Closed
Bug 53613
Opened 25 years ago
Closed 24 years ago
Crash on closing window while loading [@ nsFrameImageLoader::DamageRepairFrames]
Categories
(Core :: Layout, defect, P1)
Tracking
()
VERIFIED
WORKSFORME
People
(Reporter: jwbaker, Assigned: talkback)
References
Details
(Keywords: crash, topcrash, Whiteboard: [rtm need info])
Crash Data
Sometimes crashing on exit on Linux build pulled 2000-09-21-10. Stack trace:
#0 0x41a0ada3 in nsFrameImageLoader::DamageRepairFrames (this=0x860fa88,
aDamageRect=0xbffff358) at nsFrameImageLoader.cpp:610
#1 0x41a0ab2d in nsFrameImageLoader::Notify (this=0x860fa88,
aImageRequest=0x8611968, aImage=0x8648710,
aNotificationType=nsImageNotification_kPixmapUpdate, aParam1=0, aParam2=0,
aParam3=0xbffff39c) at nsFrameImageLoader.cpp:488
#2 0x4003d9e6 in ns_observer_proc (aSource=0x86119a8, aMsg=4,
aMsgData=0xbffff420, aClosure=0x8611968) at nsImageRequest.cpp:95
#3 0x4004f10d in XP_NotifyObservers (inObserverList=0x8647f80, inMessage=4,
ioData=0xbffff420) at obs.c:259
#4 0x40045c10 in il_pixmap_update_notify (ic=0x8610828) at if.cpp:311
#5 0x4004cfe4 in il_flush_image_data (ic=0x8610828) at scale.cpp:218
#6 0x4004581b in ImgDCallbk::ImgDCBFlushImage (this=0x8604c40) at if.cpp:166
#7 0x41fc0843 in il_gif_write (ic=0x8610828, buf=0x41fc1aff "", len=0) at
gif.cpp:1500
#8 0x41fbe574 in process_buffered_gif_input_data (gs=0x8645b30) at gif.cpp:669
#9 0x41fbe729 in gif_delay_time_callback (closure=0x8610828) at gif.cpp:725
#10 0x4003e700 in timer_callback (aTimer=0x85f3db8, aClosure=0x8611748) at
nsImageSystemServices.cpp:70
#11 0x4114769f in nsTimerGtk::FireTimeout (this=0x85f3db8) at nsTimerGtk.cpp:182
#12 0x411478cc in process_timers (array=0x81e7480) at nsTimerGtk.cpp:254
#13 0x411479a2 in TimerCallbackFunc (data=0x813aca0) at nsTimerGtk.cpp:276
#14 0x40df0588 in g_timeout_dispatch (source_data=0x81e74b0,
dispatch_time=0xbffff6d0, user_data=0x813aca0) at gmain.c:1300
#15 0x40def717 in g_main_dispatch (dispatch_time=0xbffff6d0) at gmain.c:656
#16 0x40defcdb in g_main_iterate (block=1, dispatch=1) at gmain.c:877
#17 0x40defe59 in g_main_run (loop=0x81e5dc8) at gmain.c:935
#18 0x40d1e069 in gtk_main () at gtkmain.c:476
#19 0x40c31d35 in nsAppShell::Run (this=0x80f8958) at nsAppShell.cpp:335
#20 0x4069f460 in nsAppShellService::Run (this=0x80e84e0) at
nsAppShellService.cpp:407
#21 0x8055748 in main1 (argc=1, argv=0xbffff9b4, nativeApp=0x0) at
nsAppRunner.cpp:958
#22 0x8055e1c in main (argc=1, argv=0xbffff9b4) at nsAppRunner.cpp:1139
#23 0x403792e7 in __libc_start_main () from /lib/libc.so.6
Reporter | ||
Updated•25 years ago
|
Severity: normal → critical
Reporter | ||
Comment 1•25 years ago
|
||
I now have a way to reproduce this, courtesy of dark@c2i.net via Bug 53647. The
procedure is:
1) Open two mozilla windows
2) In each window, send a request that will likely take a long time. Bugzilla
queries and LXR blame logs are good candidates.
3) While the windows are still busy (throbbing) close one of them.
Result: Mozilla segfaults with the stack given earlier.
Comment 3•25 years ago
|
||
-> Layout
Assignee: asa → clayton
Component: Browser-General → Layout
QA Contact: doronr → petersen
Comment 4•25 years ago
|
||
this made it to the talkback topcrash list today, adding topcrash keyword and [@
nsFrameImageLoader::DamageRepairFrames] for tracking.
Keywords: topcrash
Comment 5•25 years ago
|
||
Re-assigning six bugs from Clayton's list to Harish for further triage...
Assignee: clayton → harishd
Triaging Clayton's list:
------------------------
Not sure who owns this code. Starting with Steve!. Steve, if you're not the
right owner of this bug feel free to give it back to me and I will try to find
an owner. Thanx
Assignee: harishd → buster
Comment 8•25 years ago
|
||
nominating for rtm, but does anyone think this is a beta-stopper?
Keywords: rtm
Comment 11•25 years ago
|
||
cc-ing some linux guys. I'm unable to reproduce this. Have any of you seen
this? Do you know how to reproduce?
Comment 12•25 years ago
|
||
cc-ing people who have recently touched nsFrameImageLoader. Looking for an
owner for this bug. Any takers?
Comment 13•25 years ago
|
||
I tried to reprodue this on my machine, I am unable to do so.
Comment 14•25 years ago
|
||
Might be related to evaughan's changes -- he made it so that a normal "stop"
will stop everything but "chrome:" loads. It may be that the "chrome:" loads are
continuing on after the window has closed (and the frame's been destroyed). Can
anyone decipher what the URL is that the frame image loader is trying to load?
(Should be a member variable of nsFrameImageLoader...)
Comment 15•25 years ago
|
||
I cannot repro either, however out of five tries I got one 'pure virtual method
call' output to the console on exit of the second window - but no core.
Comment 16•25 years ago
|
||
You'll sometimes see that "pure virtual call" (and exit) when trying to call
through the vtable of a destroyed object.
Comment 17•25 years ago
|
||
PDT marking [rtm need info] since the bug doesn't have a patch or any code
reviews. We love fixes for topcrash bugs though :-)
Whiteboard: [rtm+] → [rtm need info]
Comment 18•25 years ago
|
||
eric: can you take a look at this (esp. waterson's comment on 2000-10-03 13:53
and help me determine if in fact that is happening?
Comment 19•25 years ago
|
||
The changes I made are quite simple. If you press the stop button it stops
everything but chrome. But all other code paths are basically the same as
before. It stops everything. Can we verify when the window shuts down all
frameloaders are stopped?
Comment 20•25 years ago
|
||
I cannot reproduce this problem at all.
Comment 21•25 years ago
|
||
several people have tried and failed to reproduce this crash with recent builds.
If you can reliably reproduce it, please re-open this bug and state in detail
how to get the crash, and your hardware/software configuration.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → WORKSFORME
Comment 22•25 years ago
|
||
Marking verified works for me in the Oct 25th builds.
Comment 24•24 years ago
|
||
Moving all the Works For Me bugs to talkback user account for future reference.
Assignee: buster → talkback
Status: VERIFIED → NEW
Comment 25•24 years ago
|
||
We are gathering all the Resolved and WFM bugs which are happened to be topcrash
bugs and assigning it to talkback. I am marking all of them as RESOLVED WFM.
Status: NEW → RESOLVED
Closed: 25 years ago → 24 years ago
Updated•14 years ago
|
Crash Signature: [@ nsFrameImageLoader::DamageRepairFrames]
You need to log in
before you can comment on or make changes to this bug.
Description
•