Closed Bug 44311 Opened 24 years ago Closed 24 years ago

Crash on focus switching during slow page load.

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 44266

People

(Reporter: suckfish, Assigned: jst)

References

(
URL
)

Details

[Apologies if this gets commited multiple times - bugzilla isn't being nice to
me]

This is related to 43432; that particular crash was fixed, leaving a wider
problem as discussed in the notes on that item..

(0) Connect to the internet over a high-latency link (e.g., 56k modem with large
ftp transfer in background).

(1) Browse site above.

(2) While loading pages, repeatedly switch focus out of and back into mozilla
windows.

Crashes are fairly common, although not every time.

The stack traces are variable, but do seem to have some things in common:

- there appears to be a dangling pointer; somewhere on the stack an object has
a bogus-looking mRefCnt.

- the crash occurs during event processing.

- focus handling methods such as nsEventStateManager::SendFocusBlur are in the
backtrace.

- nsHTMLAnchorElement::SetFocus is in the backtrace.

As regards the mRefCnt, in the crash below, we have,

(gdb) up
#6  0x40c6a563 in nsHTMLAnchorElement::HandleDOMEvent (this=0x8b17ac8,
aPresContext=0x93e5fb8, aEvent=0xbfffe5fc, aDOMEvent=0x0, aFlags=1,
aEventStatus=0xbfffe558) at
../../../../../mozilla/layout/html/content/src/nsHTMLAnchorElement.cpp:412
(gdb) p this->mRefCnt
$12 = 3145796

The stack trace in full:

#0  0x40e5011f in nsGenericElement::HandleDOMEvent (this=0x93ca788,
aPresContext=0x93e5fb8, aEvent=0xbfffe5fc, aDOMEvent=0xbfffe2c8, aFlags=4,
aEventStatus=0xbfffe558) at
../../../../mozilla/layout/base/src/nsGenericElement.cpp:1369
#1  0x40cf1604 in nsHTMLTableRowElement::HandleDOMEvent (this=0x93ca778,
aPresContext=0x93e5fb8, aEvent=0xbfffe5fc, aDOMEvent=0xbfffe2c8, aFlags=4,
aEventStatus=0xbfffe558) at
../../../../../mozilla/layout/html/content/src/nsHTMLTableRowElement.cpp:734
#2  0x40e5014e in nsGenericElement::HandleDOMEvent (this=0x8b17a5c,
aPresContext=0x93e5fb8, aEvent=0xbfffe5fc, aDOMEvent=0xbfffe2c8, aFlags=4,
aEventStatus=0xbfffe558) at
../../../../mozilla/layout/base/src/nsGenericElement.cpp:1373
#3  0x40ce9664 in nsHTMLTableCellElement::HandleDOMEvent (this=0x8b17a48,
aPresContext=0x93e5fb8, aEvent=0xbfffe5fc, aDOMEvent=0xbfffe2c8, aFlags=4,
aEventStatus=0xbfffe558) at
../../../../../mozilla/layout/html/content/src/nsHTMLTableCellElement.cpp:555
#4  0x40e5014e in nsGenericElement::HandleDOMEvent (this=0x8b17adc,
aPresContext=0x93e5fb8, aEvent=0xbfffe5fc, aDOMEvent=0xbfffe2c8, aFlags=1,
aEventStatus=0xbfffe558) at
../../../../mozilla/layout/base/src/nsGenericElement.cpp:1373
#5  0x40c62e6a in nsGenericHTMLElement::HandleDOMEventForAnchors
(this=0x8b17adc, aOuter=0x8b17ad4, aPresContext=0x93e5fb8, aEvent=0xbfffe5fc,
aDOMEvent=0x0, aFlags=1, aEventStatus=0xbfffe558) at
../../../../../mozilla/layout/html/content/src/nsGenericHTMLElement.cpp:1096
#6  0x40c6a563 in nsHTMLAnchorElement::HandleDOMEvent (this=0x8b17ac8,
aPresContext=0x93e5fb8, aEvent=0xbfffe5fc, aDOMEvent=0x0, aFlags=1,
aEventStatus=0xbfffe558) at
../../../../../mozilla/layout/html/content/src/nsHTMLAnchorElement.cpp:412
#7  0x40c12fcb in nsEventStateManager::SendFocusBlur (this=0x92c85b8,
aPresContext=0x93e5fb8, aContent=0x8b17ad4) at
../../../../mozilla/layout/events/src/nsEventStateManager.cpp:2413
#8  0x40c123c8 in nsEventStateManager::SetContentState (this=0x92c85b8,
aContent=0x8b17ad4, aState=2) at
../../../../mozilla/layout/events/src/nsEventStateManager.cpp:2185
#9  0x40c6a2f0 in nsHTMLAnchorElement::SetFocus (this=0x8b17ac8,
aPresContext=0x93e5fb8) at
../../../../../mozilla/layout/html/content/src/nsHTMLAnchorElement.cpp:311
#10 0x40c0e6e7 in nsEventStateManager::PreHandleEvent (this=0x86c9208,
aPresContext=0x839aeb8, aEvent=0xbfffe9e4, aTargetFrame=0x86c6b38,
aStatus=0xbfffe954, aView=0x82cb490) at
../../../../mozilla/layout/events/src/nsEventStateManager.cpp:464
#11 0x40c4d85b in PresShell::HandleEventInternal (this=0x839b4f8,
aEvent=0xbfffe9e4, aView=0x82cb490, aStatus=0xbfffe954) at
../../../../../mozilla/layout/html/base/src/nsPresShell.cpp:3899
#12 0x40c4d75a in PresShell::HandleEvent (this=0x839b4f8, aView=0x82cb490,
aEvent=0xbfffe9e4, aEventStatus=0xbfffe954, aHandled=@0xbfffe8e0) at
../../../../../mozilla/layout/html/base/src/nsPresShell.cpp:3840
#13 0x409d77f7 in nsView::HandleEvent (this=0x82cb490, event=0xbfffe9e4,
aEventFlags=28, aStatus=0xbfffe954, aHandled=@0xbfffe8e0) at
../../../mozilla/view/src/nsView.cpp:769
#14 0x409e671a in nsViewManager2::DispatchEvent (this=0x839b0f8,
aEvent=0xbfffe9e4, aStatus=0xbfffe954) at
../../../mozilla/view/src/nsViewManager2.cpp:1387
#15 0x409d6445 in HandleEvent (aEvent=0xbfffe9e4) at
../../../mozilla/view/src/nsView.cpp:68
#16 0x40a15ac6 in nsWidget::DispatchEvent (this=0x839b1b8, aEvent=0xbfffe9e4,
aStatus=@0xbfffe9a0) at ../../../../mozilla/widget/src/gtk/nsWidget.cpp:1461
#17 0x40a159d8 in nsWidget::DispatchWindowEvent (this=0x839b1b8,
event=0xbfffe9e4) at ../../../../mozilla/widget/src/gtk/nsWidget.cpp:1352
#18 0x40a15a5a in nsWidget::DispatchFocus (this=0x839b1b8, aEvent=@0xbfffe9e4)
at ../../../../mozilla/widget/src/gtk/nsWidget.cpp:1374
#19 0x40a1ad08 in nsWindow::SetFocus (this=0x839b1b8) at
../../../../mozilla/widget/src/gtk/nsWindow.cpp:1052
#20 0x40f97f60 in GlobalWindowImpl::Focus (this=0x8295200) at
../../../../mozilla/dom/src/base/nsGlobalWindow.cpp:1366
#21 0x4126ef30 in nsWebShellWindow::HandleEvent (aEvent=0xbfffeb50) at
../../../../mozilla/xpfe/appshell/src/nsWebShellWindow.cpp:529
#22 0x40a15ac6 in nsWidget::DispatchEvent (this=0x82945b8, aEvent=0xbfffeb50,
aStatus=@0xbfffeb4c) at ../../../../mozilla/widget/src/gtk/nsWidget.cpp:1461
#23 0x40a1d5f5 in handle_mozarea_focus_in (aWidget=0x8294470,
aGdkFocusEvent=0xbfffef30, aData=0x82945b8) at
../../../../mozilla/widget/src/gtk/nsWindow.cpp:2745
#24 0x403f1a5a in gtk_marshal_BOOL__POINTER (object=0x8294470, func=0x40a1d570
<handle_mozarea_focus_in(_GtkWidget *, _GdkEventFocus *, void *)>,
func_data=0x82945b8, args=0xbfffec64) at gtkmarshal.c:28
#25 0x40420955 in gtk_handlers_run (handlers=0x822cee0, signal=0xbfffec18,
object=0x8294470, params=0xbfffec64, after=0) at gtksignal.c:1917
#26 0x4041fd7d in gtk_signal_real_emit (object=0x8294470, signal_id=31,
params=0xbfffec64) at gtksignal.c:1477
#27 0x4041de1c in gtk_signal_emit (object=0x8294470, signal_id=31) at
gtksignal.c:552
#28 0x40453f6f in gtk_widget_event (widget=0x8294470, event=0xbfffef30) at
gtkwidget.c:2860
#29 0x4045c4fe in gtk_window_real_set_focus (window=0x8294968, focus=0x8294470)
at gtkwindow.c:1499
#30 0x403f1caf in gtk_marshal_NONE__POINTER (object=0x8294968, func=0x4045c2a0
<gtk_window_real_set_focus>, func_data=0x0, args=0xbfffefec) at gtkmarshal.c:193
#31 0x4041fdbb in gtk_signal_real_emit (object=0x8294968, signal_id=63,
params=0xbfffefec) at gtksignal.c:1492
#32 0x4041de1c in gtk_signal_emit (object=0x8294968, signal_id=63) at
gtksignal.c:552
#33 0x404599f8 in gtk_window_set_focus (window=0x8294968, focus=0x8294470) at
gtkwindow.c:441
#34 0x404549d6 in gtk_widget_real_grab_focus (focus_widget=0x8294470) at
gtkwidget.c:3119
#35 0x403f1e7b in gtk_marshal_NONE__NONE (object=0x8294470, func=0x40454898
<gtk_widget_real_grab_focus>, func_data=0x0, args=0xbffff35c) at
gtkmarshal.c:312
#36 0x4041fdbb in gtk_signal_real_emit (object=0x8294470, signal_id=18,
params=0xbffff35c) at gtksignal.c:1492
#37 0x4041de1c in gtk_signal_emit (object=0x8294470, signal_id=18) at
gtksignal.c:552
#38 0x4045482e in gtk_widget_grab_focus (widget=0x8294470) at gtkwidget.c:3072
#39 0x40a1d505 in handle_toplevel_focus_in (aWidget=0x8294968,
aGdkFocusEvent=0x82bea48, aData=0x82945b8) at
../../../../mozilla/widget/src/gtk/nsWindow.cpp:2667
#40 0x403f1a5a in gtk_marshal_BOOL__POINTER (object=0x8294968, func=0x40a1d4bc
<handle_toplevel_focus_in(_GtkWidget *, _GdkEventFocus *, void *)>,
func_data=0x82945b8, args=0xbffff704) at gtkmarshal.c:28
#41 0x40420955 in gtk_handlers_run (handlers=0x822cf40, signal=0xbffff6b8,
object=0x8294968, params=0xbffff704, after=0) at gtksignal.c:1917
#42 0x4041fd7d in gtk_signal_real_emit (object=0x8294968, signal_id=31,
params=0xbffff704) at gtksignal.c:1477
#43 0x4041de1c in gtk_signal_emit (object=0x8294968, signal_id=31) at
gtksignal.c:552
#44 0x40453f6f in gtk_widget_event (widget=0x8294968, event=0x82bea48) at
gtkwidget.c:2860
#45 0x403f0c1a in gtk_main_do_event (event=0x82bea48) at gtkmain.c:786
#46 0x40a1064d in handle_gdk_event (event=0x82bea48, data=0x0) at
../../../../mozilla/widget/src/gtk/nsGtkEventHandler.cpp:902
#47 0x4049d111 in gdk_event_dispatch (source_data=0x0, current_time=0xbffffa9c,
user_data=0x0) at gdkevents.c:2129
#48 0x404c8646 in g_main_dispatch (dispatch_time=0xbffffa9c) at gmain.c:656
#49 0x404c8c40 in g_main_iterate (block=1, dispatch=1) at gmain.c:877
#50 0x404c8de9 in g_main_run (loop=0x81b5818) at gmain.c:935
#51 0x403f0489 in gtk_main () at gtkmain.c:476
#52 0x40a08682 in nsAppShell::Run (this=0x8200d68) at
../../../../mozilla/widget/src/gtk/nsAppShell.cpp:334
#53 0x4126cc07 in nsAppShellService::Run (this=0x8200ee8) at
../../../../mozilla/xpfe/appshell/src/nsAppShellService.cpp:386
#54 0x0804d3c3 in ?? ()
From the stacktrace this looks like a dup of bug 44266, please undup if this
still happens once that bug is fixed.

*** This bug has been marked as a duplicate of 44266 ***
Status: UNCONFIRMED → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Verified Duplicate.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.