Closed Bug 53613 Opened 25 years ago Closed 24 years ago

Crash on closing window while loading [@ nsFrameImageLoader::DamageRepairFrames]

Categories

(Core :: Layout, defect, P1)

x86
Linux
defect

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: jwbaker, Assigned: talkback)

References

Details

(Keywords: crash, topcrash, Whiteboard: [rtm need info])

Crash Data

Sometimes crashing on exit on Linux build pulled 2000-09-21-10. Stack trace: #0 0x41a0ada3 in nsFrameImageLoader::DamageRepairFrames (this=0x860fa88, aDamageRect=0xbffff358) at nsFrameImageLoader.cpp:610 #1 0x41a0ab2d in nsFrameImageLoader::Notify (this=0x860fa88, aImageRequest=0x8611968, aImage=0x8648710, aNotificationType=nsImageNotification_kPixmapUpdate, aParam1=0, aParam2=0, aParam3=0xbffff39c) at nsFrameImageLoader.cpp:488 #2 0x4003d9e6 in ns_observer_proc (aSource=0x86119a8, aMsg=4, aMsgData=0xbffff420, aClosure=0x8611968) at nsImageRequest.cpp:95 #3 0x4004f10d in XP_NotifyObservers (inObserverList=0x8647f80, inMessage=4, ioData=0xbffff420) at obs.c:259 #4 0x40045c10 in il_pixmap_update_notify (ic=0x8610828) at if.cpp:311 #5 0x4004cfe4 in il_flush_image_data (ic=0x8610828) at scale.cpp:218 #6 0x4004581b in ImgDCallbk::ImgDCBFlushImage (this=0x8604c40) at if.cpp:166 #7 0x41fc0843 in il_gif_write (ic=0x8610828, buf=0x41fc1aff "", len=0) at gif.cpp:1500 #8 0x41fbe574 in process_buffered_gif_input_data (gs=0x8645b30) at gif.cpp:669 #9 0x41fbe729 in gif_delay_time_callback (closure=0x8610828) at gif.cpp:725 #10 0x4003e700 in timer_callback (aTimer=0x85f3db8, aClosure=0x8611748) at nsImageSystemServices.cpp:70 #11 0x4114769f in nsTimerGtk::FireTimeout (this=0x85f3db8) at nsTimerGtk.cpp:182 #12 0x411478cc in process_timers (array=0x81e7480) at nsTimerGtk.cpp:254 #13 0x411479a2 in TimerCallbackFunc (data=0x813aca0) at nsTimerGtk.cpp:276 #14 0x40df0588 in g_timeout_dispatch (source_data=0x81e74b0, dispatch_time=0xbffff6d0, user_data=0x813aca0) at gmain.c:1300 #15 0x40def717 in g_main_dispatch (dispatch_time=0xbffff6d0) at gmain.c:656 #16 0x40defcdb in g_main_iterate (block=1, dispatch=1) at gmain.c:877 #17 0x40defe59 in g_main_run (loop=0x81e5dc8) at gmain.c:935 #18 0x40d1e069 in gtk_main () at gtkmain.c:476 #19 0x40c31d35 in nsAppShell::Run (this=0x80f8958) at nsAppShell.cpp:335 #20 0x4069f460 in nsAppShellService::Run (this=0x80e84e0) at nsAppShellService.cpp:407 #21 0x8055748 in main1 (argc=1, argv=0xbffff9b4, nativeApp=0x0) at nsAppRunner.cpp:958 #22 0x8055e1c in main (argc=1, argv=0xbffff9b4) at nsAppRunner.cpp:1139 #23 0x403792e7 in __libc_start_main () from /lib/libc.so.6
Severity: normal → critical
I now have a way to reproduce this, courtesy of dark@c2i.net via Bug 53647. The procedure is: 1) Open two mozilla windows 2) In each window, send a request that will likely take a long time. Bugzilla queries and LXR blame logs are good candidates. 3) While the windows are still busy (throbbing) close one of them. Result: Mozilla segfaults with the stack given earlier.
Keywords: crash, nsbeta3
Summary: Crash on quit [@ nsFrameImageLoader::DamageRepairFrames] → Crash on closing window while loading [@ nsFrameImageLoader::DamageRepairFrames]
*** Bug 53647 has been marked as a duplicate of this bug. ***
-> Layout
Assignee: asa → clayton
Component: Browser-General → Layout
QA Contact: doronr → petersen
this made it to the talkback topcrash list today, adding topcrash keyword and [@ nsFrameImageLoader::DamageRepairFrames] for tracking.
Keywords: topcrash
Re-assigning six bugs from Clayton's list to Harish for further triage...
Assignee: clayton → harishd
Triaging Clayton's list: ------------------------ Not sure who owns this code. Starting with Steve!. Steve, if you're not the right owner of this bug feel free to give it back to me and I will try to find an owner. Thanx
Assignee: harishd → buster
I'll take a look.
Status: NEW → ASSIGNED
Priority: P3 → P1
nominating for rtm, but does anyone think this is a beta-stopper?
Keywords: rtm
does the fix for bug 53317 also fix this bug? could somebody who has been able to reproduce this bug apply the patch from bug 53317 and check?
Adding rtm+
Whiteboard: [rtm+]
cc-ing some linux guys. I'm unable to reproduce this. Have any of you seen this? Do you know how to reproduce?
cc-ing people who have recently touched nsFrameImageLoader. Looking for an owner for this bug. Any takers?
I tried to reprodue this on my machine, I am unable to do so.
Might be related to evaughan's changes -- he made it so that a normal "stop" will stop everything but "chrome:" loads. It may be that the "chrome:" loads are continuing on after the window has closed (and the frame's been destroyed). Can anyone decipher what the URL is that the frame image loader is trying to load? (Should be a member variable of nsFrameImageLoader...)
I cannot repro either, however out of five tries I got one 'pure virtual method call' output to the console on exit of the second window - but no core.
You'll sometimes see that "pure virtual call" (and exit) when trying to call through the vtable of a destroyed object.
PDT marking [rtm need info] since the bug doesn't have a patch or any code reviews. We love fixes for topcrash bugs though :-)
Whiteboard: [rtm+] → [rtm need info]
eric: can you take a look at this (esp. waterson's comment on 2000-10-03 13:53 and help me determine if in fact that is happening?
The changes I made are quite simple. If you press the stop button it stops everything but chrome. But all other code paths are basically the same as before. It stops everything. Can we verify when the window shuts down all frameloaders are stopped?
I cannot reproduce this problem at all.
several people have tried and failed to reproduce this crash with recent builds. If you can reliably reproduce it, please re-open this bug and state in detail how to get the crash, and your hardware/software configuration.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
Marking verified works for me in the Oct 25th builds.
Marking verified
Status: RESOLVED → VERIFIED
Moving all the Works For Me bugs to talkback user account for future reference.
Assignee: buster → talkback
Status: VERIFIED → NEW
We are gathering all the Resolved and WFM bugs which are happened to be topcrash bugs and assigning it to talkback. I am marking all of them as RESOLVED WFM.
Status: NEW → RESOLVED
Closed: 25 years ago24 years ago
returning to v.wfm.
Status: RESOLVED → VERIFIED
Keywords: nsbeta3
Crash Signature: [@ nsFrameImageLoader::DamageRepairFrames]
You need to log in before you can comment on or make changes to this bug.