Closed
Bug 354491
Opened 19 years ago
Closed 19 years ago
crash [@ 0x08ad8558 - nsIView::GetPosition] using visual event debugging
Categories
(Core :: Web Painting, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: roc)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
17.60 KB,
patch
|
MatsPalmgren_bugz
:
review+
rbs
:
superreview+
|
Details | Diff | Splinter Review |
mozconfig:
# Make flags
mk_add_options MOZ_CO_PROJECT=suite
mk_add_options MOZ_MAKE_FLAGS="-j9 -s"
mk_add_options MOZ_CO_MODULE="mozilla/tools"
# Configure flags
ac_add_options --enable-application=suite
ac_add_options --enable-default-toolkit=gtk2 --enable-xft --disable-freetype2 --disable-pango
ac_add_options --enable-debugger-info-modules
ac_add_options --enable-trace-malloc
ac_add_options --enable-logrefcnt
ac_add_options --enable-codesighs
ac_add_options --enable-tests
ac_add_options --enable-extensions=all
ac_add_options --enable-debug
cvsco.log:
checkout finish: Mon Sep 18 18:47:15 EEST 2006
minimum required extensions:
layout-debug, inspector
steps:
1. build debug w/ extensions: layout debug + domi (they're extensions, no need to rebuild the world)
2. run your new gecko (you don't want to crash your current one), i'm using suite which seems to give me the profile manager by default, if you're using firefox, add a -P and -no-remote
commandline i'm using:
tinderbox:/opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/objdirs/seamonkey2-objdir/dist/bin$ ./run-mozilla.sh -g -d gdb ./seamonkey-bin -layoutdebug about:blank
3. create a new profile and use it
4. open domi
5. file>inspect window>about:blank
6. in layout debugger, toggle>visual event debugging
this will check it and result in pretty stuff :)
7. in domi, click the widget next to class (looks like a mouse w/ a down arrow)
8. click 'id'
actual results:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1224300864 (LWP 15793)]
0x08ad8558 in ?? ()
(gdb) where
#0 0x08ad8558 in ?? ()
#1 0xb67c8268 in nsIView::GetPosition (this=0x8ad8560) at ../../../dist/include/view/nsIView.h:166
#2 0xb6bfb90c in ApplyClipRect (aView=0x8ad8560, aRect=0xbfe7efe0, aFollowPlaceholders=0, aStopAtView=0x0) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/view/src/nsView.cpp:906
#3 0xb6bfbb73 in nsView::GetClippedRect (this=0x8ad8560, aStopAtView=0x0) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/view/src/nsView.cpp:982
#4 0xb6c02122 in nsViewManager::UpdateView (this=0x899f718, aView=0x8ad8560, aRect=@0xb728c548, aUpdateFlags=0) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/view/src/nsViewManager.cpp:1217
#5 0xb67fe38c in PresShell::ShowEventTargetDebug (this=0x88dac58) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/layout/base/nsPresShell.cpp:6085
#6 0xb68086ad in PresShell::HandlePositionedEvent (this=0x88dac58, aView=0xb728c548, aTargetFrame=0x8a535a0, aEvent=0xbfe7f2ec, aEventStatus=0xb728c548) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/layout/base/nsPresShell.cpp:6142
#7 0xb6808feb in PresShell::HandleEvent (this=0x88dac58, aView=0x8836b48, aEvent=0xbfe7f2ec, aEventStatus=0xbfe7f194) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/layout/base/nsPresShell.cpp:5966
#8 0xb6c04803 in nsViewManager::HandleEvent (this=0x899f718, aView=0x8836b48, aPoint=@0xbfe7f264, aEvent=0xbfe7ef5c, aCaptured=0) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/view/src/nsViewManager.cpp:1665
#9 0xb6c052b7 in nsViewManager::DispatchEvent (this=0x899f718, aEvent=0xbfe7f2ec, aStatus=0xbfe7f29c) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/view/src/nsViewManager.cpp:1621
#10 0xb6bf9ec7 in HandleEvent (aEvent=0xbfe7f2ec) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/view/src/nsView.cpp:171
#11 0xb5a9acce in nsCommonWidget::DispatchEvent (this=0x8a73868, aEvent=0xbfe7f2ec, aStatus=@0xbfe7f338) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/widget/src/gtk2/nsCommonWidget.cpp:216
#12 0xb5a89d3b in nsWindow::OnEnterNotifyEvent (this=0x8a73868, aWidget=0x8557548, aEvent=0x83bb418) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/widget/src/gtk2/nsWindow.cpp:1777
#13 0xb5a8c2a8 in enter_notify_event_cb (widget=0xb728c548, event=0x83bb418) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/widget/src/gtk2/nsWindow.cpp:4158
#14 0xb7811110 in _gtk_marshal_BOOLEAN__BOXED () from /usr/lib/libgtk-x11-2.0.so.0
#15 0xb742fa0b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#16 0xb743fe83 in g_signal_chain_from_overridden () from /usr/lib/libgobject-2.0.so.0
#17 0xb7441158 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#18 0xb7441529 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#19 0xb78facc4 in gtk_widget_get_default_style () from /usr/lib/libgtk-x11-2.0.so.0
#20 0xb780bcf6 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#21 0xb7689e3a in _gdk_events_init () from /usr/lib/libgdk-x11-2.0.so.0
#22 0xb73c3e2c in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#23 0xb73c7176 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#24 0xb73c76f7 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#25 0xb5a98831 in nsAppShell::ProcessNextNativeEvent (this=0x81f3018, mayWait=-1222064824) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/widget/src/gtk2/nsAppShell.cpp:144
#26 0xb5ab316e in nsBaseAppShell::DoProcessNextNativeEvent (this=0x80b96e8, mayWait=-1222064824) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/widget/src/xpwidgets/nsBaseAppShell.cpp:136
#27 0xb5ab34d0 in nsBaseAppShell::OnProcessNextEvent (this=0x81f3018, thr=0x80bb408, mayWait=1, recursionDepth=0) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/widget/src/xpwidgets/nsBaseAppShell.cpp:209
#28 0xb7b7f3ed in nsThread::ProcessNextEvent (this=0x80bb408, mayWait=1, result=0xb728c548) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/xpcom/threads/nsThread.cpp:469
#29 0xb7b17465 in NS_ProcessNextEvent_P (thread=0x0, mayWait=-1222064824) at nsThreadUtils.cpp:225
#30 0xb5ab31f9 in nsBaseAppShell::Run (this=0x81f3018) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/widget/src/xpwidgets/nsBaseAppShell.cpp:153
#31 0xb5b210a6 in nsAppStartup::Run (this=0x81f1660) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/xpfe/components/startup/src/nsAppStartup.cpp:218
#32 0x0804de38 in main1 (argc=3, argv=0xbfe7fcc4, nativeApp=<value optimized out>) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/xpfe/bootstrap/nsAppRunner.cpp:1239
#33 0x0804e1db in main (argc=3, argv=0xbfe7fcc4) at /opt/tinderbox/tinderbox/distros/seamonkey2/Linux_2.6.16-2-vserver-686_Depend/mozilla/xpfe/bootstrap/nsAppRunner.cpp:1741
(gdb)
reproducable: always
the only bug i could find with a quick search was bug 299679 comment 4
this could be a duplicate of that, but since jesse's scared of this bug, i'm just filing it myself here and we can remove the mark later when people are less worried.
|
Assignee | |
Comment 1•19 years ago
|
||
Heh. There's no reason at all to believe that mCurrentEventView is still alive there.
|
|
Assignee | |
Comment 2•19 years ago
|
||
I'm choosing kinda random reviewers for this to avoid burdening bz and dbaron. Let me know if you don't want it,
mCurrentTargetView was not being kept alive. In fact the whole regime was stupid especially now that event targeting isn't really view-based anymore. This patch makes everything happen in terms of frames only. It moves the debug border painting entirely over to nsFrame's display list code. It also tracks destruction of the remembered mDrawEventTargetFrame so we don't crash trying to invalidate it later (fixing this bug, basically).
Attachment #240405 -
Flags: superreview?
Attachment #240405 -
Flags: review?(mats.palmgren)
|
|
Assignee | |
Updated•19 years ago
|
Attachment #240405 -
Flags: superreview? → superreview?(rbs)
Comment on attachment 240405 [details] [diff] [review]
fix mCurrentTargetView mess
sr=rbs
Missed #ifdef debug here, otherwise it will break non-debug builds.
+ nsIFrame* GetDrawEventTargetFrame() { return mDrawEventTargetFrame; }
+
[...]
+#ifdef NS_DEBUG
+ nsIFrame* mDrawEventTargetFrame;
+#endif
Attachment #240405 -
Flags: superreview?(rbs) → superreview+
|
||
Comment 4•19 years ago
|
||
Comment on attachment 240405 [details] [diff] [review]
fix mCurrentTargetView mess
Looks good, with rbs' comment above. r=mats
Attachment #240405 -
Flags: review?(mats.palmgren) → review+
|
|
Assignee | |
Comment 5•19 years ago
|
||
checked in. Sorry about the delay, I forgot about this patch for a while.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 6•19 years ago
|
||
Removing security-sensitive flag since this is a debug-only crash that can only happen if you enable the layout debugger.
Group: security
|
||
Updated•14 years ago
|
Crash Signature: [@ 0x08ad8558 - nsIView::GetPosition]
|
|
||
Updated•7 years ago
|
Component: Layout: View Rendering → Layout: Web Painting
You need to log in
before you can comment on or make changes to this bug.
Description
•