~ filename expansion in `print to file' crashes Mozilla




18 years ago
18 years ago


(Reporter: roger, Assigned: dcone)



Firefox Tracking Flags

(Not tracked)




18 years ago
Using ~ or $HOME at the start of a filename used to print to a file causes
Mozilla to crash.

Reproducable: Always

Steps to reproduce:
1)Select print
2)Select `print to file'
3)Type a name like ~/tmp/mozilla.ps
4)press Print

Actual results: segfault

Build: 2001061113. Also in CVS build, downloaded mid-June.

Could be a duplicate of bug #76968?

GDB output:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 13974)]
0x4250d019 in nsPostScriptObj::end_document (this=0x88091a8)
    at nsPostScriptObj.cpp:855
855       f = mPrintContext->prSetup->out;

(gdb) display f
1: f = 0x1

(gdb) display mPrintContext
2: this->mPrintContext = (PSContext *) 0x0

(gdb) display mPrintContext->prSetup
3: this->mPrintContext->prSetup = (PrintSetup *) Cannot access memory at address 0xc
Disabling display 3 to avoid infinite recursion.

(gdb) info f
Stack level 0, frame at 0xbfffd634:
 eip = 0x4250d019 in nsPostScriptObj::end_document(void)
    (nsPostScriptObj.cpp:855); saved eip 0x4250aafe
 called by frame at 0xbfffd654
 source language c++.
 Arglist at 0xbfffd634, args: this=0x88091a8
 Locals at 0xbfffd634, Previous frame's sp is 0x0
 Saved registers:
  ebx at 0xbfffd62c, ebp at 0xbfffd634, esi at 0xbfffd630, eip at 0xbfffd638

(gdb) bt
#0  0x4250d019 in nsPostScriptObj::end_document (this=0x88091a8)
    at nsPostScriptObj.cpp:855
#1  0x4250aafe in nsPostScriptObj::~nsPostScriptObj (this=0x88091a8, 
    __in_chrg=3) at nsPostScriptObj.cpp:177
#2  0x42506cac in nsDeviceContextPS::EndDocument (this=0x85bbbd8)
    at nsDeviceContextPS.cpp:329
#3  0x414208e4 in PrintData::~PrintData (this=0x87404e0, __in_chrg=3)
    at nsDocumentViewer.cpp:704
#4  0x41425580 in DocumentViewerImpl::DonePrintingPages (this=0x866f790, 
    aPO=0x0) at nsDocumentViewer.cpp:2090
#5  0x4142bde0 in DocumentViewerImpl::DocumentReadyForPrinting (this=0x866f790)
    at nsDocumentViewer.cpp:3917
#6  0x4142ec89 in DocumentViewerImpl::Print (this=0x866f790, aSilent=0, 
    aFile=0x0, aPrintListener=0x0) at nsDocumentViewer.cpp:4474
#7  0x40f9bce7 in GlobalWindowImpl::Print (this=0x843a078)
    at nsGlobalWindow.cpp:1832
#8  0x40154918 in XPTC_InvokeByIndex (that=0x843a07c, methodIndex=69, 
    paramCount=0, params=0xbfffd9d0) at xptcinvoke_unixish_x86.cpp:138
#9  0x409139a2 in XPCWrappedNative::CallMethod (ccx=@0xbfffdaa0, 
    mode=CALL_METHOD) at xpcwrappednative.cpp:1835
#10 0x4091b69e in XPC_WN_CallMethod (cx=0x81bea18, obj=0x8479508, argc=0, 
    argv=0x873e2e8, vp=0xbfffdc40) at xpcwrappednativejsops.cpp:1241
#11 0x401f9e60 in js_Invoke (cx=0x81bea18, argc=0, flags=0) at jsinterp.c:807#12
0x40207840 in js_Interpret (cx=0x81bea18, result=0xbfffe1cc)
    at jsinterp.c:2702
#13 0x401f9ee4 in js_Invoke (cx=0x81bea18, argc=1, flags=2) at jsinterp.c:824
#14 0x401fa225 in js_InternalInvoke (cx=0x81bea18, obj=0x8604018, 
    fval=140525600, flags=0, argc=1, argv=0xbfffe4f8, rval=0xbfffe37c)
    at jsinterp.c:896
#15 0x401ceabf in JS_CallFunctionValue (cx=0x81bea18, obj=0x8604018, 
    fval=140525600, argc=1, argv=0xbfffe4f8, rval=0xbfffe37c) at jsapi.c:3320
#16 0x40f8ff99 in nsJSContext::CallEventHandler (this=0x815e048, 
    aTarget=0x8604018, aHandler=0x8604020, argc=1, argv=0xbfffe4f8, 
    aBoolResult=0xbfffe40c, aReverseReturnResult=0) at nsJSEnvironment.cpp:933
#17 0x40fc2256 in nsJSEventListener::HandleEvent (this=0x83d4ba0, 
    aEvent=0x8771804) at nsJSEventListener.cpp:139
#18 0x412575dd in nsEventListenerManager::HandleEventSubType (this=0x83d4b68, 
    aListenerStruct=0x83d4bd8, aDOMEvent=0x8771804, aCurrentTarget=0x82e6b38, 
    aSubType=8, aPhaseFlags=7) at nsEventListenerManager.cpp:1119
#19 0x4125abdb in nsEventListenerManager::HandleEvent (this=0x83d4b68, 
    aPresContext=0x41f1d0d8, aEvent=0xbfffed00, aDOMEvent=0xbfffeaec, 
    aCurrentTarget=0x82e6b38, aFlags=7, aEventStatus=0xbfffed5c)
    at nsEventListenerManager.cpp:2087
#20 0x41373d8a in nsXULElement::HandleDOMEvent (this=0x82e6b30, 
    aPresContext=0x41f1d0d8, aEvent=0xbfffed00, aDOMEvent=0xbfffeaec, 
    aFlags=1, aEventStatus=0xbfffed5c) at nsXULElement.cpp:3630
#21 0x41a0c274 in PresShell::HandleDOMEventWithTarget (this=0x41f03f70, 
    aTargetContent=0x82e6b30, aEvent=0xbfffed00, aStatus=0xbfffed5c)
    at nsPresShell.cpp:5559
#22 0x41b135d2 in nsMenuFrame::Execute (this=0x87506a0) at nsMenuFrame.cpp:1417
#23 0x41b0efdf in nsMenuFrame::HandleEvent (this=0x87506a0, 
    aPresContext=0x41f1d0d8, aEvent=0xbffff230, aEventStatus=0xbffff0f0)
    at nsMenuFrame.cpp:397
#24 0x41a0c0f1 in PresShell::HandleEventInternal (this=0x41f03f70, 
    aEvent=0xbffff230, aView=0x8746690, aFlags=1, aStatus=0xbffff0f0)
    at nsPresShell.cpp:5527
#25 0x41a0bbd8 in PresShell::HandleEvent (this=0x41f03f70, aView=0x8746690, 
    aEvent=0xbffff230, aEventStatus=0xbffff0f0, aForceHandle=0, 
    aHandled=@0xbffff088) at nsPresShell.cpp:5439
#26 0x41c111d9 in nsView::HandleEvent (this=0x8746690, event=0xbffff230, 
    aEventFlags=8, aStatus=0xbffff0f0, aForceHandle=0, aHandled=@0xbffff088)
    at nsView.cpp:364
#27 0x41c1114c in nsView::HandleEvent (this=0x87172e0, event=0xbffff230, 
    aEventFlags=8, aStatus=0xbffff0f0, aForceHandle=0, aHandled=@0xbffff088)
    at nsView.cpp:348
#28 0x41c1114c in nsView::HandleEvent (this=0x87356a8, event=0xbffff230, 
    aEventFlags=8, aStatus=0xbffff0f0, aForceHandle=0, aHandled=@0xbffff088)
    at nsView.cpp:348
#29 0x41c1114c in nsView::HandleEvent (this=0x41f0fd38, event=0xbffff230, 
    aEventFlags=28, aStatus=0xbffff0f0, aForceHandle=1, aHandled=@0xbffff088)
    at nsView.cpp:348
#30 0x41c1d743 in nsViewManager::DispatchEvent (this=0x41f00e68, 
    aEvent=0xbffff230, aStatus=0xbffff0f0) at nsViewManager.cpp:2049
#31 0x41c10708 in HandleEvent (aEvent=0xbffff230) at nsView.cpp:67
#32 0x409f431a in nsWidget::DispatchEvent (this=0x873db78, aEvent=0xbffff230, 
    aStatus=@0xbffff1bc) at nsWidget.cpp:1380
#33 0x409f3f0e in nsWidget::DispatchWindowEvent (this=0x873db78, 
    event=0xbffff230) at nsWidget.cpp:1271
#34 0x409f43dd in nsWidget::DispatchMouseEvent (this=0x873db78, 
    aEvent=@0xbffff230) at nsWidget.cpp:1407
#35 0x409f5712 in nsWidget::OnButtonReleaseSignal (this=0x873db78, 
    aGdkButtonEvent=0x81d45f8) at nsWidget.cpp:1956
#36 0x409fb827 in nsWindow::HandleGDKEvent (this=0x873db78, event=0x81d45f8)
    at nsWindow.cpp:1535
#37 0x409ebbde in dispatch_superwin_event (event=0x81d45f8, window=0x873db78)
    at nsGtkEventHandler.cpp:1025
#38 0x409eb7dd in handle_gdk_event (event=0x81d45f8, data=0x0)
    at nsGtkEventHandler.cpp:879

Comment 1

18 years ago
Confirmed 2001062506/Linux.
Ever confirmed: true

Comment 2

18 years ago
Dup of bug 85535 based on stack trace.  Please reopen if you disagree.

*** This bug has been marked as a duplicate of 85535 ***
Last Resolved: 18 years ago
Resolution: --- → DUPLICATE

Comment 3

18 years ago
tingley, what about bug 84722 ? is that also a DUP of this bug or 85535 ?


Comment 4

18 years ago
verified...Roger, reopen if you disagree that this is a DUP.

Comment 5

18 years ago
okay this works now because bug 85535 is fixed now...Roger, please
try again...if it doesn't work, let me know...

Comment 6

18 years ago
also forgot to mention, make sure you download latest build...

Comment 7

18 years ago
This fixes the crash, but doesn't really solve the problem.... you can use ~
expansion in open/save - why not in print? I see that bug 87727 probably
addresses this.
You need to log in before you can comment on or make changes to this bug.