Closed Bug 362201 Opened 18 years ago Closed 17 years ago

crash when deactivating selected item in a tree [@ gfxContext::SetColor]

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9alpha5

People

(Reporter: hwaara, Assigned: MatsPalmgren_bugz)

References

Details

(Keywords: crash)

Crash Data

Attachments

(4 files)

Stacktrace for crash
28.28 KB, text/plain
Details
Apple crashlog
26.21 KB, text/plain
Details
Stack from debug build
32.91 KB, text/plain
Details
Patch rev. 1
4.60 KB, patch
vlad
: review+
vlad
: superreview+
Details | Diff | Splinter Review 
I played around with the DOM inspector, and had an item selected in the tree. When I made the app inactive, Firefox crashed.

It looks like either DOM inspector's drawing code is wrong, or it was thebes' fault.
Attached file Stacktrace for crash 

    
  
Assignee: dom-inspector → nobody
Severity: normal → critical
Component: DOM Inspector → GFX: Thebes
Product: Other Applications → Core
QA Contact: timeless → thebes
Summary: Crash (in thebes) [@ SetColor] → crash when deactivating selected item in a tree [@ gfxContext::SetColor]

    
    

    
  
Same crash, when clicking an item with coloured background in the top-right pane (CSS rules) of the DomI.

    
    

    
  
metoo, but I assumed the inFlasher bits made this the dark side of bug 361925 - it's highlighting random things it shouldn't instead of what it should, and sometimes those are really the wrong things to flash.

    
    

    
  
hwaara: if you burry a crash in an attachment, no one will see it.

Thread 0 Crashed:
0   org.mozilla.firefox            	0x003ad2b4 gfxContext::SetColor(gfxRGBA const&) + 16
1   org.mozilla.firefox            	0x000fa37c nsThebesDeviceContext::CreateRenderingContextInstance(nsIRenderingContext*&) + 144
2   org.mozilla.firefox            	0x000fc4e4 nsThebesRenderingContext::SetColor(unsigned) + 52
3   org.mozilla.firefox            	0x0023604c inFlasher::DrawOutline(int, int, int, int, float, nsIRenderingContext*, int, int) + 80
4   org.mozilla.firefox            	0x00235ef0 inFlasher::DrawElementOutline(nsIDOMElement*) + 448
5   libxpcom_core.dylib            	0x2c04f580 _NS_InvokeByIndex + 216
6   org.mozilla.firefox            	0x003a7638 XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) + 2508
7   org.mozilla.firefox            	0x0039a65c XPC_WN_CallMethod(JSContext*, JSObject*, unsigned, long*, long*) + 220
8   libmozjs.dylib                 	0x230306d0 js_Invoke + 1828
9   libmozjs.dylib                 	0x2303a860 js_Interpret + 36448
10  libmozjs.dylib                 	0x23030d64 js_Execute + 596
11  libmozjs.dylib                 	0x230082fc JS_EvaluateUCScriptForPrincipals + 88
12  org.mozilla.firefox            	0x00538830 nsJSContext::EvaluateString(nsAString_internal const&, void*, nsIPrincipal*, char const*, unsigned, unsigned, nsAString_internal*, int*) + 772
13  org.mozilla.firefox            	0x0045e4a4 nsGlobalWindow::RunTimeout(nsTimeout*) + 936
14  org.mozilla.firefox            	0x0045ec6c nsGlobalWindow::TimerCallback(nsITimer*, void*) + 40
15  libxpcom_core.dylib            	0x2c046738 nsTimerImpl::Fire() + 176
16  libxpcom_core.dylib            	0x2c04681c nsTimerEvent::Run() + 72
17  libxpcom_core.dylib            	0x2c043fc8 nsThread::ProcessNextEvent(int, int*) + 280
18  libxpcom_core.dylib            	0x2c00a130 NS_ProcessNextEvent_P(nsIThread*, int) + 76
19  org.mozilla.firefox            	0x005be954 nsBaseAppShell::Run() + 80
20  org.mozilla.firefox            	0x002ad98c non-virtual thunk [nv:-4] to nsAppShell::AfterProcessNextEvent(nsIThreadInternal*, unsigned) + 416
21  com.apple.Foundation           	0x9296bbf8 __NSFireDelayedPerform + 304
22  com.apple.CoreFoundation       	0x907f0550 __CFRunLoopDoTimer + 184
23  com.apple.CoreFoundation       	0x907dcec8 __CFRunLoopRun + 1680
24  com.apple.CoreFoundation       	0x907dc47c CFRunLoopRunSpecific + 268
25  com.apple.HIToolbox            	0x93208740 RunCurrentEventLoopInMode + 264
26  com.apple.HIToolbox            	0x93207dd4 ReceiveNextEventCommon + 380
27  com.apple.HIToolbox            	0x93207c40 BlockUntilNextEventMatchingListInMode + 96
28  com.apple.AppKit               	0x9370bae4 _DPSNextEvent + 384
29  com.apple.AppKit               	0x9370b7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
30  org.mozilla.firefox            	0x002ad5b8 nsAppShell::ProcessNextNativeEvent(int) + 188
31  org.mozilla.firefox            	0x005be8ec nsBaseAppShell::DoProcessNextNativeEvent(int) + 48
32  org.mozilla.firefox            	0x005beaf8 nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal*, int, unsigned) + 160
33  libxpcom_core.dylib            	0x2c043f4c nsThread::ProcessNextEvent(int, int*) + 156
34  libxpcom_core.dylib            	0x2c00a030 NS_ProcessPendingEvents_P(nsIThread*, unsigned) + 84
35  org.mozilla.firefox            	0x005be870 nsBaseAppShell::NativeEventCallback() + 80
36  org.mozilla.firefox            	0x002ad3c8 nsAppShell::ProcessGeckoEvents() + 172
37  org.mozilla.firefox            	0x002ad93c non-virtual thunk [nv:-4] to nsAppShell::AfterProcessNextEvent(nsIThreadInternal*, unsigned) + 336
38  com.apple.Foundation           	0x92959918 __NSFireMachPort + 276
39  com.apple.CoreFoundation       	0x907ea820 __CFMachPortPerform + 176
40  com.apple.CoreFoundation       	0x907ea734 __CFRunLoopDoSource1 + 152
41  com.apple.CoreFoundation       	0x907dce4c __CFRunLoopRun + 1556
42  com.apple.CoreFoundation       	0x907dc47c CFRunLoopRunSpecific + 268
43  com.apple.HIToolbox            	0x93208740 RunCurrentEventLoopInMode + 264
44  com.apple.HIToolbox            	0x93207dd4 ReceiveNextEventCommon + 380
45  com.apple.HIToolbox            	0x93207c40 BlockUntilNextEventMatchingListInMode + 96
46  com.apple.AppKit               	0x9370bae4 _DPSNextEvent + 384
47  com.apple.AppKit               	0x9370b7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
48  com.apple.AppKit               	0x93707cec -[NSApplication run] + 472
49  org.mozilla.firefox            	0x002ad6c8 nsAppShell::Run() + 104
50  org.mozilla.firefox            	0x00320a30 nsAppStartup::Run() + 88
51  org.mozilla.firefox            	0x00012cac XRE_main + 4700
52  org.mozilla.firefox            	0x0000dbd4 start + 456
53  dyld                           	0x8fe01048 _dyld_start + 60

    
    

    
  
can you guys switch to using non optimized builds? the function that's crashing just calls another function which calls a function which calls a few functions the last of which calls free. there's nothing here.

    
    

    
  

      
      
      
      

        Attached file
          
        Apple crashlog
      

    


  
Crash with
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20061130 Minefield/3.0a1 ID:2006113020
Plain vanilla build from the tinderbox.

    
    

    
  

      
      
      
      

        Attached file
          
        Stack from debug build
      

    


  
For reference, here's the stack from a non-opt build. The crash is still in SetColor, but the frames before it are subtly different than the latest stack.

    
    

    
  
I crash with:
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20061128 Minefield/3.0a1 ID:2006112816

But no crash with
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20061128 Minefield/3.0a1 ID:2006112805

http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2006-11-28+02%3A00%3A01&maxdate=2006-11-28+17%3A00%3A01&cvsroot=%2Fcvsroot

    
    

    
  
arg. setcolor is a single function call.

can you set a breakpoint on it (disabled) and enable it right before triggering the crash?

    
    

    
  
Noodling around with today's trunk built for debugging on Intel Mac, I can't get anything in the DOM inspector to crash (some of the resizing drawing is really stuttery...)

    
    

    
  
Stan, can you reproduce using the steps in the dup?

    
    

    
  
Oh look at that, falls right over. GDB suggests that a context object is being zeroed, more as I find it out.


    
    

    
  
I've actually been working on this for several days, might as well record it officially. We seem to be getting a base widget, which is Thebes-surface-less, instead of the nsChildView we really want.

Assignee: nobody → stanshebs

    
  
Flags: blocking1.9?

    
  
Flags: blocking1.9? → blocking1.9+

    
    

    
  
this probably needs a fix in dom inspector

    
    

    
  
(In reply to comment #15)
> this probably needs a fix in dom inspector

I was under the impression that iniFlasher needed to be rewritten.
Target Milestone: --- → mozilla1.9beta1

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch rev. 1Splinter Review
      

    


  
The surface is null.  Add missing error handling for that.
Assignee: stanshebs → mats.palmgren
Status: NEW → ASSIGNED

        Attachment #264383 -
        Flags: superreview?(vladimir)

        Attachment #264383 -
        Flags: review?(vladimir)

        Attachment #264383 -
        Flags: superreview?(vladimir)

        Attachment #264383 -
        Flags: superreview+

        Attachment #264383 -
        Flags: review?(vladimir)

        Attachment #264383 -
        Flags: review+

    
    

    
  
Checked in to trunk at 2007-05-12 06:06 PDT.

-> FIXED
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Target Milestone: mozilla1.9beta1 → mozilla1.9alpha5
Crash Signature: [@ gfxContext::SetColor]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: