Closed
Bug 57149
Opened 24 years ago
Closed 24 years ago
Mac topcrash in __ptr_glue from nsHTMLInputElement::HandleDOMEvent()
Categories
(Core :: Layout: Form Controls, defect, P1)
Tracking
()
VERIFIED
WORKSFORME
People
(Reporter: buster, Assigned: talkback)
Details
(Keywords: crash, topcrash, Whiteboard: [rtm need info])
from talkback report sent out by namachi@netscape.com:
Stack Trace:
.__ptr_glue
nsHTMLInputElement::HandleDOMEvent()
[nsHTMLInputElement.cpp line 1009]
PresShell::HandleEventInternal()
[nsPresShell.cpp line 4471]
PresShell::HandleEventWithTarget()
[nsPresShell.cpp line 4453]
nsEventStateManager::CheckForAndDispatchClick()
[nsEventStateManager.cpp line 1861]
nsEventStateManager::PostHandleEvent()
[nsEventStateManager.cpp line 935]
PresShell::HandleEventInternal()
[nsPresShell.cpp line 4492]
PresShell::HandleEvent()
[nsPresShell.cpp line 4407]
VIEW_DLL + 0x6360 (0x1e940b50)
VIEW_DLL + 0x62d0 (0x1e940ac0)
VIEW_DLL + 0x62d0 (0x1e940ac0)
VIEW_DLL + 0xc258 (0x1e946a48)
VIEW_DLL + 0x5a74 (0x1e940264)
nsWindow::DispatchEvent()
[nsWindow.cpp line 1695]
nsWindow::DispatchWindowEvent()
[nsWindow.cpp line 1708]
nsWindow::DispatchMouseEvent()
[nsWindow.cpp line 1737]
nsMacEventHandler::HandleMouseUpEvent()
[nsMacEventHandler.cpp line 1271]
nsMacEventHandler::HandleOSEvent()
[nsMacEventHandler.cpp line 367]
nsMacWindow::HandleOSEvent()
[nsMacWindow.cpp line 838]
nsMacMessageSink::DispatchOSEvent()
[nsMacMessageSink.cpp line 44]
nsMacMessagePump::DispatchOSEventToRaptor()
[nsMacMessagePump.cpp line 922]
nsMacMessagePump::DoMouseUp()
[nsMacMessagePump.cpp line 727]
nsMacMessagePump::DispatchEvent()
[nsMacMessagePump.cpp line 371]
nsMacMessagePump::DoMessagePump()
[nsMacMessagePump.cpp line 253]
nsAppShell::Run()
[nsAppShell.cpp line 110]
nsAppShellService::Run()
[nsAppShellService.cpp line 406]
Netscape 6 + 0x37c8 (0x1fee5d28)
.__ptr_glue 6fc95f65
line
Build: 2000100910 CrashDate: 2000-10-09 UptimeMinutes: 126 Total: 126
OS: MacOS version 9.0
URL:
Comment: Crash switching themes and dismissing IM standalone
Detailed : http://climate/reports/incidenttemplate.cfm?bbid=18800645 StackTrace:
http://climate/reports/stackcommentemail.cfm?dynamicBBID=18800645 .__ptr_glue
5d9c9e1f
line
Build: 2000100910 CrashDate: 2000-10-09 UptimeMinutes: 0 Total: 127
OS: MacOS version 9.0
URL:
Comment: switch theme again
Detailed : http://climate/reports/incidenttemplate.cfm?bbid=18800735 StackTrace:
http://climate/reports/stackcommentemail.cfm?dynamicBBID=18800735 .__ptr_glue
a70fecd9
line
Build: 2000100910 CrashDate: 2000-10-09 UptimeMinutes: 3 Total: 3
OS: MacOS version 9.0.4
URL:
Comment: AIM
Detailed : http://climate/reports/incidenttemplate.cfm?bbid=18801802 StackTrace:
http://climate/reports/stackcommentemail.cfm?dynamicBBID=18801802 .__ptr_glue
1bdf619f
line
Build: 2000101608 CrashDate: 2000-10-16 UptimeMinutes: 73 Total: 75
OS: MacOS version 9.0
URL:
Comment: crashed broswing german netscape homepage
Detailed : http://climate/reports/incidenttemplate.cfm?bbid=19193274 StackTrace:
http://climate/reports/stackcommentemail.cfm?dynamicBBID=19193274 .__ptr_glue
d292bc9a
line
Build: 2000101608 CrashDate: 2000-10-16 UptimeMinutes: 1 Total: 1
OS: MacOS version 9.0.4
URL:
Comment: In Mail
Detailed : http://climate/reports/incidenttemplate.cfm?bbid=19194040 StackTrace:
http://climate/reports/stackcommentemail.cfm?dynamicBBID=19194040 .__ptr_glue
3cafd0c9
line
Build: 2000101308 CrashDate: 2000-10-16 UptimeMinutes: 4320 Total: 4320
OS: MacOS version 8.6
URL:
Comment:
Detailed : http://climate/reports/incidenttemplate.cfm?bbid=19199673 StackTrace:
http://climate/reports/stackcommentemail.cfm?dynamicBBID=19199673 m
I didn't see this bug submitted anywhere yet. Crash stacks are from Mac OS 8.6
and 9.0x. I'm guessing the error is actually in
nsHTMLInputElement::HandleDOMEvent(), not __ptr_glue.
Mac guys, any clue what this means?
|
||
Comment 2•24 years ago
|
||
It probably means that nsHTMLInputElement::HandleDOMEvent is calling a method on
a bad pointer (null, or deleted)
|
|
||
Comment 4•24 years ago
|
||
Those talkback reports listed don't all have the same stack. They all have
__ptr_glue at the top of the stack, but they are different. This bug only
addresses the last two.
Here's the line of code:
http://lxr.mozilla.org/seamonkey/source/layout/html/content/src/
nsHTMLInputElement.cpp#1009
This crash is rather odd. First, we've done a null check on formControlFrame.
Second, we've already called formControlFrame->QueryInterface higher up in the
function without crashing. The talkback data also says:
formControlFrame = 0x0d185e18
(*formControlFrame) = Data not available
though I don't know if this can be trusted.
So there could be 2 possibilities:
1. formControlFrame has been deleted, and formControlFrame->QueryInterface just
happens to work.
2. formControlFrame is not really an nsIFormControlFrame, so the call to
MouseClicked() is getting a bad address from the vtable.
|
||
Comment 5•24 years ago
|
||
assigning to waqar because it is a mac bug, I haven't seen this on Windows
Assignee: rods → waqar
|
||
Comment 7•24 years ago
|
||
I try to switch theme several time on my local 10/23 Mac branch build but I
cannot reproduce this.
|
||
Comment 8•24 years ago
|
||
I checked in the fix for this as Bugscape 2369:
http://bugscape.netscape.com/show_bug.cgi?id=2369
It was actually a crash due to dereferencing a stale pointer to a frame that was
deleted out from underneath us.
Since there is no way to mark this as a dup, I'll close it out as WFM.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → WORKSFORME
|
||
Comment 10•24 years ago
|
||
Moving all the Works For Me bugs to talkback user account for future reference.
Assignee: waqar → talkback
Status: VERIFIED → NEW
|
|
||
Comment 11•24 years ago
|
||
We are gathering all the Resolved and WFM bugs which are happened to be topcrash
bugs and assigning it to talkback. I am marking all of them as RESOLVED WFM.
Status: NEW → RESOLVED
Closed: 24 years ago → 24 years ago
You need to log in
before you can comment on or make changes to this bug.
Description
•