Closed
Bug 528368
Opened 15 years ago
Closed 14 years ago
crash during spell check [@ nsTextServicesDocument::IsBlockNode(nsIContent*)]
Categories
(Core :: DOM: Editor, defect)
Tracking
()
RESOLVED
FIXED
mozilla2.0b7
People
(Reporter: wsmwk, Unassigned)
Details
(Keywords: crash, topcrash, Whiteboard: [tb31wanted][tbird topcrash][fixed TB316][approved-patches-landed])
Crash Data
Attachments
(1 file, 1 obsolete file)
1.02 KB,
patch
|
vlad
:
approval2.0+
dveditz
:
approval1.9.2.11+
dveditz
:
approval1.9.1.14+
|
Details | Diff | Splinter Review |
crash during spell check? [@ nsTextServicesDocument::IsBlockNode(nsIContent*)]
Crash Address 0x8 in most cases
rarely seen in FF (avg 2 per month) bp-ceff975e-8aac-4bdc-af7f-524422091020
bp-a5286843-5a4a-4c5c-a8ac-f92022090508
Ran spell checker and when I chose to replace a word, the carsh occurred.
0 thunderbird.exe nsTextServicesDocument::IsBlockNode editor/txtsvc/src/nsTextServicesDocument.cpp:3095
1 thunderbird.exe nsTextServicesDocument::FirstTextNodeInNextBlock editor/txtsvc/src/nsTextServicesDocument.cpp:4263
2 thunderbird.exe nsTextServicesDocument::GetFirstTextNodeInNextBlock editor/txtsvc/src/nsTextServicesDocument.cpp:4325
3 thunderbird.exe nsTextServicesDocument::FirstBlock editor/txtsvc/src/nsTextServicesDocument.cpp:615
4 thunderbird.exe mozSpellChecker::Replace extensions/spellcheck/src/mozSpellChecker.cpp:223
5 thunderbird.exe nsEditorSpellCheck::ReplaceWord editor/composer/src/nsEditorSpellCheck.cpp:308
6 xpcom_core.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101
7 thunderbird.exe XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2291
8 thunderbird.exe XPC_WN_CallMethod js/src/xpconnect/src/xpcwrappednativejsops.cpp:1583
bp-dc47f80f-aa41-4b8c-98ce-5d2b42091016
Reporter | ||
Updated•15 years ago
|
Component: Message Compose Window → Spelling checker
Product: Thunderbird → Core
QA Contact: message-compose → spelling-checker
Version: 3.0 → 1.9.1 Branch
Reporter | ||
Comment 2•14 years ago
|
||
can you reproduce this crash using trunk build (v3.2 alpha)?
ftp://ftp.mozilla.org/pub/thunderbird/nightly/latest-comm-central-trunk/
backup your profile before testing. and note, your global index will reindex
The reason for asking about trunk, is hunspell got updated on trunk a couple days ago. [1]
#25 crash for 3.0.4, and exists in 3.1
~3% of crashes have email addresses (pretty amazing). PMed them to see if anyone can reproduce with trunk build.
[1] as noted in mdat newsgroup...
On Sat, 12 Jun 2010 12:58:15 -0400, Wayne Mery wrote:
> new 1.2.11 2010-05-06
> previous 1.2.8 2009-03-03
See: https://bugzilla.mozilla.org/show_bug.cgi?id=564608
Bug 564608 - Update Hunspell to 1.2.11
And:
http://groups.google.com/group/mozilla.dev.planning/browse_thread/thread/2fa9ff59395cbcec
Keywords: topcrash
Whiteboard: [tb31wants]
Comment 3•14 years ago
|
||
I've been unable to reproduce this at all, unfortunately. The breakpad ID I linked in comment #1 was from one of our employees.
bug 302775 is the last to change nearby lines.
the crash is because:
4242 nsTextServicesDocument::FirstTextNodeInNextBlock(nsIContentIterator *aIterator)
4254 nsCOMPtr<nsIContent> content = do_QueryInterface(aIterator->GetCurrentNode());
content is null
4256 if (IsTextNode(content))
this is false.
4257 {
4262 }
4263 else if (!crossedBlockBoundary && IsBlockNode(content))
we pass null to IsBlockNode() which crashes.
Updated•14 years ago
|
Component: Spelling checker → Editor
QA Contact: spelling-checker → editor
Comment 5•14 years ago
|
||
The analysis in comment 4 is true, and it's very easy to add the null check, but I'm trying to understand what the underlying reason for the crash is.
Updated•14 years ago
|
Assignee: nobody → ehsan
Status: NEW → ASSIGNED
Comment 6•14 years ago
|
||
Well, I guess taking a fix here won't hurt.
Attachment #468915 -
Flags: review?(roc)
Comment on attachment 468915 [details] [diff] [review]
Patch (v1)
Can you put an NS_ERROR in here and leave the bug open? I think we should at some point understand how null can get in here.
Attachment #468915 -
Flags: review?(roc) → review+
Comment 8•14 years ago
|
||
(In reply to comment #7)
> Comment on attachment 468915 [details] [diff] [review]
> Patch (v1)
>
> Can you put an NS_ERROR in here and leave the bug open? I think we should at
> some point understand how null can get in here.
Sure, makes sense.
Attachment #468915 -
Attachment is obsolete: true
Attachment #468928 -
Flags: approval2.0?
Attachment #468928 -
Flags: approval2.0? → approval2.0+
Comment 9•14 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b6
Updated•14 years ago
|
Attachment #468928 -
Flags: approval1.9.2.10?
Attachment #468928 -
Flags: approval1.9.1.13?
Comment 10•14 years ago
|
||
Comment on attachment 468928 [details] [diff] [review]
Patch (v1.1)
Approved for 1.9.2.11 and 1.9.1.14, a=dveditz
Attachment #468928 -
Flags: approval1.9.2.11?
Attachment #468928 -
Flags: approval1.9.2.11+
Attachment #468928 -
Flags: approval1.9.1.14?
Attachment #468928 -
Flags: approval1.9.1.14+
Reporter | ||
Comment 11•14 years ago
|
||
thanks to all, for the quick attention to this topcrash.
reopening per comment 7
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Whiteboard: [tb31wants] → [tb31wants][tbird topcrash]
Comment 12•14 years ago
|
||
Updated•14 years ago
|
Assignee: ehsan → nobody
Reporter | ||
Updated•14 years ago
|
Whiteboard: [tb31wants][tbird topcrash] → [tb31wanted][tbird topcrash][fixed TB316]
Comment 13•14 years ago
|
||
Should this bug be marked FIXED?
Whiteboard: [tb31wanted][tbird topcrash][fixed TB316] → [tb31wanted][tbird topcrash][fixed TB316][approved-patches-landed]
Comment 14•14 years ago
|
||
Comment 15•14 years ago
|
||
OK, I give up, and I'm closing this. The possible NS_ERRORs that we get can probably be filed as new bugs. This bug is showing up in all sorts of queries all the time, and it's really misleading to leave this open.
Status: NEW → RESOLVED
Closed: 14 years ago → 14 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ nsTextServicesDocument::IsBlockNode(nsIContent*)]
You need to log in
before you can comment on or make changes to this bug.
Description
•