Closed
Bug 409570
Opened 17 years ago
Closed 17 years ago
Ctrl + arrow in form text input crashes Firefox [@ nsNativeKeyBindings::KeyPress]
Categories
(Core :: DOM: UI Events & Focus Handling, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.9beta3
People
(Reporter: bjackson0971, Assigned: ivanov)
References
Details
(Keywords: crash, regression)
Crash Data
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b3pre) Gecko/2007122208 Firefox/3.0b3pre Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b3pre) Gecko/2007122208 Firefox/3.0b3pre In my nightly trunk builds from CVS in recent days, pressing Ctr + left or right arrow in a text input in a form or in the location bar crashes Firefox. Stack trace is below. Note that omit frame pointer and other GCC optimizations were enabled in my build, so the trace may be incomplete or inaccurate. The crash did not happen with omit frame pointer removed. Reproducible: Always Steps to Reproduce: 1. Press Ctrl + left or right arrow in a form's text input or the location bar 2. Firefox seg faults 3. Program received signal SIGSEGV, Segmentation fault. 0x08252a31 in nsNativeKeyBindings::KeyPress (this=0x92c8670, aEvent=@0xbfd34094, aCallback=0x834ab64 <DoCommandCallback>, aCallbackData=0x98156cc) at nsNativeKeyBindings.cpp:299 299 if (guiEvent && (gdb) bt #0 0x08252a31 in nsNativeKeyBindings::KeyPress (this=0x92c8670, aEvent=@0xbfd34094, aCallback=0x834ab64 <DoCommandCallback>, aCallbackData=0x98156cc) at nsNativeKeyBindings.cpp:299 #1 0x0834771c in nsTextInputListener::KeyPress (this=0x9846d38, aKeyEvent=0xb43507e8) at nsTextControlFrame.cpp:477 #2 0x0846f417 in nsEventListenerManager::HandleEvent (this=0x981b0e8, aPresContext=0x913b138, aEvent=0xbfd344dc, aDOMEvent=0xbfd34230, aCurrentTarget=0x97e6a00, aFlags=518, aEventStatus=0xbfd34234) at nsEventListenerManager.cpp:184 #3 0x08485646 in nsEventTargetChainItem::HandleEvent (this=0xb2a22848, aVisitor=@0xbfd34228, aFlags=518) at nsEventDispatcher.cpp:206 #4 0x08485765 in nsEventTargetChainItem::HandleEventTargetChain ( this=0xb2a229a8, aVisitor=@0xbfd34228, aFlags=518, aCallback=0xbfd34294) at nsEventDispatcher.cpp:264 #5 0x0848587f in nsEventTargetChainItem::HandleEventTargetChain ( this=0xb2a229a8, aVisitor=@0xbfd34228, aFlags=518, aCallback=0xbfd34294) at nsEventDispatcher.cpp:316 #6 0x08486166 in nsEventDispatcher::Dispatch (aTarget=0x97e6a00, aPresContext=0x913b138, aEvent=0xbfd344dc, aDOMEvent=0x0, aEventStatus=0xbfd34350, aCallback=0xbfd34294) at nsEventDispatcher.cpp:479 #7 0x082d0ec7 in PresShell::HandleEventInternal (this=0x94027c0, aEvent=0xbfd344dc, aView=0x92adbc0, aStatus=0xbfd34350) at nsPresShell.cpp:5822 ---Type <return> to continue, or q <return> to quit--- #8 0x082d22d9 in PresShell::HandleEvent (this=0x94027c0, aView=0x92adbc0, aEvent=0xbfd344dc, aEventStatus=0xbfd34350) at nsPresShell.cpp:5622 #9 0x084e544a in nsViewManager::HandleEvent (this=0x92adb60, aView=0x92adbc0, aPoint=@0xbfd343d0, aEvent=0xbfd344dc, aCaptured=0) at nsViewManager.cpp:1295 #10 0x084e86c4 in nsViewManager::DispatchEvent (this=0x92adb60, aEvent=0xbfd344dc, aStatus=0xbfd34430) at nsViewManager.cpp:1251 #11 0x084e3ee3 in HandleEvent (aEvent=0xbfd344dc) at nsView.cpp:168 #12 0x0827959f in nsCommonWidget::DispatchEvent (this=0x92a05a8, aEvent=0xbfd344dc, aStatus=@0xbfd345b8) at nsCommonWidget.cpp:156 #13 0x08277df5 in nsWindow::OnKeyPressEvent (this=0x92a05a8, aWidget=0x9217cc0, aEvent=0x8ea7ea0) at nsWindow.cpp:2396 #14 0x082784b6 in key_press_event_cb (widget=0x9217cc0, event=0x8ea7ea0) at nsWindow.cpp:4706 #15 0x4ce1f56c in JS_DHashAllocTable () at jsdhash.c:88 #16 0x4c85de9d in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #17 0x4c87160c in JS_DHashAllocTable () at jsdhash.c:88 #18 0x4c872f46 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #19 0x4c87357b in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #20 0x4cf45fa3 in JS_DHashAllocTable () at jsdhash.c:88 #21 0x4cf57346 in gtk_window_propagate_key_event () from /usr/lib/libgtk-x11-2.0.so.0 #22 0x4cf5a66e in JS_DHashAllocTable () at jsdhash.c:88 ---Type <return> to continue, or q <return> to quit--- #23 0x4ce1f56c in JS_DHashAllocTable () at jsdhash.c:88 #24 0x4c85c6ce in JS_DHashAllocTable () at jsdhash.c:88 #25 0x4c85de9d in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #26 0x4c8717ac in JS_DHashAllocTable () at jsdhash.c:88 #27 0x4c872f46 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #28 0x4c87357b in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #29 0x4cf45fa3 in JS_DHashAllocTable () at jsdhash.c:88 #30 0x4ce183d7 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0 #31 0x4ce1959c in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0 #32 0x4cbcedc8 in JS_DHashAllocTable () at jsdhash.c:88 #33 0x4c693932 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #34 0x4c696d44 in JS_DHashAllocTable () at jsdhash.c:88 #35 0x4c69724c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #36 0x08259f71 in nsBaseAppShell::DoProcessNextNativeEvent (this=0x8ed6a00, mayWait=1) at nsBaseAppShell.cpp:137 #37 0x0825a207 in nsBaseAppShell::OnProcessNextEvent (this=0x8ed6a00, thr=0x8ece738, mayWait=1, recursionDepth=0) at nsBaseAppShell.cpp:247 #38 0xb7dbdace in JS_DHashAllocTable () at jsdhash.c:88 #39 0x08ed6a00 in ?? () #40 0x08ece738 in ?? () #41 0x00000001 in ?? () #42 0x00000001 in ?? () #43 0x00000001 in ?? ()
Reporter | ||
Updated•17 years ago
|
Version: unspecified → Trunk
Updated•17 years ago
|
Summary: Ctrl + arrow in form text input crashes Firefox → Ctrl + arrow in form text input crashes Firefox [@ nsNativeKeyBindings::KeyPress]
Comment 1•17 years ago
|
||
I see it, too. Minefield crashes when typed [Tab], [Ctrl]+[V] or etc. in a textfield. ---------------------------------------------------------------------- Using Minefield (contributed build by Sun): http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/contrib/latest-trunk/firefox-3.0b3pre.en-US.solaris11-i386.tar.bz2 Build identifier: Mozilla/5.0 (X11; U; SunOS i86pc; ja; rv:1.9b3pre) Gecko/2007122402 Minefield/3.0b3pre Build platform target i386-pc-solaris2.11 Build tools Compiler Version Compiler flags /ws/onnv-tools-prc/SUNWspro/SS11/bin/cc Sun C 5.8 Patch 121016-05 2007/01/10 -xlibmopt -xstrconst -xbuiltin=%all -mt /ws/onnv-tools-prc/SUNWspro/SS11/bin/CC Sun C++ 5.8 Patch 121018-07 2006/11/01 -xlibmil -xlibmopt -lCrun -lCstd -xbuiltin=%all -features=tmplife -norunpath -mt Configure arguments --enable-application=browser --enable-dtrace --enable-xinerama --disable-tests --srcdir=/export/home/mozilla/uild/firefox-nightly/src/mozilla ---------------------------------------------------------------------- Stack trace: Reading firefox-bin core file header read successfully Reading ld.so.1 Reading libCrun.so.1 Reading libCstd.so.1 Reading libpthread.so.1 Reading libc.so.1 Reading libxpcom.so Reading libxul.so Reading libsqlite3.so Reading libmozjs.so Reading libssl3.so Reading libnss3.so Reading libplc4.so Reading libnspr4.so Reading libthread.so.1 Reading librt.so.1 Reading libplds4.so Reading libsocket.so.1 Reading libnsl.so.1 Reading libdl.so.1 Reading libgobject-2.0.so.0.1200.12 Reading libglib-2.0.so.0.1200.12 Reading libXrender.so.1 Reading libX11.so.4 Reading libgtk-x11-2.0.so.0.1000.12 Reading libgdk-x11-2.0.so.0.1000.12 Reading libmlib.so.2 Reading libmlib_sse2.so.2 Reading libcairo.so.2.11.5 Reading libXt.so.4 Reading libdemangle.so.1 Reading libgthread-2.0.so.0.1200.12 Reading ja.so.3 Reading methods_ja_JP.eucJP.so.3 Reading xlibi18n_ja.so.2 Reading libXau.so.6 Reading libXext.so.0 Reading UTF-8%8859-1.so Reading libXfixes.so.1 Reading libXi.so.5 Reading libgnomeui-2.so.0.1800.1 Reading libart_lgpl_2.so.2.3.19 Reading libgconf-2.so.4.1.2 Reading libORBit-2.so.0.1.0 Reading libjpeg.so.62.0.0 Reading libgnome-2.so.0.1800.0 Reading libbonobo-activation.so.4.0.0 Reading libpopt.so.0.0.0 Reading libbonoboui-2.so.0.0.0 Reading libbonobo-2.so.0.0.0 Reading libORBitCosNaming-2.so.0.1.0 Reading libxml2.so.2 Reading libz.so.1 Reading libm.so.2 Reading libICE.so.6 Reading libgnomevfs-2.so.0.1800.1 Reading libresolv.so.2 Reading libdbus-glib-1.so.2.1.0 Reading libdbus-1.so.3.2.0 Reading libSM.so.6 Reading libgdk_pixbuf-2.0.so.0.1000.12 Reading libatk-1.0.so.0.1809.1 Reading eucJP%UTF-16LE.so Reading UTF-16LE%eucJP.so Reading libbrowserdirprovider.so Reading libpango-1.0.so.0.1600.4 Reading libgmodule-2.0.so.0.1200.12 Reading libnimbus.so Reading libpangocairo-1.0.so.0.1600.4 Reading libfontconfig.so.1 Reading libXrandr.so.2 Reading libfreetype.so.6 Reading libpng12.so.0.18.0 Reading libpangoft2-1.0.so.0.1600.4 Reading libexpat.so.0.5.0 Reading libmp.so.2 Reading libmd.so.1 Reading libscf.so.1 Reading libuutil.so.1 Reading libgen.so.1 Reading eucJP%UTF-8.so Reading libpixbufloader-xpm.so Reading im-iiim.so Reading libiiimcf.so.3.0.0 Reading libiiimp.so.1.0.0 Reading atokx2aux.so Reading WnnAUX.so Reading libsoftokn3.so Reading libbsm.so.1 Reading libsecdb.so.1 Reading libtsol.so.2 Reading libnssdbm3.so Reading libfreebl3.so Reading libkstat.so.1 Reading libsmime3.so Reading libnssckbi.so Reading libbrowsercomps.so Reading libnkgnomevfs.so Reading pango-basic-fc.so Reading libimgicon.so Reading libpixbufloader-png.so Reading libgnome-keyring.so.0.0.1 Reading libgnomecanvas-2.so.0.1400.0 Reading libgailutil.so.18.0.1 Reading libssl.so.0.9.8 Reading libcrypto.so.0.9.8 Reading libesd.so.0.2.38 Reading libaudiofile.so.0.0.2 Reading libXinerama.so.1 Reading libmozgnome.so Reading xiiimp.so.2 Reading UTF-8%eucJP.so t@1 (l@1) terminated by signal SEGV (セグメント例外) 0xd115f1b5: __lwp_kill+0x0015: jae __lwp_kill+0x23 [ 0xd115f1c3, .+0xe ] (dbx) where current thread: t@1 =>[1] __lwp_kill(0x1, 0xb), at 0xd115f1b5 [2] _thr_kill(0x1, 0xb), at 0xd115bccb [3] raise(0xb), at 0xd1116a62 [4] nsProfileLock::FatalSignalHandler(0xb, 0x0, 0x8045794), at 0xcf8ab2d2 [5] __sighndlr(0xb, 0x0, 0x8045794, 0xcf8ab1ec), at 0xd115dcaf ---- called from signal handler with signal 11 (SIGSEGV) ------ [6] gtk_bindings_activate_event(0x8d5b9f8, 0x630065), at 0xce6b2bc0 [7] nsNativeKeyBindings::KeyPress(0x8da7118, 0x8045a14, 0xcfba58dc, 0x9256064), at 0xd0486f0f [8] nsTextInputListener::KeyPress(0x8dbb318, 0x8d95a30), at 0xcfba5fed [9] DispatchToInterface(0x8d95a30, 0x8dbb320, 0xcfd4f4cc, 0x0, 0xd0cf1c50), at 0xcfd4a0d5 [10] nsEventListenerManager::HandleEvent(0x8dbb740, 0x8bed948, 0x8045f84, 0x8045c40, 0x925e2a0, 0x206, 0x8045c44), at 0xcfd4d4f7 [11] nsEventTargetChainItem::HandleEvent(0x9043fc0, 0x8045c38, 0x206), at 0xcfd78a2d [12] nsEventTargetChainItem::HandleEventTargetChain(0x9044260, 0x8045c38, 0x206, 0x8045cc8), at 0xcfd78b99 [13] nsEventTargetChainItem::HandleEventTargetChain(0x9044260, 0x8045c38, 0x6, 0x8045cc8), at 0xcfd78d04 [14] nsEventDispatcher::Dispatch(0x925e2a0, 0x8bed948, 0x8045f84, 0x0, 0x8045ebc, 0x8045cc8), at 0xcfd792a6 [15] PresShell::HandleEventInternal(0x8d25d28, 0x8045f84, 0x8bee280, 0x8045ebc), at 0xcfb0466e [16] PresShell::HandleEvent(0x8d25d28, 0x8bee280, 0x8045f84, 0x8045ebc), at 0xcfb03f78 [17] nsViewManager::DispatchEvent(0x91a44a0, 0x8045f84, 0x8045eec), at 0xcfef0afc [18] HandleEvent(0x8045f84), at 0xcfeea366 [19] nsCommonWidget::DispatchEvent(0x91c6338, 0x8045f84, 0x804606c), at 0xd047afaa [20] nsWindow::OnKeyPressEvent(0x91c6338, 0x817fb68, 0x809dae8), at 0xd046de6b [21] key_press_event_cb(0x817fb68, 0x809dae8, 0x0), at 0xd04745d0 [22] _gtk_marshal_BOOLEAN__BOXED(0x84eef58, 0x8046180, 0x2, 0x804623c, 0x804619c, 0x0), at 0xce76799c [23] g_closure_invoke(0x84eef58, 0x8046180, 0x2, 0x804623c, 0x804619c), at 0xcec6edd3 [24] signal_emit_unlocked_R(0x80b6838, 0x0, 0x817fb68, 0x80463bc, 0x804623c), at 0xcec82ac6 [25] g_signal_emit_valist(0x817fb68, 0x33, 0x0, 0x80464b0), at 0xcec81b76 [26] g_signal_emit(0x817fb68, 0x33, 0x0, 0x809dae8, 0x80464d4), at 0xcec81f6d [27] gtk_widget_event_internal(0x817fb68, 0x809dae8), at 0xce86a07b [28] gtk_widget_event(0x817fb68, 0x809dae8), at 0xce869d0d [29] gtk_window_propagate_key_event(0x8189348, 0x809dae8), at 0xce87583d [30] gtk_window_key_press_event(0x8189348, 0x809dae8, 0x80b3e78), at 0xce875908 [31] _gtk_marshal_BOOLEAN__BOXED(0x80b5d50, 0x8046640, 0x2, 0x80466fc, 0x804665c, 0xce8758d8), at 0xce76799c [32] g_type_class_meta_marshal(0x80b5d50, 0x8046640, 0x2, 0x80466fc, 0x804665c, 0xcc), at 0xcec6f0b4 [33] g_closure_invoke(0x80b5d50, 0x8046640, 0x2, 0x80466fc, 0x804665c), at 0xcec6edd3 [34] signal_emit_unlocked_R(0x80b6838, 0x0, 0x8189348, 0x804687c, 0x80466fc), at 0xcec82c8a [35] g_signal_emit_valist(0x8189348, 0x33, 0x0, 0x8046970), at 0xcec81b76 [36] g_signal_emit(0x8189348, 0x33, 0x0, 0x809dae8, 0x8046994), at 0xcec81f6d [37] gtk_widget_event_internal(0x8189348, 0x809dae8), at 0xce86a07b [38] gtk_widget_event(0x8189348, 0x809dae8), at 0xce869d0d [39] gtk_propagate_event(0x8189348, 0x809dae8), at 0xce76668d [40] gtk_main_do_event(0x809dae8, 0x0), at 0xce765681 [41] gdk_event_dispatch(0x80a2770, 0x0, 0x0), at 0xce9c6d22 [42] g_main_dispatch(0x80a27b8), at 0xcebe517d [43] g_main_context_dispatch(0x80a27b8), at 0xcebe626d [44] g_main_context_iterate(0x80a27b8, 0x1, 0x1, 0x8083e38), at 0xcebe668a [45] g_main_context_iteration(0x80a27b8, 0x1), at 0xcebe68e3 [46] nsAppShell::ProcessNextNativeEvent(0x8157118, 0x1), at 0xd0478efd [47] nsBaseAppShell::OnProcessNextEvent(0x8157118, 0x80c8d28, 0x1, 0x0), at 0xd04922d8 [48] nsThread::ProcessNextEvent(0x80c8d28, 0x1, 0x8046c30), at 0xd05f2f23 [49] NS_ProcessNextEvent_P(0x80c8d28, 0x1), at 0xd05a02eb [50] nsBaseAppShell::Run(0x8157118), at 0xd049211b [51] nsAppStartup::Run(0x818dd80), at 0xd0282c71 [52] XRE_main(0x1, 0x8047090, 0x80837c8), at 0xcf8a1d32 [53] main(0x1, 0x8047090, 0x8047098), at 0x8051714
Comment 2•17 years ago
|
||
I presume this is a regression?
Comment 3•17 years ago
|
||
Until Gecko/2007121902, crashes didn't occur. From Gecko/2007122002, crashes occur.
Comment 4•17 years ago
|
||
Tsuyoshi SASAMOTO, thank you for your clarification. To be even more clearer, could you please test with your two builds, and give us the build IDs as reported by putting: about: in the URL bar, pressing enter, and reporting the "Build identifier:". Thank you!
Comment 5•17 years ago
|
||
Is this right? Crashes didn't occur: Build identifier: Mozilla/5.0 (X11; U; SunOS i86pc; ja; rv:1.9b3pre) Gecko/2007121902 Minefield/3.0b3pre Crashes occur: Build identifier: Mozilla/5.0 (X11; U; SunOS i86pc; ja; rv:1.9b3pre) Gecko/2007122002 Minefield/3.0b3pre
Comment 6•17 years ago
|
||
Tsuyoshi SASAMOTO, I am not sure it is right.. in comment 3 you say > Until Gecko/2007121902, crashes didn't occur. > From Gecko/2007122002, crashes occur. which means in 2007-12-19 hour 02 you had no crash but in 2007-12-20 hour 02 you had a crash But then in comment 5 you say: > No-crash: 2007121902 Minefield/3.0b3pre > Crash: 2007122002 Minefield/3.0b3pre which means in 2007-12-19 hour 02 you had no crash (MATCHES!) but in 2007-12-22 hour 02 you had a crash (DIFFERENT FROM THE ORIGINAL CRASH RANGE!) So I don't know what to believe!
Comment 7•17 years ago
|
||
(In reply to comment #6) Hmm... It's an illusion. Please see comment 5 carefully. I wrote Gecko/2007122002, NOT Gecko/2007122202.
Comment 8•17 years ago
|
||
Sir, I apologize for my mistake. Checkins to module PhoenixTinderbox between 2007-12-19 01:00 and 2007-12-20 03:00 : http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=PhoenixTinderbox&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2007-12-19+01&maxdate=2007-12-20+03&cvsroot=%2Fcvsroot
Comment 9•17 years ago
|
||
Regression coming from bug 406407. For some reason, I can't reproduce the crash using an official build.
Status: UNCONFIRMED → NEW
Component: General → Keyboard: Navigation
Ever confirmed: true
Flags: blocking-firefox3?
Product: Firefox → Core
QA Contact: general → keyboard.navigation
Updated•17 years ago
|
Keywords: regression
Updated•17 years ago
|
Assignee: nobody → lolkaantimat
Comment 10•17 years ago
|
||
bug 406407 is fixed now, so this shouldn't crash any more. Brad, Tsuyoshi, please reopen if you still see this crash.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Updated•17 years ago
|
Target Milestone: --- → mozilla1.9 M11
Reporter | ||
Comment 11•17 years ago
|
||
The crash is fixed with the latest from trunk.
Comment 12•17 years ago
|
||
Now it works without crashes, thanks. Build identifier: Mozilla/5.0 (X11; U; SunOS i86pc; ja; rv:1.9b3pre) Gecko/2007123102 Minefield/3.0b3pre
Updated•13 years ago
|
Crash Signature: [@ nsNativeKeyBindings::KeyPress]
Updated•5 years ago
|
Component: Keyboard: Navigation → User events and focus handling
You need to log in
before you can comment on or make changes to this bug.
Description
•