Closed Bug 382778 Opened 18 years ago Closed 18 years ago

Crash [@ nsEditor::InsertNode] with execCommand insertorderedlist and selection in text node

Categories

(Core :: DOM: Editor, defect)

Product:
Core
Component:
DOM: Editor
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9alpha8

People

(Reporter: jruderman, Assigned: peterv)

References

Details

(5 keywords, Whiteboard: [sg:critical?])

Crash Data

Attachments

(6 files)

testcase
1.03 KB, text/html
Details
v1
17.03 KB, patch
smaug
: review+
sicking
: superreview+
Details | Diff | Splinter Review
Additional fix v1
1.89 KB, patch
smaug
: review+
sicking
: superreview+
dveditz
: approval1.8.1.5+
dveditz
: approval1.8.0.13+
Details | Diff | Splinter Review
v1 (Ported to branch)
16.38 KB, patch
dveditz
: approval1.8.1.5+
dveditz
: approval1.8.0.13+
Details | Diff | Splinter Review
branch testcase
1019 bytes, text/html
Details
Crash report using the second testcase.
46.04 KB, text/html
Details
Attached file testcase
Loading the testcase makes Firefox (Mac trunk debug) crash [@ nsEditor::InsertNode] dereferencing the bogus address 0x5590c3d1.
Flags: blocking1.9?
Whiteboard: [sg:critical?]
Are any of you interested in fixing this sg:critical bug? :)
Doesn't peterv own editor now? :)
Linux trunk crashes too, OS -> All
OS: Mac OS X → All
Assignee: nobody → Olli.Pettay
Peterv has the patch already
Assignee: Olli.Pettay → peterv
Attached patch v1Splinter Review
This fixes the crash and similar lurking crashes.
Attachment #268120 - Flags: superreview?(jonas)
Attachment #268120 - Flags: review?
Attachment #268120 - Flags: review? → review?(Olli.Pettay)
After fixing the crash the testcase still throws an exception. This is a small aditional fix for that: when getting an array of nodes from the selection's ranges we should not have duplicates in the array.
Attachment #268122 - Flags: superreview?(jonas)
Attachment #268122 - Flags: review?(Olli.Pettay)
Attachment #268120 - Flags: review?(Olli.Pettay) → review+
Comment on attachment 268122 [details] [diff] [review] Additional fix v1 >+ else { >+ nsCOMArray<nsIDOMNode> nodes; >+ nsUniqueFunctor functor(outArrayOfNodes); >+ res = iter.AppendList(functor, nodes); >+ if (NS_FAILED(res)) return res; >+ if (!outArrayOfNodes.AppendObjects(nodes)) >+ return NS_ERROR_OUT_OF_MEMORY; >+ } Some comment here might be useful.
Attachment #268122 - Flags: review?(Olli.Pettay) → review+
Blocks: 384704
This doesn't crash me in FF2 windows. Is this a Mac only or trunk-only issue?
This blocks some blocking1.8.1.5+ bugs.
Flags: blocking1.8.1.5?
Flags: blocking1.8.0.13?
Flags: blocking1.8.1.5?
Flags: blocking1.8.1.5+
Flags: blocking1.8.0.13?
Flags: blocking1.8.0.13+
Whiteboard: [sg:critical?] → [sg:critical?] need sr=jonas
Comment on attachment 268120 [details] [diff] [review] v1 >@@ -2693,13 +2684,10 @@ NS_IMETHODIMP nsEditor::InsertTextIntoTe > { > DeleteNode(mIMETextNode); > mIMETextNode = nsnull; >- ((IMETextTxn*)txn)->MarkFixed(); // mark the ime txn "fixed" >+ ((IMETextTxn*)txn.get())->MarkFixed(); // mark the ime txn "fixed" Please change this to NS_STATIC_CAST sr=me
Attachment #268120 - Flags: superreview?(jonas) → superreview+
Attachment #268122 - Flags: superreview?(jonas) → superreview+
Will the patch in this bug work for the branch as well, or do you need another patch to get approval?
Whiteboard: [sg:critical?] need sr=jonas → [sg:critical?] need trunk landing, branch approval
This is just attachment 268120 [details] [diff] [review] with some fixes to make it compile on branches.
Attachment #271687 - Flags: approval1.8.1.5?
Attachment #271687 - Flags: approval1.8.0.13?
Attachment #268122 - Flags: approval1.8.1.5?
Attachment #268122 - Flags: approval1.8.0.13?
has this landed on trunk yet? If not please land so QA can verify the fix.
Keywords: qawanted
Hrmpf, apparently I forgot to mark this fixed when I landed it last week.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Whiteboard: [sg:critical?] need trunk landing, branch approval → [sg:critical?] need branch approval
Target Milestone: --- → mozilla1.9beta1
Comment on attachment 271687 [details] [diff] [review] v1 (Ported to branch) approved for 1.8.1.5 and 1.8.0.13, a=dveditz for release-drivers. This has to land within ~36 hrs or we have to pull the plug on getting it this release.
Attachment #271687 - Flags: approval1.8.1.5?
Attachment #271687 - Flags: approval1.8.1.5+
Attachment #271687 - Flags: approval1.8.0.13?
Attachment #271687 - Flags: approval1.8.0.13+
Attachment #268122 - Flags: approval1.8.1.5?
Attachment #268122 - Flags: approval1.8.1.5+
Attachment #268122 - Flags: approval1.8.0.13?
Attachment #268122 - Flags: approval1.8.0.13+
Whiteboard: [sg:critical?] need branch approval → [sg:critical?] need branch landing
Keywords: fixed1.8.0.13, fixed1.8.1.5
Whiteboard: [sg:critical?] need branch landing → [sg:critical?]
verified fixed 1.8.1.5 using the testcase with : Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.5pre) Gecko/2007071103 BonEcho/2.0.0.5pre on Mac OSX Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5pre) Gecko/2007071103 BonEcho/2.0.0.5pre on Linux Fedora F7 and Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.5pre) Gecko/2007071103 BonEcho/2.0.0.5pre no crash on Testcase - adding verified keyword. I want to mention that using this testcase cause on all plattform this error message in the error console : Error: uncaught exception: [Exception... "Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIDOM3Document.adoptNode]" nsresult: "0x80004001 (NS_ERROR_NOT_IMPLEMENTED)" location: "JS frame :: https://bugzilla.mozilla.org/attachment.cgi?id=266879 :: init2 :: line 26" data: no]
Keywords: fixed1.8.1.5verified1.8.1.5
Attached file branch testcase
Ah, yes, adoptNode isn't implemented on the branch. Here's a testcase for the branch.
the 2nd testcase works fine on windows but crash the mac and linux build. On Linux talkback doesn`t catch the crash. But the Mac Crash Reporting comes up: Date/Time: 2007-07-11 18:19:49.403 +0200 OS Version: 10.4.10 (Build 8R2232) Report Version: 4 Command: firefox-bin Path: /Volumes/BonEcho/BonEcho.app/Contents/MacOS/firefox-bin Parent: launchd [1] Version: 2.0.0.5pre (2.0.0.5pre) PID: 235 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000 Thread 0 Crashed: 0 org.mozilla.firefox 0x006a6950 nsNodeInfo::GetQualifiedName(nsAString_internal&) const + 132 1 org.mozilla.firefox 0x004c6c21 nsGenericHTMLElement::GetNodeName(nsAString_internal&) + 29 2 org.mozilla.firefox 0x003bf541 nsHTMLEditor::RemoveListenerAndDeleteRef(nsAString_internal const&, nsIDOMEventListener*, int, nsIDOMElement*, nsIContent*, nsIPresShell*) + 1447 3 org.mozilla.firefox 0x000d27a4 nsHTMLEditor::EndUpdateViewBatch() + 102 4 org.mozilla.firefox 0x003cdc39 nsEditor::RemoveEventListeners() + 1605 5 org.mozilla.firefox 0x000de22a nsHTMLEditor::~nsHTMLEditor [in-charge]() + 10176 6 org.mozilla.firefox 0x0052989f nsListCommand::ToggleState(nsIEditor*, char const*) + 397 7 org.mozilla.firefox 0x00528cc3 nsAbsolutePositioningCommand::ToggleState(nsIEditor*, char const*) + 775 8 org.mozilla.firefox 0x00208811 nsControllerCommandTable::~nsControllerCommandTable [in-charge]() + 465 9 org.mozilla.firefox 0x0020669e nsBaseCommandController::~nsBaseCommandController [in-charge]() + 1116 10 org.mozilla.firefox 0x001f8ac1 nsCommandManager::GetControllerForCommand(char const*, nsIDOMWindow*, nsIController**) + 585 11 org.mozilla.firefox 0x00142f59 nsHTMLDocument::OpenCommon(nsACString_internal const&, int) + 3587 12 libxpcom_core.dylib 0x00e5a8d9 XPTC_InvokeByIndex + 81 13 org.mozilla.firefox 0x0037045b XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode) + 743 14 org.mozilla.firefox 0x003626fb XPC_WN_CallMethod(JSContext*, JSObject*, unsigned, long*, long*) + 261 15 libmozjs.dylib 0x00c556d7 js_Invoke + 858 16 libmozjs.dylib 0x00c47e61 js_Interpret + 4632 17 libmozjs.dylib 0x00c55e7e js_Invoke + 2817 18 libmozjs.dylib 0x00c5655e js_InternalInvoke + 146 19 libmozjs.dylib 0x00c1b3b1 JS_CallFunctionValue + 62 20 org.mozilla.firefox 0x004fff6a nsJSContext::CallEventHandler(JSObject*, JSObject*, unsigned, long*, long*) + 430 21 org.mozilla.firefox 0x0040a537 nsGlobalWindow::RunTimeout(nsTimeout*) + 1475 22 org.mozilla.firefox 0x0040a5b6 nsGlobalWindow::TimerCallback(nsITimer*, void*) + 32 23 libxpcom_core.dylib 0x00e47781 nsTimerImpl::Fire() + 187 24 libxpcom_core.dylib 0x00e47f53 handleTimerEvent(TimerEventType*) + 107 25 libxpcom_core.dylib 0x00e44551 PL_HandleEvent + 21 26 libxpcom_core.dylib 0x00e4480a PL_ProcessPendingEvents + 103 27 com.apple.CoreFoundation 0x9082cf92 CFRunLoopRunSpecific + 1213 28 com.apple.CoreFoundation 0x9082cace CFRunLoopRunInMode + 61 29 com.apple.HIToolbox 0x92ddc8d8 RunCurrentEventLoopInMode + 285 30 com.apple.HIToolbox 0x92ddbfe2 ReceiveNextEventCommon + 385 31 com.apple.HIToolbox 0x92e24a74 _AcquireNextEvent + 58 32 com.apple.HIToolbox 0x92e248bc RunApplicationEventLoop + 150 33 org.mozilla.firefox 0x0023520f nsAppShell::~nsAppShell [in-charge deleting]() + 133 34 org.mozilla.firefox 0x002c0d9a nsAppStartup::DestroyExitEvent(PLEvent*) + 148 35 org.mozilla.firefox 0x000066ae XRE_main + 5892 36 org.mozilla.firefox 0x000032b8 main + 32 37 org.mozilla.firefox 0x0000323e start + 270 38 org.mozilla.firefox 0x00003159 start + 41 Thread 1: 0 libSystem.B.dylib 0x9001a1cc select + 12 1 libnspr4.dylib 0x00ed99bc PR_Poll + 134 2 org.mozilla.firefox 0x0033c5af nsSocketTransportService::Poll(unsigned*) + 99 3 org.mozilla.firefox 0x0033cc00 nsSocketTransportService::ServiceEventQ() + 606 4 libxpcom_core.dylib 0x00e46fe3 nsThread::Main(void*) + 41 5 libnspr4.dylib 0x00edaffd PR_Select + 813 6 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 2: 0 libSystem.B.dylib 0x90047dd7 semaphore_timedwait_signal_trap + 7 1 libnspr4.dylib 0x00ed6694 PR_Lock + 246 2 libnspr4.dylib 0x00ed69eb PR_WaitCondVar + 75 3 libxpcom_core.dylib 0x00e492fc TimerThread::Shutdown() + 284 4 libxpcom_core.dylib 0x00e46fe3 nsThread::Main(void*) + 41 5 libnspr4.dylib 0x00edaffd PR_Select + 813 6 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 3: 0 libSystem.B.dylib 0x900248c7 semaphore_wait_signal_trap + 7 1 libnspr4.dylib 0x00ed6a75 PR_WaitCondVar + 213 2 org.mozilla.firefox 0x0034f8b0 nsSSLThread::Run() + 162 3 libnspr4.dylib 0x00edaffd PR_Select + 813 4 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 4: 0 libSystem.B.dylib 0x900248c7 semaphore_wait_signal_trap + 7 1 libnspr4.dylib 0x00ed6a75 PR_WaitCondVar + 213 2 org.mozilla.firefox 0x0034c4e5 nsCertVerificationThread::Run() + 239 3 libnspr4.dylib 0x00edaffd PR_Select + 813 4 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 5: 0 libSystem.B.dylib 0x900248c7 semaphore_wait_signal_trap + 7 1 libnspr4.dylib 0x00ed6a75 PR_WaitCondVar + 213 2 org.mozilla.firefox 0x005240d0 mozStorageService::FinishAsyncIO() + 284 3 org.mozilla.firefox 0x008636a2 nsPluginNativeWindow::~nsPluginNativeWindow [in-charge deleting]() + 424 4 libxpcom_core.dylib 0x00e46fe3 nsThread::Main(void*) + 41 5 libnspr4.dylib 0x00edaffd PR_Select + 813 6 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 6: 0 libSystem.B.dylib 0x900248c7 semaphore_wait_signal_trap + 7 1 libnspr4.dylib 0x00ed6a75 PR_WaitCondVar + 213 2 libnspr4.dylib 0x00ed6cd5 PR_Wait + 53 3 libxpcom_core.dylib 0x00e4466e PL_WaitForEvent + 62 4 libxpcom_core.dylib 0x00e45939 nsEventQueueImpl::CheckForDeactivation() + 149 5 org.mozilla.firefox 0x002e678d nsUrlClassifierDBServiceWorker::~nsUrlClassifierDBServiceWorker [in-charge]() + 345 6 libnspr4.dylib 0x00edaffd PR_Select + 813 7 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 7: 0 libSystem.B.dylib 0x90009cd7 mach_msg_trap + 7 1 ...romedia.Flash Player.plugin 0x1a7ee52d Flash_EnforceLocalSecurity + 360501 2 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 8: 0 libSystem.B.dylib 0x90047dd7 semaphore_timedwait_signal_trap + 7 1 libnspr4.dylib 0x00ed6694 PR_Lock + 246 2 libnspr4.dylib 0x00ed69eb PR_WaitCondVar + 75 3 org.mozilla.firefox 0x0059bd5a nsHostResolver::GetHostToLookup(nsHostRecord**) + 212 4 org.mozilla.firefox 0x0059c507 nsHostResolver::ThreadFunc(void*) + 123 5 libnspr4.dylib 0x00edaffd PR_Select + 813 6 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 9: 0 libSystem.B.dylib 0x90047dd7 semaphore_timedwait_signal_trap + 7 1 libnspr4.dylib 0x00ed6694 PR_Lock + 246 2 libnspr4.dylib 0x00ed69eb PR_WaitCondVar + 75 3 org.mozilla.firefox 0x00301921 nsIOThreadPool::ThreadFunc(void*) + 145 4 libnspr4.dylib 0x00edaffd PR_Select + 813 5 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x00000000 ebx: 0xbfffdf28 ecx: 0xbfffe024 edx: 0x00010000 edi: 0x1917e110 esi: 0xbfffe024 ebp: 0xbfffdfd8 esp: 0xbfffdf10 ss: 0x0000001f efl: 0x00010213 eip: 0x006a6950 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 Binary Images Description: 0x1000 - 0x98afff org.mozilla.firefox 2.0.0.5pre /Volumes/BonEcho/BonEcho.app/Contents/MacOS/firefox-bin 0xc16000 - 0xca7fff libmozjs.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/libmozjs.dylib 0xcc2000 - 0xcc2fff libxpcom.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/libxpcom.dylib 0xcc6000 - 0xccbfff libplds4.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/libplds4.dylib 0xcd0000 - 0xcd6fff libplc4.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/libplc4.dylib 0xcdc000 - 0xcebfff libxpcom_compat.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/libxpcom_compat.dylib 0xe05000 - 0xe75fff libxpcom_core.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/libxpcom_core.dylib 0xec0000 - 0xee5fff libnspr4.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/libnspr4.dylib 0xef6000 - 0xf0ffff libsmime3.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/libsmime3.dylib 0xf1b000 - 0xf3bfff libssl3.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/libssl3.dylib 0xf45000 - 0xf9bfff libnss3.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/libnss3.dylib 0x1808000 - 0x184efff libsoftokn3.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/libsoftokn3.dylib 0x1a42000 - 0x1a4cfff libjsd.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/components/libjsd.dylib 0x1a51000 - 0x1a59fff libmyspell.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/components/libmyspell.dylib 0x1a5d000 - 0x1a67fff libspellchecker.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/components/libspellchecker.dylib 0x1a6c000 - 0x1a9cfff libxpinstall.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/components/libxpinstall.dylib 0x1ac1000 - 0x1ac2fff com.apple.textencoding.unicode 2.1 /System/Library/TextEncodings/Unicode Encodings.bundle/Contents/MacOS/Unicode Encodings 0x149d5000 - 0x149d8fff com.netscape.DefaultPlugin Default Plug-in version 1.0 (1.0) /Volumes/BonEcho/BonEcho.app/Contents/MacOS/plugins/Default Plugin.plugin/Contents/MacOS/Default Plugin 0x14b05000 - 0x14b62fff libfreebl3.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/libfreebl3.dylib 0x14c23000 - 0x14c54fff libnssckbi.dylib /Volumes/BonEcho/BonEcho.app/Contents/MacOS/libnssckbi.dylib 0x14c67000 - 0x14c97fff com.netscape.MRJPlugin MRJ Plugin version 1.0-JEP-0.9.6.2 (1.0-JEP-0.9.6.2) /Volumes/BonEcho/BonEcho.app/Contents/MacOS/plugins/MRJPlugin.plugin/Contents/MacOS/MRJPlugin 0x14cb0000 - 0x14cf2fff JavaEmbeddingPlugin Java Embedding Plugin version 0.9.6.2 (0.9.6.2) /Volumes/BonEcho/BonEcho.app/Contents/MacOS/plugins/JavaEmbeddingPlugin.bundle/Contents/MacOS/JavaEmbeddingPlugin 0x1a405000 - 0x1a928fff com.macromedia.Flash Player.plugin 9.0.28 (1.0.4f22) /Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS/Flash Player 0x8fe00000 - 0x8fe4afff dyld 46.12 /usr/lib/dyld 0x90000000 - 0x90171fff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x901c1000 - 0x901c3fff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib 0x901c5000 - 0x90202fff com.apple.CoreText 1.1.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90229000 - 0x902fffff ATS /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x9031f000 - 0x90774fff com.apple.CoreGraphics 1.258.75 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x9080b000 - 0x908d3fff com.apple.CoreFoundation 6.4.7 (368.28) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x90911000 - 0x90911fff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x90913000 - 0x90a07fff libicucore.A.dylib /usr/lib/libicucore.A.dylib 0x90a57000 - 0x90ad6fff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90aff000 - 0x90b63fff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib 0x90bd2000 - 0x90bd9fff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib 0x90bde000 - 0x90c51fff com.apple.framework.IOKit 1.4.8 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x90c66000 - 0x90c78fff libauto.dylib /usr/lib/libauto.dylib 0x90c7e000 - 0x90f24fff com.apple.CoreServices.CarbonCore 682.26 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x90f67000 - 0x90fcffff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x91007000 - 0x91045fff com.apple.CFNetwork 129.20 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x91058000 - 0x91068fff com.apple.WebServices 1.1.3 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore 0x91073000 - 0x910f1fff com.apple.SearchKit 1.0.5 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x91126000 - 0x91144fff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x91150000 - 0x9115efff libz.1.dylib /usr/lib/libz.1.dylib 0x91161000 - 0x91300fff com.apple.security 4.5.2 (29774) /System/Library/Frameworks/Security.framework/Versions/A/Security 0x913fe000 - 0x91406fff com.apple.DiskArbitration 2.1.1 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x9140d000 - 0x91414fff libbsm.dylib /usr/lib/libbsm.dylib 0x91418000 - 0x9143efff com.apple.SystemConfiguration 1.8.6 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x91450000 - 0x914c6fff com.apple.audio.CoreAudio 3.0.4 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x91517000 - 0x91517fff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x91519000 - 0x91544fff com.apple.AE 314 (313) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x91557000 - 0x9162bfff com.apple.ColorSync 4.4.9 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x91666000 - 0x916d9fff com.apple.print.framework.PrintCore 4.6 (177.13 ) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x91707000 - 0x917b0fff com.apple.QD 3.10.24 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x917d6000 - 0x91821fff com.apple.HIServices 1.5.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x91840000 - 0x91856fff com.apple.LangAnalysis 1.6.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x91862000 - 0x9187cfff com.apple.FindByContent 1.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent 0x91886000 - 0x918c3fff com.apple.LaunchServices 182 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x918d7000 - 0x918e3fff com.apple.speech.synthesis.framework 3.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x918ea000 - 0x9192afff com.apple.ImageIO.framework 1.5.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x9193d000 - 0x919effff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib 0x91a35000 - 0x91a4bfff libcups.2.dylib /usr/lib/libcups.2.dylib 0x91a50000 - 0x91a6efff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x91a73000 - 0x91ad2fff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x91ae4000 - 0x91ae8fff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91aea000 - 0x91b70fff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib 0x91b74000 - 0x91bb1fff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91bb7000 - 0x91bd1fff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91bd6000 - 0x91bd8fff libRadiance.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x91bda000 - 0x91cb8fff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x91cd5000 - 0x91cd5fff com.apple.Accelerate 1.3.1 (Accelerate 1.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x91cd7000 - 0x91d65fff com.apple.vImage 2.5 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91d6c000 - 0x91d6cfff com.apple.Accelerate.vecLib 3.3.1 (vecLib 3.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x91d6e000 - 0x91dc7fff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x91dd0000 - 0x91df4fff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x91dfc000 - 0x92205fff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x9223f000 - 0x925f3fff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x92620000 - 0x9270dfff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x9270f000 - 0x9278cfff com.apple.DesktopServices 1.3.6 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x927cd000 - 0x929fdfff com.apple.Foundation 6.4.8 (567.29) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92b17000 - 0x92b2efff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x92b39000 - 0x92b91fff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x92ba5000 - 0x92ba5fff com.apple.Carbon 10.4 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x92ba7000 - 0x92bb7fff com.apple.ImageCapture 3.0.4 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x92bc6000 - 0x92bcefff com.apple.speech.recognition.framework 3.6 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92bd4000 - 0x92bd9fff com.apple.securityhi 2.0.1 (24742) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x92bdf000 - 0x92c70fff com.apple.ink.framework 101.2.1 (71) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x92c84000 - 0x92c87fff com.apple.help 1.0.3 (32.1) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x92c8a000 - 0x92ca8fff com.apple.openscripting 1.2.5 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x92cba000 - 0x92cc0fff com.apple.print.framework.Print 5.2 (192.4) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x92cc6000 - 0x92d29fff com.apple.htmlrendering 66.1 (1.1.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x92d4d000 - 0x92d8efff com.apple.NavigationServices 3.4.4 (3.4.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x92db5000 - 0x92dc2fff com.apple.audio.SoundManager 3.9.1 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x92dc9000 - 0x92dcefff com.apple.CommonPanels 1.2.3 (73) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x92dd3000 - 0x930c8fff com.apple.HIToolbox 1.4.9 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x931ce000 - 0x931d9fff com.apple.opengl 1.4.16 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x93202000 - 0x93206fff com.apple.JavaVM 11.5.0 /System/Library/Frameworks/JavaVM.framework/Versions/A/JavaVM 0x93249000 - 0x93249fff com.apple.Cocoa 6.4 (???) /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x9324b000 - 0x93901fff com.apple.AppKit 6.4.8 (824.42) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x93c82000 - 0x93cfdfff com.apple.CoreData 91 (92.1) /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x93d36000 - 0x93df0fff com.apple.audio.toolbox.AudioToolbox 1.4.5 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x93e33000 - 0x93e33fff com.apple.audio.units.AudioUnit 1.4.2 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x93e35000 - 0x93ff6fff com.apple.QuartzCore 1.4.12 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x9403c000 - 0x9407dfff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib 0x94085000 - 0x940bffff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x940c4000 - 0x940dafff com.apple.CoreVideo 1.4 /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x9426d000 - 0x9427cfff libCGATS.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x94283000 - 0x9428efff libCSync.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x942da000 - 0x942f4fff libRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x942fa000 - 0x945f9fff com.apple.QuickTime 7.1.6 /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x96ec7000 - 0x96edbfff com.apple.audio.CoreAudioKit 1.0.1 /System/Library/Frameworks/CoreAudioKit.framework/Versions/A/CoreAudioKit
I can't reproduce that crash on a current OS X branch build.
I crash when I try to run the second testcase. I can repro 100% of the time on the latest 2.0.0.5pre.
I'll try an optimized build tomorrow, but my debug build doesn't crash at all.
Can't reproduce the crash in my own build. Yesterday's nightly does crash for me but I don't think it had the fix: the build started at 2007/07/11 03:01 and my checkin was at 2007-07-11 03:13. Let's try again with today's nightly.
Doesn't crash for me in the latest 2.0.0.5pre nightlies. Marcia/Carsten, can you confirm?
hi Peter, no crash on 2005 RC1 candidate builds on Mac and Linux and Vista Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.5) Gecko/2007071216 Firefox/2.0.0.5 so i can confirm this bug as verified fixed for 1.8.1.5
I was not able to reproduce the crash on Tbird 15012 or Tbird 15013 in XP.
verified fixed using 1.8.0.13 using Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.13pre) Gecko/20070822 Firefox/1.5.0.13pre No crash on testcase - adding verified keyword
Keywords: fixed1.8.0.13verified1.8.0.13
Flags: in-testsuite?
Group: security
Blocks: 386018
Crashtest checked in.
Flags: in-testsuite? → in-testsuite+
Crash Signature: [@ nsEditor::InsertNode]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: