Closed Bug 774856 Opened 13 years ago Closed 13 years ago

Firefox crashes when our js spellchecker runs and update rich text area.

Categories

(Core :: Spelling checker, defect)

Product:
Core
Component:
Spelling checker
Version:
14 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 722039

People

(Reporter: hokamoto, Unassigned, NeedInfo)

Details

(Keywords: crash)

Crash Data

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1 Build ID: 20120713134347 Steps to reproduce: We have our own javascript based spellchecker which accesses to our spellcheck service. When our spellcheck is done in a editable body, Firefox crashes. The crash happens only with specific strings. For example, if the user types the following 2 lines ------------------ amy Cc: amy, amy ------------------ then after running our spellchecker, then Firefox crashes. Actual results: Firefox crashed after our spellchecker completed. The crash-stat is here - https://crash-stats.mozilla.com/report/index/bp-bdf3716a-f059-49e1-bb19-ff58d2120717 Looks like, after our spellcheck completed, updated the rich text area, and displayed window.alert with complete message, Firefox's mozInlineSpellChecker started to run, then Firefox crashed. Here is the crash thread: Frame Module Signature Source 0 xul.dll nsRefPtr<mozilla::places::Database>::~nsRefPtr<mozilla::places::Database> obj-firefox/dist/include/nsAutoPtr.h:908 1 xul.dll RangeData::`scalar deleting destructor' 2 xul.dll nsTArrayElementTraits<RangeData>::Destruct obj-firefox/dist/include/nsTArray.h:380 3 xul.dll nsTArray<RangeData,nsTArrayDefaultAllocator>::DestructRange obj-firefox/dist/include/nsTArray.h:1243 4 xul.dll nsTArray<RangeData,nsTArrayDefaultAllocator>::RemoveElementsAt obj-firefox/dist/include/nsTArray.h:963 5 xul.dll nsTypedSelection::AddItem layout/generic/nsSelection.cpp:3783 6 xul.dll nsTypedSelection::addTableCellRange layout/generic/nsSelection.cpp:3163 7 xul.dll nsTypedSelection::AddRange layout/generic/nsSelection.cpp:4731 8 xul.dll mozInlineSpellChecker::DoSpellCheck extensions/spellcheck/src/mozInlineSpellChecker.cpp:1431 9 xul.dll mozInlineSpellChecker::ResumeCheck extensions/spellcheck/src/mozInlineSpellChecker.cpp:1522 10 xul.dll mozInlineSpellResume::Run extensions/spellcheck/src/mozInlineSpellChecker.cpp:496 11 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:656 12 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102 13 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1554 14 xul.dll xul.dll@0x1a231f 15 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:519 16 mozjs.dll js::Interpret js/src/jsinterp.cpp:1805 17 mozjs.dll JSScript::makeAnalysis js/src/jsinfer.cpp:5372 18 mozjs.dll js::RunScript js/src/jsinterp.cpp:475 19 mozjs.dll js::InvokeKernel js/src/jsinterp.cpp:535 20 mozjs.dll js::Invoke js/src/jsinterp.cpp:567 21 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:5429 22 xul.dll nsXPCWrappedJSClass::CallMethod js/xpconnect/src/XPCWrappedJSClass.cpp:1509 23 xul.dll nsXPCWrappedJS::CallMethod js/xpconnect/src/XPCWrappedJS.cpp:617 24 xul.dll PrepareAndDispatch xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:117 25 xul.dll SharedStub xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp:144 26 xul.dll nsGlobalWindow::Alert dom/base/nsGlobalWindow.cpp:4841 27 xul.dll nsGlobalWindow::Alert dom/base/nsGlobalWindow.cpp:4776 28 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102 29 xul.dll XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1554 30 mozjs.dll js::types::TypeSet::addType js/src/jsinferinlines.h:1128 31 mozjs.dll js::types::TypeMonitorResult js/src/jsinfer.cpp:4971 32 mozjs.dll js::types::TypeMonitorResult js/src/jsinfer.cpp:4971 Expected results: Firefox should not have crashed.
How can I reproduce the crash ? Is a public testcase available ?
Severity: normal → critical
Crash Signature: [@ nsRefPtr<mozilla::places::Database>::~nsRefPtr<mozilla::places::Database>() | RangeData::`scalar deleting destructor''(unsigned int) ]
Component: Untriaged → Spelling checker
Keywords: crash
Product: Firefox → Core
Please comment in bug 722039.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Hiroyuki-san, thank you for the detailed bug report. I would very much like to fix this bug for you, but unfortunately we haven't yet found a way to reproduce the problem in Firefox, which makes the bug hard to analyze and fix. Would you to let us (Mozilla) use your spellchecker for the purpose of fixing this crash? Also, does the problem still occur in the latest version of Firefox?
Flags: needinfo?(hokamoto)
You need to log in before you can comment on or make changes to this bug.