Closed
Bug 722155
Opened 12 years ago
Closed 4 years ago
crash nsBaseWidget::SetZIndex
Categories
(Core :: Widget: Win32, defect, P5)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: MatsPalmgren_bugz, Unassigned)
References
Details
(Keywords: crash, steps-wanted, Whiteboard: [startupcrash][tpi:+])
Crash Data
Attachments
(1 obsolete file)
bp-2603317e-722e-41ea-9978-8ef592120127 crash only occurs on Windows; all versions back to 3.5 nsBaseWidget::SetZIndex UpdateNativeWidgetZIndexes view/src/nsView.cpp:650 nsView::InitializeWindow view/src/nsView.cpp:847 nsView::CreateWidgetForPopup view/src/nsView.cpp:828 nsMenuPopupFrame::CreateWidgetForView layout/xul/base/src/nsMenuPopupFrame.cpp:333 nsMenuPopupFrame::Init nsCSSFrameConstructor::InitAndRestoreFrame layout/base/nsCSSFrameConstructor.cpp:4524 nsCSSFrameConstructor::ConstructFrameFromItemInternal layout/base/nsCSSFrameConstructor.cpp:3741 nsCSSFrameConstructor::ConstructFramesFromItem layout/base/nsCSSFrameConstructor.cpp:5505 nsCSSFrameConstructor::ConstructFramesFromItemList layout/base/nsCSSFrameConstructor.cpp:9528 nsCSSFrameConstructor::ContentRangeInserted layout/base/nsCSSFrameConstructor.cpp:7194 nsCSSFrameConstructor::RecreateFramesForContent layout/base/nsCSSFrameConstructor.cpp:9167 nsCSSFrameConstructor::MaybeRecreateFramesForElement layout/base/nsCSSFrameConstructor.cpp:8929 mozilla::css::RestyleTracker::DoProcessRestyles layout/base/RestyleTracker.cpp:242 PresShell::FlushPendingNotifications layout/base/nsPresShell.cpp:4073 nsBoxObject::GetFrame layout/xul/base/src/nsBoxObject.cpp:158 nsPopupBoxObject::GetPopupState layout/xul/base/src/nsPopupBoxObject.cpp:241 NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102 XPCWrappedNative::GetAttribute js/xpconnect/src/xpcprivate.h:2656 XPC_WN_GetterSetter js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1587 js::InvokeKernel js/src/jsinterp.cpp:520 js::Invoke js/src/jsinterp.cpp:570 js::InvokeGetterOrSetter js/src/jsinterp.cpp:644 js::Shape::get js/src/jsscopeinlines.h:287 js::GetPropertyHelper js/src/jsobj.cpp:5384 ...
|
||
Updated•12 years ago
|
Assignee: nobody → netzen
|
|
||
Comment 1•12 years ago
|
||
I think this problem is that mWidget isn't initialized to NULL in the constructor for nsView.
The following code causes the crash:
> if (aView->HasWidget()) {
> nsIWidget* widget = aView->GetWidget();
> PRInt32 curZ;
> widget->GetZIndex(&curZ);
> if (curZ != aZIndex) {
> widget->SetZIndex(aZIndex); <------------------------
> }
The crash would sometimes happen when aView's mWidget value happens to be initialized to a non-NULL value. SetZIndex does a lot more work than GetZIndex including using the 'this' pointer.
Attachment #593308 -
Flags: review?(roc)
Comment on attachment 593308 [details] [diff] [review] Patch v1. Review of attachment 593308 [details] [diff] [review]: ----------------------------------------------------------------- huh.
Attachment #593308 -
Flags: review?(roc) → review+
|
|
||
Comment 3•12 years ago
|
||
Thanks for the super quick review :)
|
Reporter | |
Comment 5•12 years ago
|
||
class nsView has NS_DECL_AND_IMPL_ZEROING_OPERATOR_NEW so I think those null-assignments were intentionally omitted. In fact, we should remove the other ones too and leave a comment that such initializations are redundant. Anyway, the patch wont fix the crash. Please leave the bug open when merging to mozilla-central (if that occurs).
|
|
||
Comment 6•12 years ago
|
||
Backed out http://hg.mozilla.org/integration/mozilla-inbound/rev/f09662d2ba1f
I hate NS_DECL_AND_IMPL_ZEROING_OPERATOR_NEW for exactly this reason.
|
|
||
Comment 8•12 years ago
|
||
Sorry about that. I knew about operator new, but not the macro. So I didn't notice it :(
|
|
||
Comment 9•12 years ago
|
||
Also NS_DECL_AND_IMPL_ZEROING_OPERATOR_NEW is s a bit dangerous in general, but not in this case since other classes could use it who don't get heap allocated hence not properly initialized.
|
||
Comment 10•12 years ago
|
||
This seems to fall into a class of crashes that I've seen where we crash shortly after creating a new widget and the only obvious cause is that the widget didn't get created properly even though we check error codes and return values for proper creation everywhere that is appropriate (that I've seen so far).
|
|
||
Updated•12 years ago
|
Assignee: netzen → nobody
|
|
Reporter | |
Updated•11 years ago
|
Attachment #593308 -
Attachment is obsolete: true
|
|
Reporter | |
Comment 11•11 years ago
|
||
QA: does crash-stats give any clues in comments, URLs or add-ons for reproducing this? (including the signature in bug 837499)
|
||
Comment 12•11 years ago
|
||
URLs from https://crash-stats.mozilla.com/report/list?signature=nsBaseWidget%3A%3ASetZIndex%28int%29 are as follows: 443 about:blank 87 about:home 18 https://www.facebook.com/ 5 http://www.facebook.com/ 4 https://es-es.facebook.com/ (there's more with a single hit only, but nothing special there either) Correlations also don't bring up anything interesting, unfortunately.
Keywords: needURLs
|
||
Comment 13•11 years ago
|
||
Firefox 21.0 RC (buildID: 20130511120803) Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0 Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20100101 Firefox/21.0 Firefox 22.0 RC (buildID: 20130618035212) Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0 Mozilla/5.0 (Windows NT 6.1; rv:22.0) Gecko/20100101 Firefox/22.0 Latest Nightly (buildID: 20130723030205) Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20130723 Firefox/25.0 Mozilla/5.0 (Windows NT 6.1; rv:25.0) Gecko/20130723 Firefox/25.0 Firefox 18.0.1 (buildID: 20130116073211) Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0 Mozilla/5.0 (Windows NT 6.1; rv:18.0) Gecko/20100101 Firefox/18.0 Tested on the above builds using the links from comment 12 but I was unable to reproduce the crash. I tested with BrowsetoSave plugin, Gmail and whatever I could find in the comments from crash-reports. I noticed that there are 101 crashes on Windows XP, 60 crashes on Windows 7 and 22 crashes on Windows Vista with the same signature in the last 7 days. Is there something else I can help with here?
|
||
Comment 14•10 years ago
|
||
97% of current crashes are startup. bp-e4c47600-44e6-4b90-a4e4-41b612140825 version 32 example 0 xul.dll nsBaseWidget::SetZIndex(int) widget/xpwidgets/nsBaseWidget.cpp 1 xul.dll UpdateNativeWidgetZIndexes view/src/nsView.cpp 2 xul.dll nsView::InitializeWindow(bool, bool) view/src/nsView.cpp 3 xul.dll nsView::CreateWidgetForPopup(nsWidgetInitData*, nsIWidget*, bool, bool) view/src/nsView.cpp 4 xul.dll nsMenuPopupFrame::CreateWidgetForView(nsView*) layout/xul/nsMenuPopupFrame.cpp
Whiteboard: [startupcrash]
|
||
Updated•9 years ago
|
Crash Signature: [@ nsBaseWidget::SetZIndex(int)] → [@ nsBaseWidget::SetZIndex(int)]
[@ nsBaseWidget::SetZIndex]
|
|
||
Updated•8 years ago
|
Priority: -- → P5
Whiteboard: [startupcrash] → [startupcrash][tpi:+]
|
||
Comment 16•8 years ago
|
||
Crash volume for signature 'nsBaseWidget::SetZIndex':
- nightly (version 51): 0 crashes from 2016-08-01.
- aurora (version 50): 0 crashes from 2016-08-01.
- beta (version 49): 36 crashes from 2016-08-02.
- release (version 48): 48 crashes from 2016-07-25.
- esr (version 45): 5 crashes from 2016-05-02.
Crash volume on the last weeks (Week N is from 08-22 to 08-28):
W. N-1 W. N-2 W. N-3
- nightly 0 0 0
- aurora 0 0 0
- beta 10 13 5
- release 16 17 4
- esr 1 0 1
Affected platform: Windows
Crash rank on the last 7 days:
Browser Content Plugin
- nightly
- aurora
- beta #1282
- release #1117
- esr
status-firefox48:
--- → affected
status-firefox49:
--- → affected
status-firefox-esr45:
--- → affected
|
|
||
Comment 17•4 years ago
|
||
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•