Closed
Bug 540953
Opened 15 years ago
Closed 15 years ago
crash [@ nsHTMLAnchorElement::UnbindFromTree(int, int)]
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
status1.9.1 | --- | .9-fixed |
People
(Reporter: wsmwk, Assigned: timeless)
Details
(Keywords: crash, topcrash)
Crash Data
Attachments
(1 file, 1 obsolete file)
747 bytes,
patch
|
timeless
:
review+
dveditz
:
approval1.9.1.9+
|
Details | Diff | Splinter Review |
#2 crash for SM 2.0.2
crash [@ nsHTMLAnchorElement::UnbindFromTree(int, int)]
a few comments include:
editing a simple html file
PAting text into Composer
pasting without format
closing windows, email, main window - then crash
closing the composer using the "X" in the upper right corner after saving a web page I created.
bp-9668ef15-fcb8-42bf-b035-9c55e2091228
closing the composer using the "X" in the upper right corner after saving a web page I created.
0 seamonkey.exe nsHTMLAnchorElement::UnbindFromTree content/html/content/src/nsHTMLAreaElement.cpp:240
1 seamonkey.exe nsElementDeletionObserver::NodeWillBeDestroyed editor/libeditor/html/nsHTMLAnonymousUtils.cpp:130
2 seamonkey.exe nsNodeUtils::LastRelease content/base/src/nsNodeUtils.cpp:196
3 seamonkey.exe nsGenericDOMDataNode::Release content/base/src/nsGenericElement.cpp:4124
4 seamonkey.exe XPCJSRuntime::GCCallback js/src/xpconnect/src/xpcjsruntime.cpp:775
5 jsd3250.dll jsds_GCCallbackProc js/jsd/jsd_xpc.cpp:531
6 seamonkey.exe DOMGCCallback dom/src/base/nsJSEnvironment.cpp:3692
7 seamonkey.exe XPCCycleCollectGCCallback js/src/xpconnect/src/nsXPConnect.cpp:411
8 js3250.dll js_GC js/src/jsgc.cpp:3792
9 js3250.dll JS_GC js/src/jsapi.cpp:2458
10 seamonkey.exe nsXPConnect::Collect js/src/xpconnect/src/nsXPConnect.cpp:477
11 xpcom_core.dll nsCycleCollector::Collect xpcom/base/nsCycleCollector.cpp:2386
12 xpcom_core.dll nsCycleCollector_collect xpcom/base/nsCycleCollector.cpp:3045
13 seamonkey.exe nsJSContext::CC dom/src/base/nsJSEnvironment.cpp:3512
14 seamonkey.exe GCTimerFired dom/src/base/nsJSEnvironment.cpp:3620
15 xpcom_core.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:420
16 xpcom_core.dll nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:512
Comment 1•15 years ago
|
||
nsElementDeletionObserver::NodeWillBeDestroyed always seems tzo be the caller to nsHTMLAnchorElement::UnbindFromTree there.
This is the #2 topcrash for SeaMonkey 2.0.2, happening cross-platform, and it's also #159 on the Firefox 3.5.7 topcrash list, this very much seems to be core code. Many people seem to report, not surprisingly, as editor/ code is involved, being in an HTML form or editor of some kind when they crash.
bug 533061 sounds similar and is on the Thunderbird 3.0.1 topcrash list.
Component: Composer → Editor
Product: SeaMonkey → Core
QA Contact: composer → editor
Version: SeaMonkey 2.0 Branch → 1.9.1 Branch
Comment 2•15 years ago
|
||
Links to lists of reports for this signature:
http://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&signature=nsHTMLAnchorElement%3A%3AUnbindFromTree%28int%2C%20int%29&version=SeaMonkey%3A2.0.2
http://crash-stats.mozilla.com/report/list?range_value=2&range_unit=weeks&signature=nsHTMLAnchorElement%3A%3AUnbindFromTree%28int%2C%20int%29&version=Firefox%3A3.5.7
Many of those report 0x0 as address, which already sounds fishy to me, even though I don't really know C++ much...
so, the 0x0 makes sense.
This code doesn't exist on trunk.
Assignee: nobody → timeless
Component: Editor → DOM: Core & HTML
QA Contact: editor → general
So, the other parts of this file null check GetCurrentDoc(), and the function naming implies it could return null, so here it presumably did....
Attachment #424981 -
Flags: review?(Olli.Pettay)
Comment 5•15 years ago
|
||
Comment on attachment 424981 [details] [diff] [review]
proposal
Yeah, this is unfortunate, but needed.
Attachment #424981 -
Flags: review?(Olli.Pettay) → review+
so, the patch i posted belongs in bug 533061. the reason they look the same and that i posted that one here is that in 1.9.1 the compiler code folded them so they shared code and thus line numbers, because it was the same code.
But this specific crash only exists in 1.9.1, whereas the other one exists in both places.
Attachment #424981 -
Attachment is obsolete: true
Attachment #425017 -
Flags: review+
Attachment #425017 -
Flags: approval1.9.1.9?
Reporter | ||
Comment 7•15 years ago
|
||
related to bug 480300?
Comment 8•15 years ago
|
||
Comment on attachment 425017 [details] [diff] [review]
for 1.9.1 only
Approved for 1.9.1.9, a=dveditz for release-drivers
Attachment #425017 -
Flags: approval1.9.1.9? → approval1.9.1.9+
Comment 10•15 years ago
|
||
There doesn't seem to be anything for QA to do here for 1.9.1 verification.
Updated•14 years ago
|
Crash Signature: [@ nsHTMLAnchorElement::UnbindFromTree(int, int)]
You need to log in
before you can comment on or make changes to this bug.
Description
•