Closed Bug 880237 Opened 11 years ago Closed 11 years ago

crash in mozInlineSpellChecker::IgnoreWords


(Core :: Spelling checker, defect)

24 Branch
Not set



Tracking Status
firefox23 --- unaffected
firefox24 --- verified


(Reporter: Usul, Assigned: adw)



(Keywords: crash, regression, Whiteboard: [tbird topcrash])

Crash Data


(1 file)

This bug was filed from the Socorro interface and is 
report bp-7fb33276-e0a3-4da1-8392-21ae42130606 .
0 	XUL 	mozInlineSpellChecker::IgnoreWords 	extensions/spellcheck/src/mozInlineSpellChecker.cpp:1020
1 	XUL 	JS_ForwardGetElementTo 	js/src/jsobjinlines.h:162
2 	XUL 	nsCxPusher::~nsCxPusher 	objdir-tb/x86_64/mozilla/dist/include/nsCOMPtr.h:676
3 	XUL 	NS_InvokeByIndex 	xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:162
4 	XUL 	XPCWrappedNative::CallMethod 	js/xpconnect/src/XPCWrappedNative.cpp:2937
5 	libnspr4.dylib 	PR_GetCurrentThread 	nsprpub/pr/src/pthreads/ptthread.c:634
6 	XUL 	nsThreadManager::GetIsMainThread 	xpcom/threads/nsThreadManager.cpp:274
7 	XUL 	NS_IsMainThread 	objdir-tb/x86_64/mozilla/xpcom/build/nsThreadUtils.cpp:137
8 	XUL 	DefinePropertyIfFound 	js/xpconnect/src/xpcprivate.h:485
9 	libnspr4.dylib 	PR_GetCurrentThread 	nsprpub/pr/src/pthreads/ptthread.c:634
10 	XUL 	nsThreadManager::GetIsMainThread 	xpcom/threads/nsThreadManager.cpp:274
11 	XUL 	_ZThn16_N20DeviceStorageRequest14Recv__delete__ERKb 	objdir-tb/x86_64/mozilla/dist/include/nsCOMPtr.h:450
12 	XUL 	XPCCallContext::~XPCCallContext 	js/xpconnect/src/xpcprivate.h:485
13 	XUL 	nsThreadManager::GetCurrentThread 	xpcom/threads/nsThreadManager.cpp:267
14 	XUL 	NS_IsMainThread 	objdir-tb/x86_64/mozilla/xpcom/build/nsThreadUtils.cpp:137
15 	XUL 	_ZThn16_N20DeviceStorageRequest14Recv__delete__ERKb 	objdir-tb/x86_64/mozilla/dist/include/nsCOMPtr.h:450
16 	XUL 	XPC_WN_CallMethod 	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1480

Running Thunderbird trunk from today. STR :

Reply to an email in english, while default dictonary is set to french (don't know if that matter but that's how I'm currently setup).

Hittinf cmd-r will trigger the crash - not always - though.
It has been hit by two users in TB 24.0a1/20130506. It's likely a regression from bug 856270.

More reports at:**%2C+unsigned+int%29
Keywords: regression
Hardware: All → x86_64
Version: 17 Branch → 24 Branch
reply to english email with default dictionary set to english.
linux x86_64
had previously noted that the spell check had not displayed the words being checked.
Just in case, here is the regression range:

More reports also at:**%2C+unsigned+int%29
Crash Signature: [@ mozInlineSpellChecker::IgnoreWords(unsigned short const**, unsigned int)] → [@ mozInlineSpellChecker::IgnoreWords(unsigned short const**, unsigned int)] [@ mozInlineSpellChecker::IgnoreWords(wchar_t const**, unsigned int) ]
OS: Mac OS X → All
Hardware: x86_64 → All

IgnoreWords should assert that mSpellCheck is nonnull, like IgnoreWord and related methods do.

I probably dropped the ball in not relating bug 856270's spell checker changes to Thunderbird developers.  According to mxr it hasn't been updated (And why would it have been?  Nobody told them.), which probably explains this:

(In reply to Bob Clary [:bc:] from comment #2)
> had previously noted that the spell check had not displayed the words being
> checked.

And it also explains this crash.  What probably happened is that SetEnableRealTimeSpell was called as usual, but mSpellCheck now remains null when it finishes.  It remains null until nsEditorSpellCheck's async initialization finishes.  IgnoreWords must have been called before then.  (Other explanations would have meant crashes even before bug 856270 landed.)

There's one other site where mSpellCheck is assumed to be nonnull, DoSpellCheck.  DoSpellCheck ends up getting called only by ResumeCheck, which returns early if !mSpellCheck, so an assertion in it shouldn't be necessary.  However, I added one there anyway as a kind of easily seen precondition.

This patch should prevent the crash, but Thunderbird still needs to be updated to account for bug 856270.  I'll file a bug for that.
Assignee: nobody → adw
Attachment #759372 - Flags: review?(ehsan)
Blocks: 856270
(In reply to Drew Willcoxon :adw from comment #4)
> This patch should prevent the crash, but Thunderbird still needs to be
> updated to account for bug 856270.  I'll file a bug for that.

bug 880595
Attachment #759372 - Flags: review?(ehsan) → review+
(In reply to Drew Willcoxon :adw from comment #6)

is this long enough for a push to trunk ?
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
This is gone from Thunderbird crashes starting with daily builds of 2013-06-10
Whiteboard: [tbird topcrash]
No crashes in the crashstats.
You need to log in before you can comment on or make changes to this bug.