39237 - Crashing conflict with interception of keyboard events

Status: VERIFIED FIXED

(Core :: DOM: UI Events & Focus Handling, defect, P3)

Description

[bertilow]

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
BuildID:    

I use a program that interceps keyboard messages through
SetWindowsHookEx(WH_KEYBOARD, KeyProc, hInstance, 0). The
minimal form of the procedure KeyProc (it actually does
nothing) looks like this (in Delphi):

function KeyProc (code: Integer; w: WParam; l: LParam): Longint; stdcall;
begin
  result:=CallNextHookEx (mtHook, code, w, l);
end;

When this is running any key press or mouse click on a link
in Mozilla 15 (win32) renders an error message "unknown software exception 
(0xc0000090) at application address 0x780025a" (or
similar).

This happens regularily in all parts of Mozilla (browser, e-mail...),
when the intercept procedure is active. Nothing similar happens
for other programs (MSIE, Netscape 4...).

I have tested Mozilla M15 on Windows NT 4 Workstation (Russian)
with Service Pack 5.
------------------------------------------------------------------

The above is a bug report from Yury Finkel, a Russian programmer. He has asked 
me to translate and forward it to Bugzilla.

I have experienced exactly the same thing on Windows 98 (Swedish
and English versions). This renders Mozilla useless for anyone
wanting to use the special keyboard ad

Comment 1

[leger]

Putting "crash" in keyword field.

Comment 2

[Gervase Markham [:gerv]]

Confirming; reasonable bug report.

Gerv

Comment 3

[joki (gone)]

This definitely sounds like a widget level issue to me.  Reassigning to rods.

Comment 4

[rods (gone)]

Where can I get such an application so I can reproduce the problem?

Comment 5

[rods (gone)]

This bug has been marked "future" because the original netscape engineer working
on this is over-burdened. If you feel this is an error, that you or another
known resource will be working on this bug,or if it blocks your work in some way
-- please attach your concern to the bug for reconsideration.

I see this as an important issue, especially for FCS, but until I can reliably 
reproduce it, it will be hard to fix.

Comment 6

[ckritzer (gone)]

Mass update:  changing qacontact to ckritzer@netscape.com

Comment 7

[bertilow]

Attachment: Minimal test version of the keyboard events intercept program (zipped).

Comment 8

[bertilow]

Now this bug can be freely reproduce. I have attached a minimal version of 
the keyboard intercept program. It does nothing but except catch keyboard 
events, and causes no trouble - until Mozilla is started.

It will appear in the system tray. You can stop it by right-clicking on
its icon in the tray (if you're computer hasn't crashed or frozen by 
then...).

Comment 9

[ckritzer (gone)]

PDT: Nominating for nsbeta3+;
Reason: crash, affects entire application

Comment 10

[rods (gone)]

This appears to be a typical stack from a crash:

MSVCRTD! _ftol + 28 bytes
js_NewNumberValue(JSContext * 0x0384f1d0, double 1.7976931348623e+308, long * 
0x0012ceb0) line 546 + 38 bytes
JS_DefineConstDoubles(JSContext * 0x0384f1d0, JSObject * 0x02d79a28, 
JSConstDoubleSpec * 0x0030d740) line 1911 + 23 bytes
js_InitNumberClass(JSContext * 0x0384f1d0, JSObject * 0x02d797c8) line 492 + 18 
bytes
JS_InitStandardClasses(JSContext * 0x0384f1d0, JSObject * 0x02d797c8) line 1043 
+ 85 bytes
nsJSContext::InitContext(nsJSContext * const 0x0384f360, nsIScriptGlobalObject * 
0x0384f3c4) line 949 + 17 bytes
NS_CreateScriptContext(nsIScriptGlobalObject * 0x0384f3c4, nsIScriptContext * * 
0x0384f3d4) line 1377
nsXULPDGlobalObject::GetContext(nsXULPDGlobalObject * const 0x0384f3c4, 
nsIScriptContext * * 0x0012d010) line 494 + 61 bytes
nsXULElement::CompileEventHandler(nsXULElement * const 0x037fb3e4, 
nsIScriptContext * 0x03828b50, void * 0x02d797c0, nsIAtom * 0x01746a50 
{"onkeypress"}, const basic_nsAReadableString<unsigned short> & {...}, void * * 
0x0012db9c) line 2069 + 56 bytes
nsXULKeyListenerImpl::HandleEventUsingKeyset(nsXULKeyListenerImpl * const 
0x02c9a2e0, nsIDOMElement * 0x0380f0ac, nsIDOMKeyEvent * 0x03825ad0, eEventType 
eKeyPress, nsIDOMXULDocument * 0x0381940c, int & 1) line 1655
nsXULKeyListenerImpl::LocateAndExecuteKeyBinding(nsXULKeyListenerImpl * const 
0x02c9a2e0, nsIDOMKeyEvent * 0x03825ad0, eEventType eKeyPress, nsIDOMXULDocument 
* 0x0381940c, int & 1) line 1358 + 37 bytes
nsXULKeyListenerImpl::DoKey(nsIDOMEvent * 0x03825ad4, eEventType eKeyPress) line 
685
nsXULKeyListenerImpl::KeyPress(nsIDOMEvent * 0x03825ad4) line 594
nsEventListenerManager::HandleEvent(nsIPresContext * 0x026344d0, nsEvent * 
0x0012f858, nsIDOMEvent * * 0x0012f44c, nsIDOMEventTarget * 0x025e6dd0, unsigned 
int 2, nsEventStatus * 0x0012f7c4) line 1114 + 23 bytes
nsXULDocument::HandleDOMEvent(nsXULDocument * const 0x025e6db0, nsIPresContext * 
0x026344d0, nsEvent * 0x0012f858, nsIDOMEvent * * 0x0012f44c, unsigned int 2, 
nsEventStatus * 0x0012f7c4) line 2141
nsXULElement::HandleDOMEvent(nsXULElement * const 0x02bf0f00, nsIPresContext * 
0x026344d0, nsEvent * 0x0012f858, nsIDOMEvent * * 0x0012f44c, unsigned int 2, 
nsEventStatus * 0x0012f7c4) line 3356 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x02c90530, nsIPresContext * 
0x026344d0, nsEvent * 0x0012f858, nsIDOMEvent * * 0x0012f44c, unsigned int 2, 
nsEventStatus * 0x0012f7c4) line 3350 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x02c90950, nsIPresContext * 
0x026344d0, nsEvent * 0x0012f858, nsIDOMEvent * * 0x0012f44c, unsigned int 2, 
nsEventStatus * 0x0012f7c4) line 3350 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x02ca2e70, nsIPresContext * 
0x026344d0, nsEvent * 0x0012f858, nsIDOMEvent * * 0x0012f44c, unsigned int 2, 
nsEventStatus * 0x0012f7c4) line 3350 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x02ca2d50, nsIPresContext * 
0x026344d0, nsEvent * 0x0012f858, nsIDOMEvent * * 0x0012f44c, unsigned int 2, 
nsEventStatus * 0x0012f7c4) line 3350 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x02ca2be0, nsIPresContext * 
0x026344d0, nsEvent * 0x0012f858, nsIDOMEvent * * 0x0012f44c, unsigned int 2, 
nsEventStatus * 0x0012f7c4) line 3350 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x02ca27a0, nsIPresContext * 
0x026344d0, nsEvent * 0x0012f858, nsIDOMEvent * * 0x0012f44c, unsigned int 2, 
nsEventStatus * 0x0012f7c4) line 3350 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x03222440, nsIPresContext * 
0x026344d0, nsEvent * 0x0012f858, nsIDOMEvent * * 0x0012f44c, unsigned int 2, 
nsEventStatus * 0x0012f7c4) line 3350 + 39 bytes
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x026344d0, nsEvent * 
0x0012f858, nsIDOMEvent * * 0x0012f44c, unsigned int 1, nsEventStatus * 
0x0012f7c4) line 1447 + 39 bytes
nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x0322135c, 
nsIPresContext * 0x026344d0, nsEvent * 0x0012f858, nsIDOMEvent * * 0x00000000, 
unsigned int 1, nsEventStatus * 0x0012f7c4) line 871 + 31 bytes
PresShell::HandleEventInternal(nsEvent * 0x0012f858, nsIView * 0x02635f80, 
nsEventStatus * 0x0012f7c4) line 4028 + 45 bytes
PresShell::HandleEvent(PresShell * const 0x026358f4, nsIView * 0x02635f80, 
nsGUIEvent * 0x0012f858, nsEventStatus * 0x0012f7c4, int 1, int & 1) line 3963 + 
23 bytes
nsView::HandleEvent(nsView * const 0x02635f80, nsGUIEvent * 0x0012f858, unsigned 
int 28, nsEventStatus * 0x0012f7c4, int 1, int & 1) line 787
nsViewManager2::DispatchEvent(nsViewManager2 * const 0x02634180, nsGUIEvent * 
0x0012f858, nsEventStatus * 0x0012f7c4) line 1429
HandleEvent(nsGUIEvent * 0x0012f858) line 69
nsWindow::DispatchEvent(nsWindow * const 0x02635e44, nsGUIEvent * 0x0012f858, 
nsEventStatus & nsEventStatus_eIgnore) line 614 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f858) line 635
nsWindow::DispatchKeyEvent(unsigned int 131, unsigned short 32, unsigned int 0) 
line 2215 + 15 bytes
nsWindow::OnChar(unsigned int 32, unsigned int 0, unsigned char 0) line 2339
nsWindow::ProcessMessage(unsigned int 258, unsigned int 32, long 3735553, long * 
0x0012fbe0) line 2773 + 33 bytes
nsWindow::WindowProc(HWND__ * 0x007a0d7c, unsigned int 258, unsigned int 32, 
long 3735553) line 883 + 27 bytes
USER32! 77e71820()

Comment 11

[Brendan Eich [:brendan]]

rods, ckritzer: the new crash (8/24 backtrace in comments) is a different bug
from this filed-on-5/14 one.  It looks like some kind of floating point unit
mode initialization problem introduced when I changed JS to initialize classes
(including the Number class and its well-known constants such as NaN, -Infinity,
and Infinity) once per process rather than per thread.

I'll take a new bug split off from this one: bug 50212.  Thanks, and sorry for
the regression.

/be

Comment 12

[ekrock's old account (dead)]

Marking as [nsbeta3-] a number of bugs that were already marked Future (but not 
[nsbeta3-]) because the Netscape engineer the bug is assigned to is 
overburdened. If you disagree with this decision, please provide information 
about customer and user impact, but please do not clear the [nsbeta3-] unless 
you are reassigning the bug to yourself and committing to a fix within the 
nsbeta3 timeframe.

Comment 13

[rods (gone)]

I can't get it to crash now that Brendan has fixed his bug. I am not implying 
that his regression was the only problem, just that I can't get it to crash with 
the nifty little keyboard app.

Comment 14

[bertilow]

This bug seems to be fixed now. I just tested a recent build of M18 with
the original keyboard application (the one that actually does something),
and I have seen no crashes. Let's just hope that there will be no
regressions...

Thanks guys!

Comment 15

[Loco]

Updating QA Contact.

Comment 16

[rods (gone)]

marked fixed from comments

Comment 17

[Loco]

VERIFIED also based on comments.