application crashes when clicking on special mac menu item

NEW
Unassigned

Status

()

7 years ago
7 years ago

People

(Reporter: passfree, Unassigned)

Tracking

Trunk
All
Mac OS X
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

39.42 KB, text/plain
Details
4.84 KB, application/octet-stream
Details
(Reporter)

Description

7 years ago
Created attachment 554766 [details]
crash.txt

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.854.0 Safari/535.2

Steps to reproduce:

If I add a special mac menu item such as aboutName and I click on it while the main window is closed, the application will crash.


Actual results:

The application crashed.


Expected results:

The application crashes regardless what the oncommand event handler does. It will crash even if it contains a simple alert(1).

I have attached the stack trace but it is not very detailed as it is take from a non-debug build. However, it should be enough to illustrate the problem.
Can you reproduce this in Firefox, too? I can't.
A stack trace from a debug build would be very helpful.
(Reporter)

Comment 2

7 years ago
Is there a way to get a debug build instead of building it myself? It will be useful if such thing is available as I will be able to get much more useful reports through. I don't always have a debug build available as I am trying to work with the release versions (available for general consumption) instead.
What's your setup? Are you using XULRunner, or making a Firefox extension?
I can't find any debug XULRunner binaries, but Firefox debug binaries are here, for example: http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-central-macosx64-debug/1314061045/firefox-9.0a1.en-US.mac64.dmg
(Reporter)

Comment 4

7 years ago
I forgot that Firefox can run with the -app flag. Here are the details of the crash:

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   XUL                           	0x0000000102440b76 operator delete(void*, void*) + 10334
1   com.apple.AppKit              	0x00007fff80915eda -[NSApplication sendAction:to:from:] + 95
2   com.apple.AppKit              	0x00007fff8093a46a -[NSMenuItem _corePerformAction] + 365
3   com.apple.AppKit              	0x00007fff8093a1d4 -[NSCarbonMenuImpl performActionWithHighlightingForItemAtIndex:] + 121
4   com.apple.AppKit              	0x00007fff80bbfcf4 -[NSMenu _internalPerformActionForItemAtIndex:] + 35
5   com.apple.AppKit              	0x00007fff80a719e9 -[NSCarbonMenuImpl _carbonCommandProcessEvent:handlerCallRef:] + 136
6   com.apple.AppKit              	0x00007fff8091c99c NSSLMMenuEventHandler + 321
7   com.apple.HIToolbox           	0x00007fff888ef7f7 DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 1002
8   com.apple.HIToolbox           	0x00007fff888eed46 SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 395
9   com.apple.HIToolbox           	0x00007fff8890ca81 SendEventToEventTarget + 45
10  com.apple.HIToolbox           	0x00007fff8893bc35 SendHICommandEvent(unsigned int, HICommand const*, unsigned int, unsigned int, unsigned char, void const*, OpaqueEventTargetRef*, OpaqueEventTargetRef*, OpaqueEventRef**) + 387
11  com.apple.HIToolbox           	0x00007fff88968a0a SendMenuCommandWithContextAndModifiers + 56
12  com.apple.HIToolbox           	0x00007fff889689c2 SendMenuItemSelectedEvent + 101
13  com.apple.HIToolbox           	0x00007fff889688d2 FinishMenuSelection(SelectionData*, MenuResult*, MenuResult*) + 150
14  com.apple.HIToolbox           	0x00007fff88949c27 MenuSelectCore(MenuData*, Point, double, unsigned int, OpaqueMenuRef**, unsigned short*) + 467
15  com.apple.HIToolbox           	0x00007fff8894937c _HandleMenuSelection2 + 453
16  com.apple.AppKit              	0x00007fff807ed851 _NSHandleCarbonMenuEvent + 236
17  com.apple.AppKit              	0x00007fff807c1362 _DPSNextEvent + 1908
18  com.apple.AppKit              	0x00007fff807c0801 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 155
19  com.apple.AppKit              	0x00007fff8078668f -[NSApplication run] + 395
20  XUL                           	0x000000010245764e operator delete(void*, void*) + 103222
21  XUL                           	0x00000001021aa462 JSWrapper::wrapperHandler(JSObject const*) + 1004660
22  XUL                           	0x000000010103884c XRE_main + 10996
23  org.mozilla.nightlydebug      	0x0000000100001b56 start + 1342
24  org.mozilla.nightlydebug      	0x0000000100001dbd start + 1957
25  org.mozilla.nightlydebug      	0x000000010000164c start + 52
Steven, does this look familiar to you?
> Steven, does this look familiar to you?

No, it doesn't.

Passfree, if possible please write and attach a testcase to this bug (one with which we can reproduce it).

And since you're using a non-debug build, all the Mozilla-specific symbols in your stack from comment #4 are (probably) bogus.  You'll probably need to create your own debug build, but do try the build Markus mentioned in comment #3.

And do answer Markus' questions from comment #3.
(Reporter)

Comment 7

7 years ago
Created attachment 556437 [details]
test case

This simple application illustrates the crash. This is what you need to do

1. Launch the application
2. Test the aboutName menu by clicking on the application menu and selecting the first item
3. Close the main window
4. Click on the application menu and select the first item

At this stage the application should have crashed. It works on xulrunner 2.0, 6.0, latest firefox, etc...
(Reporter)

Comment 8

7 years ago
has anyone confirmed the issue?
Confirmed.

CreateNativeAppMenuItem creates an NSMenuItem that points to the current nsMenuBarX object. When the window closes, the window's nsMenuBarX object is destroyed, but the NSMenuItem stays alive with a dangling pointer ([[item info] menuGroupOwner).
Status: UNCONFIRMED → NEW
Component: XUL → Widget: Cocoa
Ever confirmed: true
QA Contact: xptoolkit.widgets → cocoa
Hardware: x86 → All
Version: unspecified → Trunk
You need to log in before you can comment on or make changes to this bug.