Closed Bug 880237 Opened 11 years ago Closed 11 years ago

crash in mozInlineSpellChecker::IgnoreWords

Categories

(Core :: Spelling checker, defect)

Product:
Core
Component:
Spelling checker
Version:
24 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla24
Tracking Flags:
Tracking Status
firefox23 --- unaffected
firefox24 --- verified

People

(Reporter: Usul, Assigned: adw)

References

Details

(Keywords: crash, regression, Whiteboard: [tbird topcrash])

Crash Data

Attachments

(1 file)

assert mSpellCheck != null
1.64 KB, patch
ehsan.akhgari
: review+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-7fb33276-e0a3-4da1-8392-21ae42130606 . ============================================================= 0 XUL mozInlineSpellChecker::IgnoreWords extensions/spellcheck/src/mozInlineSpellChecker.cpp:1020 1 XUL JS_ForwardGetElementTo js/src/jsobjinlines.h:162 2 XUL nsCxPusher::~nsCxPusher objdir-tb/x86_64/mozilla/dist/include/nsCOMPtr.h:676 3 XUL NS_InvokeByIndex xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:162 4 XUL XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:2937 5 libnspr4.dylib PR_GetCurrentThread nsprpub/pr/src/pthreads/ptthread.c:634 6 XUL nsThreadManager::GetIsMainThread xpcom/threads/nsThreadManager.cpp:274 7 XUL NS_IsMainThread objdir-tb/x86_64/mozilla/xpcom/build/nsThreadUtils.cpp:137 8 XUL DefinePropertyIfFound js/xpconnect/src/xpcprivate.h:485 9 libnspr4.dylib PR_GetCurrentThread nsprpub/pr/src/pthreads/ptthread.c:634 10 XUL nsThreadManager::GetIsMainThread xpcom/threads/nsThreadManager.cpp:274 11 XUL _ZThn16_N20DeviceStorageRequest14Recv__delete__ERKb objdir-tb/x86_64/mozilla/dist/include/nsCOMPtr.h:450 12 XUL XPCCallContext::~XPCCallContext js/xpconnect/src/xpcprivate.h:485 13 XUL nsThreadManager::GetCurrentThread xpcom/threads/nsThreadManager.cpp:267 14 XUL NS_IsMainThread objdir-tb/x86_64/mozilla/xpcom/build/nsThreadUtils.cpp:137 15 XUL _ZThn16_N20DeviceStorageRequest14Recv__delete__ERKb objdir-tb/x86_64/mozilla/dist/include/nsCOMPtr.h:450 16 XUL XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:1480 Running Thunderbird trunk from today. STR : Reply to an email in english, while default dictonary is set to french (don't know if that matter but that's how I'm currently setup). Hittinf cmd-r will trigger the crash - not always - though.
It has been hit by two users in TB 24.0a1/20130506. It's likely a regression from bug 856270. More reports at: https://crash-stats.mozilla.com/report/list?signature=mozInlineSpellChecker%3A%3AIgnoreWords%28unsigned+short+const**%2C+unsigned+int%29
status-firefox23: --- → unaffected
status-firefox24: --- → affected
Keywords: regression
Hardware: All → x86_64
Version: 17 Branch → 24 Branch
bp-26d4f6a8-a203-4ef9-9653-b7ba62130606 reply to english email with default dictionary set to english. linux x86_64 had previously noted that the spell check had not displayed the words being checked.
Just in case, here is the regression range: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=8f9ba85eb61c&tochange=a47f4e36197f http://hg.mozilla.org/comm-central/pushloghtml?fromchange=1d440abb231f&tochange=d031447ec78b More reports also at: https://crash-stats.mozilla.com/report/list?signature=mozInlineSpellChecker%3A%3AIgnoreWords%28wchar_t+const**%2C+unsigned+int%29
Crash Signature: [@ mozInlineSpellChecker::IgnoreWords(unsigned short const**, unsigned int)] → [@ mozInlineSpellChecker::IgnoreWords(unsigned short const**, unsigned int)] [@ mozInlineSpellChecker::IgnoreWords(wchar_t const**, unsigned int) ]
OS: Mac OS X → All
Hardware: x86_64 → All
https://tbpl.mozilla.org/?tree=Try&rev=26594cdd6710 IgnoreWords should assert that mSpellCheck is nonnull, like IgnoreWord and related methods do. I probably dropped the ball in not relating bug 856270's spell checker changes to Thunderbird developers. According to mxr it hasn't been updated (And why would it have been? Nobody told them.), which probably explains this: (In reply to Bob Clary [:bc:] from comment #2) > had previously noted that the spell check had not displayed the words being > checked. And it also explains this crash. What probably happened is that SetEnableRealTimeSpell was called as usual, but mSpellCheck now remains null when it finishes. It remains null until nsEditorSpellCheck's async initialization finishes. IgnoreWords must have been called before then. (Other explanations would have meant crashes even before bug 856270 landed.) There's one other site where mSpellCheck is assumed to be nonnull, DoSpellCheck. DoSpellCheck ends up getting called only by ResumeCheck, which returns early if !mSpellCheck, so an assertion in it shouldn't be necessary. However, I added one there anyway as a kind of easily seen precondition. This patch should prevent the crash, but Thunderbird still needs to be updated to account for bug 856270. I'll file a bug for that.
Assignee: nobody → adw
Status: NEW → ASSIGNED
Attachment #759372 - Flags: review?(ehsan)
Blocks: 856270
(In reply to Drew Willcoxon :adw from comment #4) > This patch should prevent the crash, but Thunderbird still needs to be > updated to account for bug 856270. I'll file a bug for that. bug 880595
Attachment #759372 - Flags: review?(ehsan) → review+
(In reply to Drew Willcoxon :adw from comment #6) > https://hg.mozilla.org/integration/mozilla-inbound/rev/7266f50150f1 is this long enough for a push to trunk ?
https://hg.mozilla.org/mozilla-central/rev/7266f50150f1
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
This is gone from Thunderbird crashes starting with daily builds of 2013-06-10
Status: RESOLVED → VERIFIED
Whiteboard: [tbird topcrash]
No crashes in the crashstats.
status-firefox24: fixedverified
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: