Closed
Bug 506108
Opened 15 years ago
Closed 14 years ago
Firefox Crash in [@ nsWindow::GetParentWindow(int)] called from nsIView::CreateWidget
Categories
(Core :: Widget: Win32, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jimm, Assigned: jimm)
References
Details
(Keywords: crash, topcrash, Whiteboard: [sg:critical?][no steps to reproduce][critsmash:investigating])
Crash Data
Attachments
(1 file)
|
2.10 KB,
patch
|
neil
:
review+
|
Details | Diff | Splinter Review |
Spin off from bug 470487, unrelated to tear down and happens much less frequently. http://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A3.6a1pre&platform=windows&query_search=signature&query_type=contains&query=GetParentWindow&date=&range_value=2&range_unit=weeks&do_query=1&signature=nsWindow%3A%3AGetParentWindow%28int%29 0 xul.dll nsWindow::GetParentWindow 1 xul.dll nsWindow::GetParent 2 xul.dll nsBaseWidget::SetZIndex 3 xul.dll UpdateNativeWidgetZIndexes 4 xul.dll nsIView::CreateWidget 5 xul.dll nsMenuPopupFrame::CreateWidgetForView 6 xul.dll nsMenuPopupFrame::EnsureWidget 7 xul.dll nsMenuPopupFrame::InitializePopup 8 xul.dll nsXULPopupManager::ShowPopup
Severity: normal → critical
Keywords: crash
Summary: Firefox Crash in nsWindow::GetParentWindow(int) called from nsIView::CreateWidget → Firefox Crash in [@ nsWindow::GetParentWindow] called from nsIView::CreateWidget
|
Assignee | |
Comment 1•15 years ago
|
||
http://crash-stats.mozilla.com/report/index/9894bf87-6d53-4c26-bb16-e9cf92090923 0 xul.dll nsWindow::GetParentWindow widget/src/windows/nsWindow.cpp:1062 1 xul.dll nsWindow::GetParent widget/src/windows/nsWindow.cpp:1024 2 xul.dll GetWidgetOffset layout/base/nsLayoutUtils.cpp:833 3 xul.dll nsLayoutUtils::TranslateWidgetToView layout/base/nsLayoutUtils.cpp:854 4 xul.dll nsLayoutUtils::GetEventCoordinatesRelativeTo layout/base/nsLayoutUtils.cpp:674 5 xul.dll PresShell::HandleEvent layout/base/nsPresShell.cpp:6188 6 xul.dll nsViewManager::HandleEvent view/src/nsViewManager.cpp:1202 7 xul.dll nsViewManager::DispatchEvent view/src/nsViewManager.cpp:1181 8 xul.dll HandleEvent view/src/nsView.cpp:167 9 xul.dll nsWindow::DispatchEvent widget/src/windows/nsWindow.cpp:2763 10 xul.dll nsWindow::DispatchWindowEvent widget/src/windows/nsWindow.cpp:2786 11 xul.dll nsWindow::DispatchMouseEvent widget/src/windows/nsWindow.cpp:3161 12 xul.dll ChildWindow::DispatchMouseEvent widget/src/windows/nsWindow.cpp:6678
|
|
Assignee | |
Comment 2•15 years ago
|
||
3.6 beta 1: http://crash-stats.mozilla.com/report/index/2933afe9-f06a-462f-8224-ff21e2090925 0 xul.dll nsWindow::GetParentWindow widget/src/windows/nsWindow.cpp:1165 1 xul.dll nsWindow::GetParent widget/src/windows/nsWindow.cpp:1127 2 xul.dll nsBaseWidget::SetZIndex widget/src/xpwidgets/nsBaseWidget.cpp:376 3 xul.dll xul.dll@0x3545ed 4 xul.dll nsIView::CreateWidget view/src/nsView.cpp:695 5 xul.dll nsMenuPopupFrame::CreateWidgetForView layout/xul/base/src/nsMenuPopupFrame.cpp:292 6 xul.dll nsMenuPopupFrame::EnsureWidget layout/xul/base/src/nsMenuPopupFrame.cpp:242 7 xul.dll nsMenuPopupFrame::InitializePopup layout/xul/base/src/nsMenuPopupFrame.cpp:509 8 xul.dll nsXULPopupManager::ShowPopup layout/xul/base/src/nsXULPopupManager.cpp:484
|
|
Assignee | |
Comment 3•15 years ago
|
||
This bug is specific to the crash signature in comment 2, comment 1 is now bug 530070.
|
|
Assignee | |
Updated•15 years ago
|
Summary: Firefox Crash in [@ nsWindow::GetParentWindow] called from nsIView::CreateWidget → Firefox Crash in [@ nsWindow::GetParentWindow(int)] called from nsIView::CreateWidget
|
||
Comment 4•15 years ago
|
||
One example stack for this crash: bp-ebe43c86-d12d-44dd-affc-bf5ec2091120 0 xul.dll nsWindow::GetParentWindow widget/src/windows/nsWindow.cpp:1063 1 xul.dll nsWindow::GetParent widget/src/windows/nsWindow.cpp:1025 2 xul.dll nsBaseWidget::SetZIndex widget/src/xpwidgets/nsBaseWidget.cpp:377 3 xul.dll UpdateNativeWidgetZIndexes view/src/nsView.cpp:595 4 xul.dll nsIView::CreateWidget view/src/nsView.cpp:695 5 xul.dll nsMenuPopupFrame::CreateWidgetForView layout/xul/base/src/nsMenuPopupFrame.cpp:292 6 xul.dll xul.dll@0x3ee957 It's hard to say how often this crash happens but nsWindow::GetParentWindow(int) is one of our top crashers so marking as topcrash for now.
Group: core-security
Keywords: topcrash
Summary: Firefox Crash in [@ nsWindow::GetParentWindow(int)] called from nsIView::CreateWidget → Firefox Crash in [@ nsWindow::GetParentWindow(int) | nsIView::CreateWidget]
|
|
Assignee | |
Comment 5•15 years ago
|
||
|
|
Assignee | |
Comment 6•15 years ago
|
||
Comment on attachment 413653 [details] [diff] [review] dump chain nsWindowDbg addition Some debug helper code I've used pretty often I'd like to check-in.
Attachment #413653 -
Flags: review?(neil)
|
||
Comment 7•15 years ago
|
||
putting multiple functions in the same set of brackets will make crash-stats unable to find this crash -- it has to exactly match the "Signature" field.
Summary: Firefox Crash in [@ nsWindow::GetParentWindow(int) | nsIView::CreateWidget] → Firefox Crash in [@ nsWindow::GetParentWindow(int)] called from nsIView::CreateWidget
Whiteboard: [sg:investigate]
|
||
Comment 8•15 years ago
|
||
Comment on attachment 413653 [details] [diff] [review] dump chain nsWindowDbg addition >+ HWND parent = 0; >+ do { >+ parent = GetAncestor(hwnd, GA_PARENT); >+ if (parent) { Nit: strange loop construction, although presumably less typing than for (HWND parent = GetAncestor(hwnd, GA_PARENT); parent; parent GetAncestor(parent, GA_PARENT)) >+ if (szBuf && strcmp(szBuf, "#32769") != 0) // desktop Nit: szBuf is an array, so never null.
Attachment #413653 -
Flags: review?(neil) → review+
|
||
Comment 9•14 years ago
|
||
jimm, are you planning to check in the debug helper code? What else can you do for this bug?
|
|
Assignee | |
Comment 10•14 years ago
|
||
(In reply to comment #9) > jimm, are you planning to check in the debug helper code? What else can you do > for this bug? Yes at some point, it's not something specific to this bug, just some generic debug code I'd like to get out of my patch queue. I'm currently nose down in oopp work, so if anyone would care to take a shot at this feel free, I probably won't have the time for it till summer.
|
|
||
Updated•14 years ago
|
Whiteboard: [sg:investigate]
|
||
Comment 11•14 years ago
|
||
Can we get a suggestion for a security rating here?
|
|
||
Updated•14 years ago
|
Whiteboard: [sg:critical?][no steps to reproduce][critsmash:investigating]
|
|
||
Updated•14 years ago
|
Keywords: testcase-wanted
|
|
||
Comment 12•14 years ago
|
||
Joe's going to take a look here since Jimm is busy. Might delegate.
|
||
Comment 13•14 years ago
|
||
Mats, any chance you could look into this bug?
|
|
||
Comment 14•14 years ago
|
||
Chris - I herd u liek Windows! Do you have time to look into this at all?
|
||
Comment 15•14 years ago
|
||
we don't see this in crash stats anymore. does anyone else?
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
|
||
Updated•13 years ago
|
Crash Signature: [@ nsWindow::GetParentWindow(int)]
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
||
Updated•9 years ago
|
Keywords: testcase-wanted
|
|
||
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•