Last Comment Bug 760946 - crash in nsFocusManager::SendFocusOrBlurEvent
: crash in nsFocusManager::SendFocusOrBlurEvent
Status: RESOLVED FIXED
: crash, regression, topcrash
Product: Core
Classification: Components
Component: DOM (show other bugs)
: 15 Branch
: All All
: -- critical (vote)
: mozilla15
Assigned To: Mats Palmgren (:mats)
:
Mentors:
Depends on:
Blocks: CVE-2012-3984
  Show dependency treegraph
 
Reported: 2012-06-03 02:15 PDT by Scoobidiver (away)
Modified: 2012-06-04 00:37 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
fix (1.36 KB, patch)
2012-06-03 08:48 PDT, Mats Palmgren (:mats)
bugs: review+
Details | Diff | Splinter Review

Description Scoobidiver (away) 2012-06-03 02:15:42 PDT
It first appeared in 15.0a1/20120602134306 and is currently #1 top crasher in this build. The regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5199196b65ec&tochange=9274e6b53af4

Signature 	nsFocusManager::SendFocusOrBlurEvent(unsigned int, nsIPresShell*, nsIDocument*, nsISupports*, unsigned int, bool, bool) More Reports Search
UUID	44bd1d5f-b3d5-46c0-a5ed-0d6612120603
Date Processed	2012-06-03 08:38:12
Uptime	404
Last Crash	7.1 minutes before submission
Install Age	43.1 minutes since version was first installed.
Install Time	2012-06-03 07:54:00
Product	Firefox
Version	15.0a1
Build ID	20120602134306
Release Channel	nightly
OS	Windows NT
OS Version	6.1.7600
Build Architecture	x86
Build Architecture Info	AuthenticAMD family 16 model 6 stepping 2
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	0x8
App Notes 	
AdapterVendorID: 0x1002, AdapterDeviceID: 0x9712, AdapterSubsysID: 00000000, AdapterDriverVersion: 8.634.1.0
D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- 
EMCheckCompatibility	True	
Total Virtual Memory	4294836224
Available Virtual Memory	3964755968
System Memory Use Percentage	32
Available Page File	6520672256
Available Physical Memory	2706448384

Frame 	Module 	Signature 	Source
0 	xul.dll 	nsFocusManager::SendFocusOrBlurEvent 	dom/base/nsFocusManager.cpp:1927
1 	xul.dll 	nsFocusManager::WindowHidden 	dom/base/nsFocusManager.cpp:942
2 	xul.dll 	nsGlobalWindow::PageHidden 	dom/base/nsGlobalWindow.cpp:7795
3 	xul.dll 	DocumentViewerImpl::PageHide 	layout/base/nsDocumentViewer.cpp:1259
4 	xul.dll 	nsDocShell::FirePageHideNotification 	docshell/base/nsDocShell.cpp:1599
5 	xul.dll 	nsDocShell::CreateContentViewer 	docshell/base/nsDocShell.cpp:7478
6 	xul.dll 	nsDSURIContentListener::DoContent 	docshell/base/nsDSURIContentListener.cpp:132
7 	xul.dll 	nsDocumentOpenInfo::TryContentListener 	uriloader/base/nsURILoader.cpp:677
8 	xul.dll 	nsDocumentOpenInfo::DispatchContent 	uriloader/base/nsURILoader.cpp:374
9 	xul.dll 	nsDocumentOpenInfo::OnStartRequest 	uriloader/base/nsURILoader.cpp:262
10 	xul.dll 	nsBaseChannel::OnStartRequest 	netwerk/base/src/nsBaseChannel.cpp:698
11 	xul.dll 	nsInputStreamPump::OnStateStart 	netwerk/base/src/nsInputStreamPump.cpp:416
12 	xul.dll 	nsInputStreamPump::OnInputStreamReady 	netwerk/base/src/nsInputStreamPump.cpp:367
13 	nspr4.dll 	nspr4.dll@0x8bbf 	
14 	xul.dll 	nsInputStreamReadyEvent::Run 	xpcom/io/nsStreamUtils.cpp:81
15 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:624
16 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:82
17 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/message_loop.cc:201
18 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:175
19 	xul.dll 	nsBaseAppShell::Run 	widget/xpwidgets/nsBaseAppShell.cpp:163
20 	xul.dll 	nsAppShell::Run 	widget/windows/nsAppShell.cpp:232
21 	xul.dll 	nsAppStartup::Run 	toolkit/components/startup/nsAppStartup.cpp:256
22 	xul.dll 	XREMain::XRE_mainRun 	toolkit/xre/nsAppRunner.cpp:3786
23 	xul.dll 	XREMain::XRE_main 	toolkit/xre/nsAppRunner.cpp:3863
24 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3939
25 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:100
26 	firefox.exe 	__tmainCRTStartup 	crtexe.c:552
27 	kernel32.dll 	BaseThreadInitThunk 	
28 	ntdll.dll 	__RtlUserThreadStart 	
29 	ntdll.dll 	_RtlUserThreadStart 	

More reports at:
https://crash-stats.mozilla.com/report/list?signature=nsFocusManager%3A%3ASendFocusOrBlurEvent%28unsigned+int%2C+nsIPresShell*%2C+nsIDocument*%2C+nsISupports*%2C+unsigned+int%2C+bool%2C+bool%29
https://crash-stats.mozilla.com/report/list?signature=nsFocusManager%3A%3ASendFocusOrBlurEvent
Comment 1 Olli Pettay [:smaug] (way behind * queues, especially ni? queue) 2012-06-03 07:50:09 PDT
Hmm, is aPresShell null.
Comment 2 Olli Pettay [:smaug] (way behind * queues, especially ni? queue) 2012-06-03 07:54:08 PDT
Looks like bug 575294 added a case when aPresShell can be null.
Comment 3 Mats Palmgren (:mats) 2012-06-03 08:48:38 PDT
Created attachment 629609 [details] [diff] [review]
fix

I'll land this on mozilla-central so it get into the next Nightly.

https://tbpl.mozilla.org/?usebuildbot=1&tree=Try&rev=965cf4ed8176
Comment 4 Mats Palmgren (:mats) 2012-06-03 08:57:14 PDT
Actually, I'll just backout bug 575294 since I spotted a regression in the
review request dropdown.
Comment 5 Mats Palmgren (:mats) 2012-06-03 09:10:55 PDT
Olli, please go ahead and review this patch anyway, I'll include it in the next
round of patches in bug 575294.  Thanks.

Backed out bug 575294 and bug 726264:
https://tbpl.mozilla.org/?usebuildbot=1&rev=e7ca047b71b2
Comment 6 Mats Palmgren (:mats) 2012-06-03 15:11:42 PDT
Fixed by backout.

Note You need to log in before you can comment on or make changes to this bug.