Closed
Bug 759858
Opened 12 years ago
Closed 12 years ago
crash in nsTypedSelection::AddItem
Categories
(Core :: DOM: Editor, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 771873
People
(Reporter: sheppy, Unassigned)
References
Details
(Keywords: crash, Whiteboard: DUPEME?)
Crash Data
This bug was filed from the Socorro interface and is report bp-e7ee3164-03fc-4524-b7bb-64a162120530 . ============================================================= This happens to me quite frequently when applying a style to a selection in CKEditor on MDN. It's pretty annoying.
Comment 1•12 years ago
|
||
Hmm, I think I've seen stacks like this, but it's very hard to fix this without having STRs. Do you have any idea what you're doing which triggers this crash?
Reporter | ||
Comment 2•12 years ago
|
||
It *tends* to happen when I'm doing more than one substring at a time, selecting text and adding <code>...</code> around it. It also seems more often to happen when the selected text includes non-alphanumeric characters (such as the string "JSObject *" or "SomeFunction()"), but I don't think that's always the case. The text in the editor does not have to be long for it to happen, but it tends to be the case that it will happen repeatably on the same text (although not forever; eventually it will work, if I keep restarting and trying again).
Comment 3•12 years ago
|
||
When you say more than one substring, do you mean selecting multiple ranges?
Reporter | ||
Comment 4•12 years ago
|
||
No, sorry, I mean one after another. Select a bit of text (usually just a few characters, a dozen or two dozen at most), apply the <code> wrapper, move on to the next one. Doesn't seem to matter how I select (whether by clicking and dragging, clicking and extending the selection using the keyboard, etc).
Comment 5•12 years ago
|
||
I played around a bit doing this kind of stuff before, but I'm afraid I've never been able to reproduce this.
Keywords: testcase-wanted
Whiteboard: DUPEME?
Reporter | ||
Comment 6•12 years ago
|
||
Sigh. It happens to me often enough to drive me crazy but I can't get you a testcase either, because of how unreliably it happens. Frustrating!
Reporter | ||
Comment 7•12 years ago
|
||
I'm looking at the code a bit here, and it looks like somehow I'm getting through the checks that should be bouncing me out if I'm not adding a table cell selection, which I'm not. I'm just changing the contents of a range of text. I'm guessing from the stack that this is happening during the re-check of the selection for spelling after applying the style (which is probably not actually necessary, but I doubt the editor knows that). I will attach a debugger next time it happens and get a better look at what's happening. I'm a little embarrassed that hadn't occurred to me before.
Reporter | ||
Comment 8•12 years ago
|
||
Another possibly useful tidbit: I *think* this only happens on words that are flagged as misspelled by the as-you-type spell checker.
Comment 9•12 years ago
|
||
Do you happen to do Ctrl+clicks at all when this happens? Note that this is most likely happening because the selection here <http://mxr.mozilla.org/mozilla-central/source/extensions/spellcheck/src/mozInlineSpellChecker.cpp#1489> is null. If you could do a local build, it would be interesting to change this line <http://mxr.mozilla.org/mozilla-central/source/extensions/spellcheck/src/mozInlineSpellChecker.cpp#1460> to: NS_ENSURE_STATE(spellCheckSelection); And see if the crashes go away that way (although I don't see why spellCheckSelection should be null there...)
Reporter | ||
Comment 10•12 years ago
|
||
Hm, no control-clicks but I am using control-o (a keyboard shortcut configured in CKEditor on MDN) to wrap the selection in a <code> block. I will set about doing a local build to test on.
Comment 11•12 years ago
|
||
Cool, let me know how I can help. :-)
Comment 12•12 years ago
|
||
Dupe of bug 722039?
Comment 13•12 years ago
|
||
(In reply to Scoobidiver from comment #12) > Dupe of bug 722039? That is similar, but I don't think this is a dupe.
Reporter | ||
Comment 14•12 years ago
|
||
Just spent some time with ehsan debugging; a transcript of our discussion and the gdb output is here: https://etherpad.mozilla.org/boBSAACJaB Basically, it looks like a bug in GetIndicesForInterval, where somehow the end index is getting returned lower than the start index. He says he'll have time to look at it next week.
Updated•12 years ago
|
Assignee: nobody → ehsan
Comment 15•12 years ago
|
||
I have not yet gotten a chance to work on this. Aryeh, any chance you could please do that when you get a chance? Thanks!
Assignee: ehsan → nobody
Comment 16•12 years ago
|
||
(In reply to Eric Shepherd [:sheppy] from comment #14) > Basically, it looks like a bug in GetIndicesForInterval, where somehow the > end index is getting returned lower than the start index. He says he'll have > time to look at it next week. This sounds exactly like bug 771873. Does it still happen, or did the patch there fix it (landed July 13)?
Reporter | ||
Comment 17•12 years ago
|
||
(In reply to :Aryeh Gregor from comment #16) > (In reply to Eric Shepherd [:sheppy] from comment #14) > > Basically, it looks like a bug in GetIndicesForInterval, where somehow the > > end index is getting returned lower than the start index. He says he'll have > > time to look at it next week. > > This sounds exactly like bug 771873. Does it still happen, or did the patch > there fix it (landed July 13)? Can you cc me on that so I can look at it please? I get access denied on that bug.
Reporter | ||
Comment 18•12 years ago
|
||
FWIW, I cannot immediately reproduce this but that doesn't necessarily mean anything. :)
Comment 19•12 years ago
|
||
(In reply to Eric Shepherd [:sheppy] from comment #17) > Can you cc me on that so I can look at it please? I get access denied on > that bug. Done. Sorry for not thinking of that myself!
Reporter | ||
Comment 20•12 years ago
|
||
I suspect this is indeed fixed by that bug, from looking at it. I'm inclined to mark this as resolved:fixed or dupe of that, and re-open if this recurs. Thoughts?
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Keywords: testcase-wanted
You need to log in
before you can comment on or make changes to this bug.
Description
•