21019918 Stack Signature nsTextControlFrame::SetValue 0923404f Product ID Firefox2 Build ID 2006071020 Trigger Time 2006-07-16 18:18:29.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module firefox.exe + (0018433f) URL visited http://www.flickr.com User Comments I was deleting a note from a picture from my flickr account. Since Last Crash 73503 sec Total Uptime 73503 sec Trigger Reason Access violation Source File, Line No. c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/layout/forms/nsTextControlFrame.cpp, line 3252 Stack Trace nsTextControlFrame::SetValue [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/layout/forms/nsTextControlFrame.cpp, line 3252] nsTextControlFrame::SetProperty [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/layout/forms/nsTextControlFrame.cpp, line 2416] nsHTMLTextAreaElement::SetValue [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/content/html/content/src/nsHTMLTextAreaElement.cpp, line 435] XPCWrappedNative::CallMethod [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2160] XPC_WN_GetterSetter [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1474] js_Invoke [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1349] js_InternalInvoke [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1447] js_InternalGetOrSet [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1507] js_SetProperty [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/jsobj.c, line 3370] js_Interpret [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 3835] js_Invoke [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1368] js_InternalInvoke [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c, line 1447] JS_CallFunctionValue [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/js/src/jsapi.c, line 4377] nsJSContext::CallEventHandler [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1474] nsJSEventListener::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/dom/src/events/nsJSEventListener.cpp, line 195] nsEventListenerManager::HandleEventSubType [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1655] nsEventListenerManager::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp, line 1762] nsGenericElement::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 2223] nsHTMLInputElement::HandleDOMEvent [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/content/html/content/src/nsHTMLInputElement.cpp, line 1507] PresShell::HandleEventInternal [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6379] PresShell::HandleEventWithTarget [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6277] nsEventStateManager::CheckForAndDispatchClick [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/content/events/src/nsEventStateManager.cpp, line 3097] nsEventStateManager::PostHandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/content/events/src/nsEventStateManager.cpp, line 2076] PresShell::HandleEventInternal [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6451] PresShell::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/layout/base/nsPresShell.cpp, line 6215] nsViewManager::HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp, line 2559] nsViewManager::DispatchEvent [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp, line 2246] HandleEvent [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/view/src/nsView.cpp, line 174] nsWindow::DispatchEvent [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1349] nsWindow::DispatchMouseEvent [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 6213] ChildWindow::DispatchMouseEvent [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 6460] nsWindow::WindowProc [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp, line 1538] USER32.dll + 0x8734 (0x77d48734) USER32.dll + 0x8816 (0x77d48816) USER32.dll + 0x89cd (0x77d489cd) USER32.dll + 0x8a10 (0x77d48a10) nsAppShell::Run [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/widget/src/windows/nsAppShell.cpp, line 159] nsAppStartup::Run [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 152] main [c:/builds/tinderbox/Fx-Mozilla1.8-release/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 61] kernel32.dll + 0x16d4f (0x7c816d4f)
Keywords: talkbackid
Comment 6•18 years ago
|
||
The "Steps to Reproduce" seems like an operation many users might do. I don't think we should ship Fx2 with this bug.
Flags: blocking1.8.1?
Reporter | ||
Comment 8•18 years ago
|
||
First happens in Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1a3) Gecko/20060706 BonEcho/2.0a3 TalkBack ID: TB21268350H
Updated•18 years ago
|
Flags: blocking1.8.1? → blocking1.8.1+
What's useful is a *range*. What was the last build you tried that didn't have the problem?
I tested that this regressed between Linux nightlies 2006-07-05-04-mozilla1.8 and 2006-07-06-04-mozilla1.8. And it's still present in 2006-07-31-04-mozilla1.8.
Hardware: PC → All
This is the first of the series of "invalid read" valgrind warnings that happen right before the crash, and probably the one that best shows the cause of the problem. Note that mozInlineSpellChecker::SpellCheckAfterEditorChange is deep within the free stack and near the top of the access stack, so this looks like it's a crash-on-unwind.
Comment 12•18 years ago
|
||
Looks like (more) fallout from the patch in bug 339066/bug 343532, then.
Comment 13•18 years ago
|
||
My first impression is that this ass the same cause as bug 344560 which I'm currently working on.
Blocks: SpellCheckTracking
Note that I also saw this over the weekend in the flickr photo organizer -- pretty much the same symptoms in the debugger, except I didn't have steps to reproduce.
Comment 15•18 years ago
|
||
*** Bug 346262 has been marked as a duplicate of this bug. ***
Comment 16•18 years ago
|
||
*** This bug has been marked as a duplicate of 344560 ***
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ nsTextControlFrame::SetValue]
You need to log in
before you can comment on or make changes to this bug.
Description
•