Last Comment Bug 760946 - crash in nsFocusManager::SendFocusOrBlurEvent
: crash in nsFocusManager::SendFocusOrBlurEvent
: crash, regression, topcrash
Product: Core
Classification: Components
Component: DOM (show other bugs)
: 15 Branch
: All All
-- critical (vote)
: mozilla15
Assigned To: Mats Palmgren (:mats)
: Andrew Overholt [:overholt]
Depends on:
Blocks: CVE-2012-3984
  Show dependency treegraph
Reported: 2012-06-03 02:15 PDT by Scoobidiver (away)
Modified: 2012-06-04 00:37 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

fix (1.36 KB, patch)
2012-06-03 08:48 PDT, Mats Palmgren (:mats)
bugs: review+
Details | Diff | Splinter Review

Description User image Scoobidiver (away) 2012-06-03 02:15:42 PDT
It first appeared in 15.0a1/20120602134306 and is currently #1 top crasher in this build. The regression range is:

Signature 	nsFocusManager::SendFocusOrBlurEvent(unsigned int, nsIPresShell*, nsIDocument*, nsISupports*, unsigned int, bool, bool) More Reports Search
UUID	44bd1d5f-b3d5-46c0-a5ed-0d6612120603
Date Processed	2012-06-03 08:38:12
Uptime	404
Last Crash	7.1 minutes before submission
Install Age	43.1 minutes since version was first installed.
Install Time	2012-06-03 07:54:00
Product	Firefox
Version	15.0a1
Build ID	20120602134306
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7600
Build Architecture	x86
Build Architecture Info	AuthenticAMD family 16 model 6 stepping 2
Crash Address	0x8
App Notes 	
AdapterVendorID: 0x1002, AdapterDeviceID: 0x9712, AdapterSubsysID: 00000000, AdapterDriverVersion: 8.634.1.0
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- 
EMCheckCompatibility	True	
Total Virtual Memory	4294836224
Available Virtual Memory	3964755968
System Memory Use Percentage	32
Available Page File	6520672256
Available Physical Memory	2706448384

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsFocusManager::SendFocusOrBlurEvent 	dom/base/nsFocusManager.cpp:1927
1 	xul.dll 	nsFocusManager::WindowHidden 	dom/base/nsFocusManager.cpp:942
2 	xul.dll 	nsGlobalWindow::PageHidden 	dom/base/nsGlobalWindow.cpp:7795
3 	xul.dll 	DocumentViewerImpl::PageHide 	layout/base/nsDocumentViewer.cpp:1259
4 	xul.dll 	nsDocShell::FirePageHideNotification 	docshell/base/nsDocShell.cpp:1599
5 	xul.dll 	nsDocShell::CreateContentViewer 	docshell/base/nsDocShell.cpp:7478
6 	xul.dll 	nsDSURIContentListener::DoContent 	docshell/base/nsDSURIContentListener.cpp:132
7 	xul.dll 	nsDocumentOpenInfo::TryContentListener 	uriloader/base/nsURILoader.cpp:677
8 	xul.dll 	nsDocumentOpenInfo::DispatchContent 	uriloader/base/nsURILoader.cpp:374
9 	xul.dll 	nsDocumentOpenInfo::OnStartRequest 	uriloader/base/nsURILoader.cpp:262
10 	xul.dll 	nsBaseChannel::OnStartRequest 	netwerk/base/src/nsBaseChannel.cpp:698
11 	xul.dll 	nsInputStreamPump::OnStateStart 	netwerk/base/src/nsInputStreamPump.cpp:416
12 	xul.dll 	nsInputStreamPump::OnInputStreamReady 	netwerk/base/src/nsInputStreamPump.cpp:367
13 	nspr4.dll 	nspr4.dll@0x8bbf 	
14 	xul.dll 	nsInputStreamReadyEvent::Run 	xpcom/io/nsStreamUtils.cpp:81
15 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:624
16 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:82
17 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/
18 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/
19 	xul.dll 	nsBaseAppShell::Run 	widget/xpwidgets/nsBaseAppShell.cpp:163
20 	xul.dll 	nsAppShell::Run 	widget/windows/nsAppShell.cpp:232
21 	xul.dll 	nsAppStartup::Run 	toolkit/components/startup/nsAppStartup.cpp:256
22 	xul.dll 	XREMain::XRE_mainRun 	toolkit/xre/nsAppRunner.cpp:3786
23 	xul.dll 	XREMain::XRE_main 	toolkit/xre/nsAppRunner.cpp:3863
24 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3939
25 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:100
26 	firefox.exe 	__tmainCRTStartup 	crtexe.c:552
27 	kernel32.dll 	BaseThreadInitThunk 	
28 	ntdll.dll 	__RtlUserThreadStart 	
29 	ntdll.dll 	_RtlUserThreadStart 	

More reports at:*%2C+nsIDocument*%2C+nsISupports*%2C+unsigned+int%2C+bool%2C+bool%29
Comment 1 User image Olli Pettay [:smaug] (pto-ish for couple of days) 2012-06-03 07:50:09 PDT
Hmm, is aPresShell null.
Comment 2 User image Olli Pettay [:smaug] (pto-ish for couple of days) 2012-06-03 07:54:08 PDT
Looks like bug 575294 added a case when aPresShell can be null.
Comment 3 User image Mats Palmgren (:mats) 2012-06-03 08:48:38 PDT
Created attachment 629609 [details] [diff] [review]

I'll land this on mozilla-central so it get into the next Nightly.
Comment 4 User image Mats Palmgren (:mats) 2012-06-03 08:57:14 PDT
Actually, I'll just backout bug 575294 since I spotted a regression in the
review request dropdown.
Comment 5 User image Mats Palmgren (:mats) 2012-06-03 09:10:55 PDT
Olli, please go ahead and review this patch anyway, I'll include it in the next
round of patches in bug 575294.  Thanks.

Backed out bug 575294 and bug 726264:
Comment 6 User image Mats Palmgren (:mats) 2012-06-03 15:11:42 PDT
Fixed by backout.

Note You need to log in before you can comment on or make changes to this bug.