Closed
Bug 58639
Opened 24 years ago
Closed 24 years ago
Double click on link in 'Preview Panel' window crashes browser
Categories
(Core :: DOM: Navigation, defect, P3)
Core
DOM: Navigation
Tracking
()
RESOLVED
FIXED
People
(Reporter: shrir, Assigned: adamlock)
Details
(Keywords: crash)
Attachments
(2 files)
|
718 bytes,
patch
|
Details | Diff | Splinter Review | |
|
1016 bytes,
patch
|
Details | Diff | Splinter Review |
Build: 20001031 candidate on win/mac/linux
Steps:
1. Launch browser and select Tabs|Customize Sidebar
2. Select 'ZDNet' and click on 'Preview' button
3. (Single click works) but double clicking on the links one by one makes the
browser to crash.
Expected: Browser should not crash even when link is double clicked.
Stack Trace :
Call Stack: (Signature = 0xe9b7c802 e1a1d3be)
0xe9b7c802
0x01b611f1
nsWebShell::Destroy
[d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 1396]
nsWebShell::~nsWebShell
[d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 182]
nsWebShell::`scalar deleting destructor'
nsDocShell::Release
[d:\builds\seamonkey\mozilla\docshell\base\nsDocShell.cpp, line 172]
nsWebShell::Release
[d:\builds\seamonkey\mozilla\docshell\base\nsWebShell.cpp, line 275]
ReleaseData
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 2631]
_hashEnumerate
[d:\builds\seamonkey\mozilla\xpcom\ds\nsHashtable.cpp, line 194]
PL_HashTableEnumerateEntries
[plhash.c, line 414]
nsHashtable::Enumerate
[d:\builds\seamonkey\mozilla\xpcom\ds\nsHashtable.cpp, line 360]
ReleaseData
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 2628]
nsParserBundle::~nsParserBundle
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 2650]
nsParserBundle::`scalar deleting destructor'
nsParserBundle::Release
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 2620]
nsParser::~nsParser
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 282]
nsParser::`scalar deleting destructor'
nsParser::Release
[d:\builds\seamonkey\mozilla\htmlparser\src\nsParser.cpp, line 302]
nsCOMPtr_base::assign_with_AddRef
[d:\builds\seamonkey\mozilla\xpcom\base\nsCOMPtr.cpp, line 59]
nsDocumentOpenInfo::OnStopRequest
[d:\builds\seamonkey\mozilla\uriloader\base\nsURILoader.cpp, line 269]
|
||
Comment 1•24 years ago
|
||
ugh. valeski/adam/rpotts: any ideas?
|
||
Comment 2•24 years ago
|
||
I've got the same crash on NT4 sp6 with build 2000120804, but slightly different output. I'm on an SMP machine, but binding the process to one processor doesn't change anything. Hopefully this new info may spark something. steps: launch, tabs, custimize sidebar, weather, preview click "edit" link... nothing happens, get frustrated... double click "edit" link... kaboom. There are two observed results, either a null pointer, or a break point, details from NT's excuse for a core file follow, complete stacks at http://pws.bresnanlink.net/~cabbey/58639.txt since there's not enough room in here for all of it. Application exception occurred: App: mozilla.dbg (pid=200) When: 12/8/2000 @ 21:54:8.515 Exception number: 80000003 (hardcoded breakpoint) (00400000 - 00456000) mozilla.dbg (77f60000 - 77fbe000) dll\ntdll.dbg (60d20000 - 60d79000) xpcom.dbg (60c90000 - 60cb4000) nspr4.dbg (77dc0000 - 77dff000) dll\advapi32.dbg (77f00000 - 77f5e000) dll\kernel32.dbg (77e70000 - 77ec5000) dll\user32.dbg (77ed0000 - 77efc000) dll\gdi32.dbg (77e10000 - 77e67000) dll\rpcrt4.dbg (776d0000 - 776d8000) dll\wsock32.dbg (776b0000 - 776c4000) dll\ws2_32.dbg (78000000 - 78040000) (776a0000 - 776a7000) dll\ws2help.dbg (60d00000 - 60d06000) plds4.dbg (60cf0000 - 60cf7000) plc4.dbg (60c50000 - 60c59000) mozreg.dbg (77c40000 - 77d7c000) dll\shell32.dbg (71700000 - 7178a000) COMCTL32.dbg (77b20000 - 77bd7000) dll\ole32.dbg (60b30000 - 60b7a000) js3250.dbg (22000000 - 22000000) (60a60000 - 60a8a000) xpinstal.dbg (60080000 - 6009d000) appshell.dbg (600c0000 - 600cc000) chardet.dbg (60890000 - 6089c000) uconv.dbg (60ae0000 - 60afc000) gkwidget.dbg (77d80000 - 77db2000) dll\comdlg32.dbg (77fd0000 - 77ffa000) dll\winmm.dbg (60ab0000 - 60ad4000) gkgfxwin.dbg (60b00000 - 60b0c000) img3250.dbg (6be00000 - 6be00000) (10000000 - 10000000) (65340000 - 653d2000) oleaut32.dbg (77a90000 - 77a9b000) dll\version.dbg (779c0000 - 779c8000) dll\lz32.dbg (6bd00000 - 6bd00000) (60790000 - 607db000) rdf.dbg (60b80000 - 60bec000) jsdom.dbg (60a90000 - 60a99000) xppref32.dbg (60a30000 - 60a4a000) xpc3250.dbg (60760000 - 6076c000) profile.dbg (60660000 - 606aa000) necko.dbg (60d90000 - 60d9c000) zlib.dbg (77660000 - 7766f000) dll\msafd.dbg (77690000 - 77699000) dll\wshtcpip.dbg (60930000 - 60943000) ucvlatin.dbg (779b0000 - 779b9000) dll\linkinfo.dbg (77720000 - 77731000) dll\mpr.dbg (77a40000 - 77a4d000) dll\ntshrui.dbg (77800000 - 7783a000) dll\netapi32.dbg (77840000 - 77849000) dll\NetRap.dbg (777e0000 - 777ed000) dll\samlib.dbg (609f0000 - 60a02000) xmlextras.dbg (60110000 - 60123000) docshell.dbg (609a0000 - 609ac000) urildr.dbg (60770000 - 60786000) psmglue.dbg (601c0000 - 60365000) gkhtml.dbg (60840000 - 60847000) strres.dbg (600f0000 - 600fe000) chrome.dbg (60370000 - 603b3000) gkparser.dbg (780a0000 - 780b2000) (60880000 - 60887000) ucharuti.dbg (60460000 - 6046d000) jar50.dbg (606e0000 - 606ec000) nslocale.dbg (60100000 - 6010a000) cookie.dbg (60750000 - 6075a000) oji.dbg (60bf0000 - 60c01000) jsj3250.dbg (603c0000 - 603d4000) gkplugin.dbg (604e0000 - 604ea000) mozbrwsr.dbg (60050000 - 6007c000) appcomps.dbg (604c0000 - 604da000) mork.dbg (600a0000 - 600b4000) caps.dbg (609c0000 - 609d0000) wallet.dbg (603e0000 - 603f0000) gkview.dbg (60810000 - 60816000) shistory.dbg (60130000 - 60188000) editor.dbg (60860000 - 60866000) txmgr.dbg (606c0000 - 606c6000) nsgif.dbg (74ff0000 - 74ffe000) dll\rnr20.dbg (77bf0000 - 77bf7000) dll\rpcltc1.dbg (60490000 - 60496000) lwbrk.dbg (03bc0000 - 03bc0000) (77c00000 - 77c18000) drv\winspool.dbg (60480000 - 60486000) jsurl.dbg State Dump for Thread Id 0xf3 eax=0256c684 ebx=0256c680 ecx=00c3cc38 edx=78037118 esi=0256c694 edi=00000000 eip=00c3cc69 esp=0012fbc4 ebp=0012fc1c iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246 function: <nosymbols> 00c3cc68 60 pushad FAULT ->00c3cc69 cc int 3 00c3cc6a c3 ret 00c3cc6b 0068cc add [eax-0x34],ch ds:03fdb08a=?? 00c3cc6e c3 ret 00c3cc6f 0068cc add [eax-0x34],ch ds:03fdb08a=?? 00c3cc72 c3 ret 00c3cc73 0070cc add [eax-0x34],dh ds:03fdb08a=?? 00c3cc76 c3 ret 00c3cc77 0070cc add [eax-0x34],dh ds:03fdb08a=?? 00c3cc7a c3 ret 00c3cc7b 0078cc add [eax-0x34],bh ds:03fdb08a=?? 00c3cc7e c3 ret *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0012fc1c 6011392a 01aac7e0 0256c6ac 0256c6b4 60111460 <nosymbols> 0012fc2c 60111460 0256c694 0256c680 0256c6b4 0256c680 docshell!NSGetModule (FPO: [1,0,2]) 0012fc40 6011139a 0256c6bc 60115551 00000001 00000000 docshell!NSGetModule (FPO: [0,0,3]) 0012fc48 60115551 00000001 00000000 0256c684 6011167e docshell!NSGetModule (FPO: [1,0,1]) 0012fc58 6011167e 0256c680 601171e4 0256c680 0256c694 docshell!NSGetModule (FPO: [1,0,2]) 0012fc60 601171e4 0256c680 0256c694 60118142 01aaccf8 docshell!NSGetModule (FPO: [1,0,0]) 0012fc6c 60118142 01aaccf8 0256c684 0256c7a8 0256c694 docshell!NSGetModule (FPO: [2,0,1]) 0012fca8 6011392a 0256c694 0256c6ac 0256c6b4 60111460 docshell!NSGetModule 0012fcb8 60111460 0256c694 0256c680 0256c6b4 60699bc0 docshell!NSGetModule (FPO: [1,0,2]) 0012fccc 6011139a 0256c6bc 60115551 00000001 04941390 docshell!NSGetModule (FPO: [0,0,3]) 0012fcd4 60115551 00000001 04941390 04941390 6011167e docshell!NSGetModule (FPO: [1,0,1]) 0012fce4 6011167e 0256c680 60d27185 0256c680 60667e3c docshell!NSGetModule (FPO: [1,0,2]) 0012fcec 60d27185 0256c680 60667e3c 04941390 60667dca docshell!NSGetModule (FPO: [1,0,0]) 0012fcf4 60667e3c 04941390 60667dca 04941398 60667ef2 xpcom!nsCOMPtr_base::~nsCOMPtr_base (FPO: [0,0,0]) 0012fcfc 60667dca 04941398 60667ef2 00000001 00000000 necko!nsProxyObjectCallInfo::operator= (FPO: [0,0,1]) 0012fd04 60667ef2 00000001 00000000 04944440 60d271a8 necko!nsProxyObjectCallInfo::operator= (FPO: [1,0,1]) 0012fd14 60d271a8 04941390 60666b05 00000000 60ca2620 necko!nsProxyObjectCallInfo::operator= (FPO: [1,0,2]) 0012fd34 60666745 805303f5 04944450 60d4e30c 04944450 xpcom!nsCOMPtr_base::assign_with_AddRef (FPO: [1,0,2]) 0012fd40 60d4e30c 04944450 00000000 0086c020 60d4e27a necko!NSGetModule (FPO: [1,0,1]) 0012fd50 60d4e27a 04944450 00524e30 0012fd78 0086c020 xpcom!PL_HandleEvent (FPO: [1,0,2]) 0012fd68 60d4e4d9 0086c020 0012fdc0 0012fdc8 77e7124c xpcom!PL_ProcessPendingEvents (FPO: [EBP 0x00524e30] [1,0,4]) 00524e30 00000002 80ad76b8 a0314e30 e119e008 a031e360 xpcom!PL_IsQueueNative Application exception occurred: App: mozilla.dbg (pid=214) When: 12/8/2000 @ 21:55:9.312 Exception number: c0000005 (access violation) (00400000 - 00456000) mozilla.dbg (77f60000 - 77fbe000) dll\ntdll.dbg (60d20000 - 60d79000) xpcom.dbg (60c90000 - 60cb4000) nspr4.dbg (77dc0000 - 77dff000) dll\advapi32.dbg (77f00000 - 77f5e000) dll\kernel32.dbg (77e70000 - 77ec5000) dll\user32.dbg (77ed0000 - 77efc000) dll\gdi32.dbg (77e10000 - 77e67000) dll\rpcrt4.dbg (776d0000 - 776d8000) dll\wsock32.dbg (776b0000 - 776c4000) dll\ws2_32.dbg (78000000 - 78040000) (776a0000 - 776a7000) dll\ws2help.dbg (60d00000 - 60d06000) plds4.dbg (60cf0000 - 60cf7000) plc4.dbg (60c50000 - 60c59000) mozreg.dbg (77c40000 - 77d7c000) dll\shell32.dbg (71700000 - 7178a000) COMCTL32.dbg (77b20000 - 77bd7000) dll\ole32.dbg (60b30000 - 60b7a000) js3250.dbg (22000000 - 22000000) (60a60000 - 60a8a000) xpinstal.dbg (60080000 - 6009d000) appshell.dbg (600c0000 - 600cc000) chardet.dbg (60890000 - 6089c000) uconv.dbg (60ae0000 - 60afc000) gkwidget.dbg (77d80000 - 77db2000) dll\comdlg32.dbg (77fd0000 - 77ffa000) dll\winmm.dbg (60ab0000 - 60ad4000) gkgfxwin.dbg (60b00000 - 60b0c000) img3250.dbg (6be00000 - 6be00000) (10000000 - 10000000) (65340000 - 653d2000) oleaut32.dbg (77a90000 - 77a9b000) dll\version.dbg (779c0000 - 779c8000) dll\lz32.dbg (6bd00000 - 6bd00000) (60790000 - 607db000) rdf.dbg (60b80000 - 60bec000) jsdom.dbg (60a90000 - 60a99000) xppref32.dbg (60a30000 - 60a4a000) xpc3250.dbg (60760000 - 6076c000) profile.dbg (60660000 - 606aa000) necko.dbg (60d90000 - 60d9c000) zlib.dbg (77660000 - 7766f000) dll\msafd.dbg (77690000 - 77699000) dll\wshtcpip.dbg (60930000 - 60943000) ucvlatin.dbg (779b0000 - 779b9000) dll\linkinfo.dbg (77720000 - 77731000) dll\mpr.dbg (77a40000 - 77a4d000) dll\ntshrui.dbg (77800000 - 7783a000) dll\netapi32.dbg (77840000 - 77849000) dll\NetRap.dbg (777e0000 - 777ed000) dll\samlib.dbg (609f0000 - 60a02000) xmlextras.dbg (60110000 - 60123000) docshell.dbg (609a0000 - 609ac000) urildr.dbg (60770000 - 60786000) psmglue.dbg (601c0000 - 60365000) gkhtml.dbg (60840000 - 60847000) strres.dbg (600f0000 - 600fe000) chrome.dbg (60370000 - 603b3000) gkparser.dbg (780a0000 - 780b2000) (60880000 - 60887000) ucharuti.dbg (60460000 - 6046d000) jar50.dbg (606e0000 - 606ec000) nslocale.dbg (60100000 - 6010a000) cookie.dbg (60750000 - 6075a000) oji.dbg (60bf0000 - 60c01000) jsj3250.dbg (603c0000 - 603d4000) gkplugin.dbg (604e0000 - 604ea000) mozbrwsr.dbg (60050000 - 6007c000) appcomps.dbg (604c0000 - 604da000) mork.dbg (600a0000 - 600b4000) caps.dbg (609c0000 - 609d0000) wallet.dbg (603e0000 - 603f0000) gkview.dbg (60810000 - 60816000) shistory.dbg (606c0000 - 606c6000) nsgif.dbg (60130000 - 60188000) editor.dbg (60860000 - 60866000) txmgr.dbg (74ff0000 - 74ffe000) dll\rnr20.dbg (77bf0000 - 77bf7000) dll\rpcltc1.dbg (02ac0000 - 02ac0000) (77c00000 - 77c18000) drv\winspool.dbg (60490000 - 60496000) lwbrk.dbg (60480000 - 60486000) jsurl.dbg State Dump for Thread Id 0xb2 eax=02530a76 ebx=02530a50 ecx=00c4de04 edx=78037118 esi=02530a64 edi=00000000 eip=00c4de36 esp=0012fbe4 ebp=0012fc1c iopl=0 nv up ei pl nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000213 function: <nosymbols> 00c4de22 c400 les eax,[eax] ds:02530a76=6011e8e06011 00c4de24 1cde sbb al,0xde 00c4de26 c400 les eax,[eax] ds:02530a76=6011e8e06011 00c4de28 24de and al,0xde 00c4de2a c400 les eax,[eax] ds:02530a76=6011e8e06011 00c4de2c 24de and al,0xde 00c4de2e c400 les eax,[eax] ds:02530a76=6011e8e06011 00c4de30 2cde sub al,0xde 00c4de32 c400 les eax,[eax] ds:02530a76=6011e8e06011 00c4de34 2cde sub al,0xde FAULT ->00c4de36 c400 les eax,[eax] ds:02530a76=6011e8e06011 00c4de38 34de xor al,0xde 00c4de3a c400 les eax,[eax] ds:02530a76=6011e8e06011 00c4de3c 34de xor al,0xde 00c4de3e c400 les eax,[eax] ds:02530a76=6011e8e06011 00c4de40 3cde cmp al,0xde 00c4de42 c400 les eax,[eax] ds:02530a76=6011e8e06011 00c4de44 3cde cmp al,0xde 00c4de46 c400 les eax,[eax] ds:02530a76=6011e8e06011 00c4de48 44 inc esp 00c4de49 dec4 faddp st(4),st 00c4de4b 0044dec4 add [esi+ebx*8-0x3c],al ds:03f9f457=?? *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0012fc1c 6011392a 01aac7e0 02530a7c 02530a84 60111460 <nosymbols> 0012fc2c 60111460 02530a64 02530a50 02530a84 02530a50 docshell!NSGetModule (FPO: [1,0,2]) 0012fc40 6011139a 02530a8c 60115551 00000001 00000000 docshell!NSGetModule (FPO: [0,0,3]) 0012fc48 60115551 00000001 00000000 02530a54 6011167e docshell!NSGetModule (FPO: [1,0,1]) 0012fc58 6011167e 02530a50 601171e4 02530a50 02530a64 docshell!NSGetModule (FPO: [1,0,2]) 0012fc60 601171e4 02530a50 02530a64 60118142 01aaccf8 docshell!NSGetModule (FPO: [1,0,0]) 0012fc6c 60118142 01aaccf8 02530a54 02530b78 02530a64 docshell!NSGetModule (FPO: [2,0,1]) 0012fca8 6011392a 02530a64 02530a7c 02530a84 60111460 docshell!NSGetModule 0012fcb8 60111460 02530a64 02530a50 02530a84 60699bc0 docshell!NSGetModule (FPO: [1,0,2]) 0012fccc 6011139a 02530a8c 60115551 00000001 04c03370 docshell!NSGetModule (FPO: [0,0,3]) 0012fcd4 60115551 00000001 04c03370 04c03370 6011167e docshell!NSGetModule (FPO: [1,0,1]) 0012fce4 6011167e 02530a50 60d27185 02530a50 60667e3c docshell!NSGetModule (FPO: [1,0,2]) 0012fcec 60d27185 02530a50 60667e3c 04c03370 60667dca docshell!NSGetModule (FPO: [1,0,0]) 0012fcf4 60667e3c 04c03370 60667dca 04c03378 60667ef2 xpcom!nsCOMPtr_base::~nsCOMPtr_base (FPO: [0,0,0]) 0012fcfc 60667dca 04c03378 60667ef2 00000001 00000000 necko!nsProxyObjectCallInfo::operator= (FPO: [0,0,1]) 0012fd04 60667ef2 00000001 00000000 04bf2f50 60d271a8 necko!nsProxyObjectCallInfo::operator= (FPO: [1,0,1]) 0012fd14 60d271a8 04c03370 60666b05 00000000 60ca2620 necko!nsProxyObjectCallInfo::operator= (FPO: [1,0,2]) 0012fd34 60666745 805303f5 04bf2f60 60d4e30c 04bf2f60 xpcom!nsCOMPtr_base::assign_with_AddRef (FPO: [1,0,2]) 0012fd40 60d4e30c 04bf2f60 00000000 0086de20 60d4e27a necko!NSGetModule (FPO: [1,0,1]) 0012fd50 60d4e27a 04bf2f60 005257f0 0012fd78 0086de20 xpcom!PL_HandleEvent (FPO: [1,0,2]) 0012fd68 60d4e4d9 0086de20 0012fdc0 0012fdc8 77e7124c xpcom!PL_ProcessPendingEvents (FPO: [EBP 0x005257f0] [1,0,4]) 005257f0 00000002 80ad76b8 a03157f0 e2daad28 a02d32e0 xpcom!PL_IsQueueNative
|
|
||
Comment 3•24 years ago
|
||
reassigning to docshell
Assignee: matt → adamlock
Component: Sidebar → Embedding: Docshell
Keywords: nsbeta1
QA Contact: shrir → adamlock
Hardware: PC → All
I can't find a ZDNet tab. Can you reproduce this problem on one of the "standard" tabs or tell me where to find the ZDNet one? Thanks
|
Reporter | |
Comment 5•24 years ago
|
||
try the SPORTS panel in favourites., I could see this on today's build on windows.
Okay I see it now. My initial impressions is that there is something broken with the special case code for the "_content" window target which is causing bad reference counting when "_content" is not in the same same tree as as the original window. This causes webshell to be released more times than it has been addrefed. I'm investigating further...
A full description of the problem. When you click on a link in the panel, a URI load starts with the target window being the "_content" docshell. Since there is no "_content" in the sidepanel preview pane, appshell uses the windows mediator service to locate the first "_content" docshell in any other XUL window. When it finds one it directs the URI load towards that. Unfortunately it wasn't AddRef'ing the result which meant that two clicks in quick sucession (not necessarily a double-click) caused the _content docshell to be destroyed twice and to crash when garbage was accessed. The patch puts the AddRef in.
|
||
Comment 10•24 years ago
|
||
nasty. r=valeski.
|
|
||
Comment 11•24 years ago
|
||
nice find. I missed that potential double ref. r=valeski on 2nd patch.
|
||
Comment 12•24 years ago
|
||
[re: 02/13/01 11:31 patch] that looks right to me ... you'd think someone might have complained about dangling pointers before now, but, as you said, this is the edge case. sr=scc
|
||
Comment 13•24 years ago
|
||
cool. sr=alecf too
|
Assignee | |
Comment 14•24 years ago
|
||
Thanks Alec & Scott, fix is checked in
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•