Closed
Bug 82194
Opened 24 years ago
Closed 24 years ago
Crash in Trunk & M091 [@ nsSliderFrame::CurrentPositionChanged]
Categories
(Core :: Layout, defect, P1)
Core
Layout
Tracking
()
VERIFIED
FIXED
mozilla0.9.2
People
(Reporter: sfraser_bugs, Assigned: hyatt)
References
()
Details
(4 keywords, Whiteboard: Classic skin still crashes; no eta yet)
Crash Data
Attachments
(5 files)
7.49 KB,
text/plain
|
Details | |
3.84 KB,
patch
|
Details | Diff | Splinter Review | |
4.72 KB,
text/plain
|
Details | |
1.65 KB,
patch
|
Details | Diff | Splinter Review | |
5.70 KB,
text/plain
|
Details |
I'm crashing in nsSliderFrame::CurrentPositionChanged() at the
thumbFrame->GetRect(thumbRect);
line because thumbFrame is null.
To repro:
1. Go to the URL above
2. Scroll down until you see the 'I Accept' button (I scrolled by dragging
the thumb)
3. Mouse over the button (don't click it!)
4. Hit the reload button
You'll crash. Stack coming
Reporter | ||
Comment 1•24 years ago
|
||
Comment 2•24 years ago
|
||
Not sure why anyone is creating a slider with no thumb but here is the patch so
it won't crash when you do:
Index: nsSliderFrame.cpp
===================================================================
RCS file: /cvsroot/mozilla/layout/xul/base/src/nsSliderFrame.cpp,v
retrieving revision 1.68
diff -u -r1.68 nsSliderFrame.cpp
--- nsSliderFrame.cpp 2001/03/02 03:07:50 1.68
+++ nsSliderFrame.cpp 2001/05/22 20:11:22
@@ -688,6 +688,9 @@
// get the thumb's rect
nsIFrame* thumbFrame = mFrames.FirstChild();
+ if (!thumbFrame)
+ return NS_OK;
+
nsRect thumbRect;
thumbFrame->GetRect(thumbRect);
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: have patch needs review
Target Milestone: --- → mozilla0.9.1
Reporter | ||
Comment 3•24 years ago
|
||
I could not repro on Windows. Maybe this has something to do with the Mac smart
scrolling settings?
Comment 4•24 years ago
|
||
Easy
r=aaronl
Comment 5•24 years ago
|
||
Is this particular crash a Mac only bug? Talkback data is also showing a
similar crash with win32 (mostly Windows 2K). The Windows crash is reported in
bug 82363...can someone look into that and see if it's a dup?
Comment 10•24 years ago
|
||
Eek! This has been crashing for me for two days now, in nightlies when I press back.
Every time I press back, actually (I'm upgrading to blocker, because I can't use
my browser with it.)
Shouldn't we track down the original problem also after wallpapering over this
crash?
Can someone please sr= and check it in to the trunk?
Comment 11•24 years ago
|
||
has anyone else tried the patch? For me it just changed the crash to something
gdb can't cope with... still crashes in the same situation I described in my bug
81754. So as Håkan suggests, the root problem still needs to be found and dealt
with.
Comment 12•24 years ago
|
||
Confirming this for solaris, just managed to get this when pressing forward
button. Cool. I recall this warning before each crash I had so far:
WARNING: not supported for views, file
/tmp/mozilla/view/src/nsScrollPortView.cpp, line 98
(that is, I don't recall crashing without that warning)
Axel
Comment 13•24 years ago
|
||
Weird...I just tried this with Linux build 2001052308. When I click on the URL
above, I get immediately redirected to Netscape search for the word 'dogspit' !!
Comment 14•24 years ago
|
||
Adding topcrash keyword.
Keywords: topcrash
Summary: Crash in nsSliderFrame::CurrentPositionChanged → Crash in Trunk [@ nsSliderFrame::CurrentPositionChanged]
Updated•24 years ago
|
Whiteboard: have patch needs review → wanted for 0.9.1 have patch needs r=, sr= and a=
Comment 15•24 years ago
|
||
This patch feels wallpaperish to me. How can we create a slider without a thumb?
I'm also worried about Chris Abbey's comments on 2001-05-27 12:47, where he says
this just moves the crash somewhere else. sfraser: have you verified that the
patch fixes the problem?
Comment 16•24 years ago
|
||
Chris, I believe the crash that I was moving into was fixed on 5/28 or 29, as
the secondary crash I was experiencing went away somewhere in that timeframe,
and as of this evening I went a full three hours with lots of stuff that
should have triggered this and didn't.
(that fix could have been integrated later, I had about 10 patches applied to
a tree from 5/27 in the last few days trying to get ready to use moz to demo a
chunk of new web content this morning.) As of right now I only have this patch
in my tree, the others have all been merged by now and I just finished
pulling. Net is that while I agree that this is a wallpaper, it appears to be
an effective wallpaper now.
Having said that though, I seem to be able to generate this "not so very good"
condition all too easily with just the use of a scroll mouse and the history
back/forward buttons. Perhaps tommorrow I'll change the return
to an assert followed by a return so I can see how often it happens. Anyone
got an idea how we can track the lifecycle of a single slider after the fact?
maybe see where it came from??
(actually I want to see if the correlation that Axel Hecht and I both noticed
is 100%....)
Comment 17•24 years ago
|
||
I attach two stack traces of the warning in nsScrollPortView::Release, the
object is 0x2, ugh.
I realized that this bug seems to be pretty dependent on whether I can see the
scrollbar or not.
I didn't manage to trigger it while the scrollbar was offscreen. I can't recall
to trigger it while having the window on my current desktop, but when I
change to another virtual desktop while it's trying to load, it booms.
This happens in
http://lxr.mozilla.org/seamonkey/source/layout/xul/base/src/nsScrollBoxFrame.cpp#815
which has a nsCOMPtr of a view. We don't do refcounting on views, right?
This was added on 2001/05/12 by Dan, CCing dr.
Axel
Comment 18•24 years ago
|
||
Comment 19•24 years ago
|
||
Comment 20•24 years ago
|
||
This is my mistake. That patch isn't right, or is only half-right. The view
shouldn't be an nsCOMPtr, and the QI should be |CallQueryInterface|. I'm not
seeing the crash, but I'll put together a patch for y'all to test, ASAP.
Assignee: evaughan → dr
Status: ASSIGNED → NEW
Whiteboard: wanted for 0.9.1 have patch needs r=, sr= and a= → wanted for 0.9.1
Comment 21•24 years ago
|
||
Comment 22•24 years ago
|
||
Ok, Patch attached compiles but is untested (my tree is clobbered, but I wanted
to get the patch attached with The Quickness). Please test, review, approve.
Status: NEW → ASSIGNED
Whiteboard: wanted for 0.9.1 → Wanted for 0.9.1: Patch attached, needs testing, review, approval
Comment 23•24 years ago
|
||
Hello? Beuller? Anyone? Why is the thumb frame null?
Comment 24•24 years ago
|
||
waterson: No idea. The mis-nsCOMPtr-ing of the view is probably the root cause
(although, like I said, I haven't tested this patch -- my tree is building at
the moment), but it shouldn't hurt. OTOH, if the nsCOMPtr'ed view turns out to
be entirely orthogonal to the problem, then yeah... (and I'll reassign this back
to evaughan if that's the case).
Reporter | ||
Comment 25•24 years ago
|
||
I don't think the mis nsCOMPtr-ing of the view has anything to do with it. I bet
nsView has stubbed out AddRef/Release methods that do nothing. Someone (Eric?)
needs to dig around and find out why we can get into a state where the thumb
frame is null. Are we in the middle of a reflow? (yes, look at the stack).
Comment 26•24 years ago
|
||
Hi Dan,
sorry to say that, but this still crashes.
Program received signal SIGSEGV, Segmentation fault.
0xfb7562fc in nsSliderFrame::CurrentPositionChanged (this=0x76ce04,
aPresContext=0x8d5710)
at /tmp/mozilla/layout/xul/base/src/nsSliderFrame.cpp:693
693 thumbFrame->GetRect(thumbRect);
Get over to #mozilla, if I can help you with my gdb, I'm at the segfault right
now.
Axel (alias Pike)
Comment 27•24 years ago
|
||
Yes, nsView.cpp does have AddRef and Release methods which do nothing but print
warnings (it has to, since it implements nsISupports). If this isn't me, then
back to evaughan.
Assignee: dr → evaughan
Status: ASSIGNED → NEW
Comment 28•24 years ago
|
||
attaching current stacktrace, I'll be on #mozilla for like 15 mins for questions
and then I'm off to food/bed.
btw, dr didn't use evaughan's original wallpaper, so I didn't test that.
Axel
Comment 29•24 years ago
|
||
Comment 30•24 years ago
|
||
ok, the stub'd out AddRef and Release in nsView are interesting and all, but
it's the parent/base class here... so I'm not that surprised that some methods
aren't real. But nsScrollPointView extends nsView, and then overrides these
methods with ... the exact same code, copied and pasted without even updating
the message.
I've applied this diagnostic patch to yesterday's tree:
Index: nsSliderFrame.cpp
===================================================================
RCS file: /cvsroot/mozilla/layout/xul/base/src/nsSliderFrame.cpp,v
retrieving revision 1.68
diff -u -u -b -r1.68 nsSliderFrame.cpp
--- nsSliderFrame.cpp 2001/03/02 03:07:50 1.68
+++ nsSliderFrame.cpp 2001/06/01 03:07:02
@@ -688,6 +688,11 @@
// get the thumb's rect
nsIFrame* thumbFrame = mFrames.FirstChild();
+ if (!thumbFrame) {
+ NS_WARNING("thumbFrame is null, imagine a segv here....");
+ return NS_OK;
+ }
+
nsRect thumbRect;
thumbFrame->GetRect(thumbRect);
basically its evaughan's wallpaper with a printout... here's the interesting part:
WARNING: not supported for views, file nsScrollPortView.cpp, line 98
WARNING: thumbFrame is null, imagine a segv here...., file nsSliderFrame.cpp,
line 692
WARNING: not supported for views, file nsScrollPortView.cpp, line 98
WARNING: not supported for views, file nsScrollPortView.cpp, line 98
I've done this a dozen or more times already by following the directions in my
original bug 81754. These warnigns *always* show up together, one not supported,
one is null, two or three not supported... all in a single page replacement.
I believe this is where the null thumbFrame is coming from. I've started up a
gdb session with breakpoints set on these two warnings... hopefully it will load
before I fall asleep.
Comment 31•24 years ago
|
||
argh. gdb is being a pain, see the post in n.p.m.unix entitled "gdb5.0 and
mozilla -- can't find thread" if anyone can lend some gdb know how.....
Comment 32•24 years ago
|
||
Talked to Eric yesterday and he said it was legal for a thumb frame not to
exist. Let's get *some* crash prevention checked in soon.
Comment 33•24 years ago
|
||
Chris: You need to pull a new snapshot of gdb/insight. See:
http://mozilla.org/unix/debugging-faq.html#insight
Insight, BTW, is a GUI front end for gdb. It doesn't suck.
Comment 34•24 years ago
|
||
(Bullied from all sides!) Well, I certainly am not against checking in the
bail-out code if someone will confirm that it actually fixes the bug! :-)
sr=waterson
Comment 35•24 years ago
|
||
I'll give r= as well, so long as the patch applies the do_QueryInterface =>
CallQueryInterface change I made in my patch. Thanks.
dr . o O ( wouldn't it be nice if evaughan looked at this bug? )
Comment 36•24 years ago
|
||
*** Bug 83715 has been marked as a duplicate of this bug. ***
Comment 37•24 years ago
|
||
*** Bug 83669 has been marked as a duplicate of this bug. ***
Comment 38•24 years ago
|
||
adding keywords from 83669, reassigning to hyatt, to give to the right person.
Assignee | ||
Comment 39•24 years ago
|
||
Fixed.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Comment 40•24 years ago
|
||
What about the 0.9.1 Branch?
Comment 41•24 years ago
|
||
Marking verified in both trunk and branch builds (6/04).
Status: RESOLVED → VERIFIED
Comment 42•24 years ago
|
||
reopening
seen on mac commercial build 2001-006-05-04-trunk
This is reproducable still in classic skin. Modern theme works fine.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Comment 43•24 years ago
|
||
its happening on the branch as well - I've sent in a number of talkback reports
on it...
Comment 44•24 years ago
|
||
Clearing old whiteboard and updating.
Whiteboard: Wanted for 0.9.1: Patch attached, needs testing, review, approval → Classic skin still crashes; no eta yet
Reporter | ||
Comment 45•24 years ago
|
||
Fixing this was just moving scrollbar binding XML around, right? It should be
easy to fix.
Assignee | ||
Comment 46•24 years ago
|
||
Well, this must be trashed memory and not a null pointer dereference then.
Status: REOPENED → ASSIGNED
Comment 47•24 years ago
|
||
still seeing this crash on Mac commercial trunk build 2001-06-06-04-trunk in
Tasks | Tools | History
Reporter | ||
Comment 48•24 years ago
|
||
Spam some more themes/XUL folks. Can someone eyeball the Mac classic scrollbar
stuff, and check that it's OK?
Assignee | ||
Comment 49•24 years ago
|
||
All three scrollbars (in all three skins) have the same split file-wise.
Assignee | ||
Comment 50•24 years ago
|
||
Can someone repro the crash and tell me if memory is trashed? I've bullet-
proofed the function on the trunk to bail if the thumb is null, so I don't
think this is an XBL issue.
Assignee | ||
Comment 51•24 years ago
|
||
Ok, this bug has been fixed. The crash doing Tasks-Tools-History on the Mac is
in a completely different place.
Marking FIXED. If you want to file a bug on the History crash, go ahead, but
it's not crashing here.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago → 24 years ago
Resolution: --- → FIXED
Target Milestone: mozilla0.9.1 → mozilla0.9.2
Reporter | ||
Comment 52•24 years ago
|
||
The classic History crash is bug 83669.
Comment 53•24 years ago
|
||
reopened bug 83669 which was a bug that got duped of this.
Comment 54•24 years ago
|
||
I crashed here using the official mozilla 0.9.1 build on Sunday. Was this fixed
only on the trunk?
Comment 55•24 years ago
|
||
I've crashed in what I think is this bug MANY times in the branch... I have
filed at least 10 talkback reports since 6/6, all having to do with going "back"
to a bug in bugzilla. it doesn't happen EVERY time, but it's probably 50% of the
time. I'd direct someone to a talkback URL, but the talkback search seems to be
down..
Comment 56•24 years ago
|
||
this bug was fixed via checkin 1.70 for
http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/layout/xul/base/src/nsSliderFrame.cpp
this checkin did not make it to the MOZILLA_0_9_1_BRANCH, as far as I can tell.
Comment 57•24 years ago
|
||
and now it's back up. Sure enough, out of the 25 or so crashes that I have
reported, about 20 of them are in nsSliderFrame::CurrentPositionChanged
http://climate/reports/searchemail.cfm?email=alecf%40netscape.com
Comment 58•24 years ago
|
||
in fact, 13 out of my 15 branch crashes were this bug. This seems like a
netscape beta stopper to me
Comment 59•24 years ago
|
||
reopening for branch comments
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 60•24 years ago
|
||
hyatt says this is a trivial fix and fixes the bug.
Comment 61•24 years ago
|
||
topcrash for M091
Here are the comments from recent crashes:
(31567395) Comments: Typing URL
(31565606) Comments: Crashed whilst changing preferences.
(31555561) Comments: pressed back button in main toolbar
(31548065) Comments: I was trying to edit the URL and I got http://ww and
it
frozethis was just after changing to the new modern theme
(31544414) URL: http://lionsource.com/
(31544414) Comments: Accessing the history via toolbar to get back to the
site
forum list.
(31543998) URL: http://www.macromedia.com/
(31543998) Comments: Downloading the Macromedia Flash plugin.
(31540042) Comments: i was setting up the preferences like languajes
(spanish)
(31536886) Comments: Back on eBay
(31536264) Comments: Back in Bugzilla
(31535646) Comments: ?
(31532161) Comments: Mozilla often crashes when I press the back-button.
Both on
the toolbar and right-mousebutton-click.
(31531630) Comments: Typing an URL
(31527806) Comments: Only starting Mozilla
(31522398) Comments: viewing an html file stored locallycrash occurred just
after
closing Preferences
(31518401) Comments: working with the settings menu .. browser reconfigured
itself
and then crashed
(31513567) Comments: I was typing an URL in the location field
(31509500) Comments: i just looked through the whole preferences dialog
(31504583) Comments: typing in the URL location box
(31503897) Comments: I was about to write "www" in the address bar. The
program
crashed just before the 3rd "w". Wow.
(31502695) Comments: I had minimized mozilla (i'm using blackbox
(31494236) Comments: reload clicked
(31493543) Comments: back by Alt + Left Allow
(31491891) Comments: the arrow keys weren't moving the cursor in the adress
bar
(31484031) Comments: hitting back viewing an attachment! this is getting
rediculous
(31483935) Comments: hitting back again..
(31482671) Comments: typing an address in the URL input box
(31481987) Comments: Typing in text to the location field.It was a blank
page
(31480247) Comments: typing location in location bar
(31479004) Comments: Closing the Preferences dialog
(31477501) Comments: I just unpacked mozilla 0.9.1 and configured it.I
typed latex
in the URL textfield.It crashed.
(31477247) Comments: it was loading a webpage
(31476445) Comments: Reloading the local Doppler weather radar image in the
browser.Accessed the weather link from the browser sidebar.
(31474914) Comments: After setting all of my preferences and hitting ok
(31473289) URL: http://www.malayalamanorama.com
(31473289) Comments: typing in the url
(31470595) Comments: clicked back button
(31469867) Comments: typing URL after saving preferences
(31469185) Comments: saved preferents
(31469131) URL: www.mozilla.org
(31469131) Comments: Changing preferences (Edit->Preferences)
(31468918) URL: mozilla.org
(31468918) Comments: scrolling the mouse
(31467461) Comments: enabled the paint/flash/debug option out of curiosity.
(31464856) Comments: hit back button/ focused mail
Stacktrace from 2001060713
OS: Windows NT
Incident ID 31567817
nsSliderFrame::CurrentPositionChanged
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsSliderFrame.cpp, line 695]
nsSliderFrame::AttributeChanged
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsSliderFrame.cpp, line 224]
nsCSSFrameConstructor::AttributeChanged
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 10083]
StyleSetImpl::AttributeChanged
[d:\builds\seamonkey\mozilla\content\base\src\nsStyleSet.cpp, line 1290]
PresShell::AttributeChanged
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 4816]
nsDocument::AttributeChanged
[d:\builds\seamonkey\mozilla\content\base\src\nsDocument.cpp, line 1676]
nsHTMLDocument::AttributeChanged
[d:\builds\seamonkey\mozilla\content\html\document\src\nsHTMLDocument.cpp, line
1284]
nsXULElement::SetAttribute
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line
3057]
nsXULElement::SetAttribute
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line
3077]
nsXBLPrototypeBinding::AttributeChanged
[d:\builds\seamonkey\mozilla\content\xbl\src\nsXBLPrototypeBinding.cpp, line
670]
nsXBLBinding::AttributeChanged
[d:\builds\seamonkey\mozilla\content\xbl\src\nsXBLBinding.cpp, line 1348]
nsXULElement::SetAttribute
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line
3021]
nsXULElement::SetAttribute
[d:\builds\seamonkey\mozilla\content\xul\content\src\nsXULElement.cpp, line
3077]
nsGfxScrollFrameInner::SetAttribute
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line
1423]
nsGfxScrollFrameInner::ScrollPositionDidChange
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line
851]
nsScrollPortView::ScrollTo
[d:\builds\seamonkey\mozilla\view\src\nsScrollPortView.cpp, line 333]
nsScrollBoxFrame::DoLayout
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsScrollBoxFrame.cpp, line 527]
nsBox::Layout [d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBox.cpp, line
985]
nsContainerBox::LayoutChildAt
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsContainerBox.cpp, line 595]
nsGfxScrollFrameInner::LayoutBox
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line
1039]
nsGfxScrollFrameInner::Layout
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line
1149]
nsGfxScrollFrame::DoLayout
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line
1047]
nsBox::Layout [d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBox.cpp, line
985]
nsBoxFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsBoxFrame.cpp, line 781]
nsGfxScrollFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsGfxScrollFrame.cpp, line
738]
nsContainerFrame::ReflowChild
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsContainerFrame.cpp, line
745]
ViewportFrame::Reflow
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsViewportFrame.cpp, line 538]
nsHTMLReflowCommand::Dispatch
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsHTMLReflowCommand.cpp, line
145]
PresShell::ProcessReflowCommand
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5712]
PresShell::ProcessReflowCommands
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5767]
ReflowEvent::HandleEvent
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5625]
PL_HandleEvent [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 591]
PL_ProcessPendingEvents [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c,
line 524]
_md_EventReceiverProc [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line
1072]
nsAppShellService::Run
[d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsAppShellService.cpp, line 418]
netscp6.exe + 0x16b5 (0x004016b5)
netscp6.exe + 0x11b8 (0x004011b8)
netscp6.exe + 0x2f7b (0x00402f7b)
KERNEL32.DLL + 0x192a6 (0x77e992a6)
Summary: Crash in Trunk [@ nsSliderFrame::CurrentPositionChanged] → Crash in Trunk & M091 [@ nsSliderFrame::CurrentPositionChanged]
Assignee | ||
Comment 62•24 years ago
|
||
This has been fixed on the trunk, and I assume it's too late to get it into
0.9.1, so I'm closing it again.
Status: REOPENED → RESOLVED
Closed: 24 years ago → 24 years ago
Resolution: --- → FIXED
Comment 63•24 years ago
|
||
Looks fine on the 6/27 branch build. Marking verified
Status: RESOLVED → VERIFIED
Updated•14 years ago
|
Crash Signature: [@ nsSliderFrame::CurrentPositionChanged]
You need to log in
before you can comment on or make changes to this bug.
Description
•