Closed
Bug 381153
Opened 17 years ago
Closed 17 years ago
crash [@ nsSliderFrame::SetCurrentPositionInternal]
Categories
(Core :: XUL, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: smaug, Assigned: smaug)
References
()
Details
(Keywords: crash, verified1.8.0.13, verified1.8.1.5, Whiteboard: [sg:critical?] deleted frame)
Crash Data
Attachments
(2 files, 2 obsolete files)
16.79 KB,
patch
|
roc
:
review+
roc
:
superreview+
|
Details | Diff | Splinter Review |
15.68 KB,
patch
|
roc
:
review+
roc
:
superreview+
dveditz
:
approval1.8.1.5+
dveditz
:
approval1.8.0.13+
|
Details | Diff | Splinter Review |
See url for a testcase. I'm not happy to use weakframes again, but can't see any other way to fix this (easily).
Attachment #265246 -
Flags: superreview?(roc)
Attachment #265246 -
Flags: review?(roc)
Assignee | ||
Updated•17 years ago
|
Assignee: nobody → Olli.Pettay
Updated•17 years ago
|
Whiteboard: [sg:critical?] deleted frame
+ NS_ENSURE_TRUE(weakFrame.IsAlive(), NS_OK); return NS_OK; Why? SetCurrentPosition(scrollbar, pospx, PR_FALSE); + NS_ENSURE_TRUE(weakFrame.IsAlive(), NS_OK); Can you avoid the need here by removing mRedrawImmediate and just passing it as a parameter through SetCurrentPosition/SetCurrentPositionInternal/CurrentPositionChanged? + NS_ENSURE_TRUE(weakFrame.IsAlive(), NS_OK); DragThumb(PR_TRUE); Can we avoid the need here by moving DragThumb() and the other code below to above the SetCurrentPosition call? Maybe in general MouseDown should just end with a SetCurrentPosition call, so every path just sets pospx? + nsWeakFrame weakFrame(this); mediator->PositionChanged(scrollbarFrame, GetCurrentPosition(scrollbar), newpos); // 'mediator' might be dangling now... + ENSURE_TRUE(weakFrame.IsAlive()); UpdateAttribute(scrollbar, newpos, PR_FALSE, aIsSmooth); + ENSURE_TRUE(weakFrame.IsAlive()); CurrentPositionChanged(PresContext()); UpdateAttribute is static so if we hold a strong ref to the scrollbar element, this is safe. For CurrentPositionChanged, we could re-get the frame and call CurrentPositionChanged on it, right? + nsWeakFrame weakFrame(this); SetCurrentPosition(scrollbar, pospx, PR_FALSE); + NS_ENSURE_TRUE(weakFrame.IsAlive(), NS_OK); } DragThumb(PR_TRUE); Same sort of thing as above... + nsWeakFrame weakFrame(this); PageUpDown(change); + NS_ENSURE_TRUE(weakFrame.IsAlive(), NS_OK); nsRepeatService::GetInstance()->Start(mMediator); Just start the repeatservice before calling PageUpDown...
Assignee | ||
Comment 2•17 years ago
|
||
Comment on attachment 265246 [details] [diff] [review] possible patch, using weakframes Will update the patch.
Attachment #265246 -
Flags: superreview?(roc)
Attachment #265246 -
Flags: review?(roc)
Assignee | ||
Comment 3•17 years ago
|
||
(In reply to comment #1) > UpdateAttribute is static so if we hold a strong ref to the scrollbar element, > this is safe. > It may still kill the frame.
Assignee | ||
Comment 4•17 years ago
|
||
Ah, sorry, you meant something else
Assignee | ||
Comment 5•17 years ago
|
||
This has only one weakFrame, in ::HandleEvent to check that whether nsFrame::HandleEvent can be called. The testcase doesn't trigger that weakFrame.IsAlive() warning.
Attachment #265246 -
Attachment is obsolete: true
Attachment #265927 -
Flags: superreview?(roc)
Attachment #265927 -
Flags: review?(roc)
Comment on attachment 265927 [details] [diff] [review] v2 great! + nscoord pospx; set it to zero to avoid compiler warnings
Attachment #265927 -
Flags: superreview?(roc)
Attachment #265927 -
Flags: superreview+
Attachment #265927 -
Flags: review?(roc)
Attachment #265927 -
Flags: review+
Comment 7•17 years ago
|
||
Crashes on 1.8 branch also
Flags: wanted1.8.1.x+
Flags: wanted1.8.0.x+
Flags: blocking1.8.1.5?
Flags: blocking1.8.0.13?
Keywords: crash
Assignee | ||
Comment 8•17 years ago
|
||
Will do 1.8 patch, maybe just using weakframes to minimize regression risk.
Assignee | ||
Updated•17 years ago
|
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 9•17 years ago
|
||
using more weakframes and changing some nsCOMPtrs to raw refs. Should be safe for branches. It seems that GetScrollbarMediator returns an nsIFrame object which isn't refcounted, so nsCOMPtr should be used.
Attachment #266209 -
Flags: superreview?(roc)
Attachment #266209 -
Flags: review?(roc)
Would it make more sense to stick close to the trunk? We'll get better test coverage in both directions that way.
Assignee | ||
Comment 11•17 years ago
|
||
The trunk patch will have baking time, but I really wouldn't want to change any functionality in branches. We have had quite some regressions in 1.8.1.x. The branch patch is ugly-but-safe, trunk patch not-so-ugly-but-may-cause-regressions (though, regressions are very unlikely).
Assignee | ||
Comment 12•17 years ago
|
||
Roc, do you want a new, more trunk-like 1.8 patch?
I think so, if that's OK
Assignee | ||
Comment 14•17 years ago
|
||
Attachment #266209 -
Attachment is obsolete: true
Attachment #267949 -
Flags: superreview?(roc)
Attachment #267949 -
Flags: review?(roc)
Attachment #266209 -
Flags: superreview?(roc)
Attachment #266209 -
Flags: review?(roc)
Attachment #267949 -
Flags: superreview?(roc)
Attachment #267949 -
Flags: superreview+
Attachment #267949 -
Flags: review?(roc)
Attachment #267949 -
Flags: review+
Assignee | ||
Updated•17 years ago
|
Attachment #267949 -
Flags: approval1.8.1.5?
Attachment #267949 -
Flags: approval1.8.0.13?
Updated•17 years ago
|
Flags: blocking1.8.1.5?
Flags: blocking1.8.1.5+
Flags: blocking1.8.0.13?
Flags: blocking1.8.0.13+
Comment 15•17 years ago
|
||
Comment on attachment 267949 [details] [diff] [review] v2 for 1.8 approved for 1.8.1.5 and 1.8.0.13, a=dveditz for release-drivers
Attachment #267949 -
Flags: approval1.8.1.5?
Attachment #267949 -
Flags: approval1.8.1.5+
Attachment #267949 -
Flags: approval1.8.0.13?
Attachment #267949 -
Flags: approval1.8.0.13+
Assignee | ||
Updated•17 years ago
|
Keywords: fixed1.8.0.13,
fixed1.8.1.5
Comment 16•17 years ago
|
||
Verified fixed on Trunk using Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9a7pre) Gecko/200707110505 Minefield/3.0a7pre and the testcase from https://bugzilla.mozilla.org/attachment.cgi?id=265242 - no crash on Testcase Also verified fixed 1.8.1.5 using Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.5pre) Gecko/2007071103 BonEcho/2.0.0.5pre and Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5pre) Gecko/2007071103 BonEcho/2.0.0.5pre on Fedora F7 - no crash on testcase - adding verified keyword
Status: RESOLVED → VERIFIED
Keywords: fixed1.8.1.5 → verified1.8.1.5
Comment 17•17 years ago
|
||
This doesn't crash Thunderbird 1.5.0.13 (2007080918) but I cannot get it to crash 1.5.0.12 either.
Comment 18•17 years ago
|
||
verified fixed 1.8.0.13 using Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.13pre) Gecko/20070822 Firefox/1.5.0.13pre No crash on testcase - adding verified keyword.
Keywords: fixed1.8.0.13 → verified1.8.0.13
Updated•17 years ago
|
Group: security
Flags: in-testsuite?
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: xptoolkit.xul → xptoolkit.widgets
Updated•13 years ago
|
Crash Signature: [@ nsSliderFrame::SetCurrentPositionInternal]
You need to log in
before you can comment on or make changes to this bug.
Description
•