Closed Bug 92755 Opened 23 years ago Closed 23 years ago

Crash occurs on MacOS X when cutting or copying HR or Anchor

Categories

(Core :: DOM: Editor, defect, P2)

Product:
Core
Component:
DOM: Editor
Platform:
PowerPC
macOS
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.4

People

(Reporter: chrispetersen, Assigned: mikepinkerton)

Details

(Keywords: crash, platform-parity, Whiteboard: OSX+)

Attachments

(1 file)

fix for crash
1.76 KB, patch
Details | Diff | Splinter Review 
Build: 2001072905
Platform: Mac OS X
Expected Results: Element should be copied or cut from the document
What I got: Application crashes

Steps to Reproduce:

1) Open composer

2) From toolbar, insert a HR or anchor element into document

3) Select the inserted element by clicking on it

4) Choose Copy or Cut from the Edit menu

5) A crash should occur
I believe this a Mac OS X only issue since this procedure works fine under Mac
OS 9.1.
Severity: normal → critical
Keywords: crash, pp
Stack trace from Crash reporter


**********

Date/Time: 2001-07-29 18:37:04 -0700

PID:       241
Command:   Mozilla

Exception: EXC_BAD_ACCESS (0x0001)
Codes:     KERN_PROTECTION_FAILURE (0x0002) at 0x00000000

Thread 0:
 #0   0x000f1844 in 0xf1844 ()
 #1   0x01ff1b58 in 0x1ff1b58 ()
 #2   0x01fe9944 in 0x1fe9944 ()
 #3   0x01fe9464 in 0x1fe9464 ()
 #4   0x026daad8 in 0x26daad8 ()
 #5   0x025bfd4c in 0x25bfd4c ()
 #6   0x038cc554 in 0x38cc554 ()
 #7   0x0389c3d8 in 0x389c3d8 ()
 #8   0x038cc35c in 0x38cc35c ()
 #9   0x0389c328 in 0x389c328 ()
 #10  0x038b548c in 0x38b548c ()
 #11  0x022abd54 in 0x22abd54 ()
 #12  0x038a0f6c in 0x38a0f6c ()
 #13  0x0015c584 in _XPTC_InvokeByIndex ()
 #14  0x0015c4a4 in _XPTC_InvokeByIndex ()
 #15  0x01d3e924 in 0x1d3e924 ()
 #16  0x01d435ac in 0x1d435ac ()
 #17  0x01cc2a98 in 0x1cc2a98 ()
 #18  0x01cca98c in 0x1cca98c ()
 #19  0x01cc2af0 in 0x1cc2af0 ()
 #20  0x01cc2d10 in 0x1cc2d10 ()
 #21  0x01ca979c in 0x1ca979c ()
 #22  0x027cddb8 in 0x27cddb8 ()
 #23  0x027e3478 in 0x27e3478 ()
 #24  0x0216fabc in 0x216fabc ()
 #25  0x02171e34 in 0x2171e34 ()
 #26  0x022ece38 in 0x22ece38 ()
 #27  0x01fffb60 in 0x1fffb60 ()
 #28  0x01fff8e4 in 0x1fff8e4 ()
 #29  0x01ffb980 in 0x1ffb980 ()
 #30  0x01ff85b8 in 0x1ff85b8 ()
 #31  0x01fd66fc in 0x1fd66fc ()
 #32  0x01fd67a0 in 0x1fd67a0 ()
 #33  0x01fe14b4 in 0x1fe14b4 ()
 #34  0x01fe0a10 in 0x1fe0a10 ()
 #35  0x01fe479c in 0x1fe479c ()
 #36  0x01fe7314 in 0x1fe7314 ()
 #37  0x01fe7134 in 0x1fe7134 ()
 #38  0x01fe6934 in 0x1fe6934 ()
 #39  0x01fe665c in 0x1fe665c ()
 #40  0x01fe61c4 in 0x1fe61c4 ()
 #41  0x01fe5cfc in 0x1fe5cfc ()
 #42  0x01de914c in 0x1de914c ()
 #43  0x000919ac in 0x919ac ()
 #44  0x0009234c in 0x9234c ()

Thread 1:
 #0   0x7000424c in _syscall ()
 #1   0x706584b8 in _ProcessReadyEvent ()
 #2   0x706582b0 in _CarbonSelectThreadFunc ()
 #3   0x70014f04 in __pthread_body ()

Thread 2:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x70653be0 in _BSD_pthread_cond_wait ()
 #5   0x70653bc0 in _CarbonConditionWait ()
 #6   0x7065557c in _CarbonOperationThreadFunc ()
 #7   0x70014f04 in __pthread_body ()

Thread 3:
 #0   0x70059b48 in _semaphore_timedwait_signal_trap ()
 #1   0x7003f7f8 in _semaphore_timedwait_signal ()
 #2   0x70015f68 in __pthread_cond_wait ()
 #3   0x7003f7c4 in _pthread_cond_timedwait_relative_np ()
 #4   0x7029b590 in _TSWaitOnConditionTimedRelative ()
 #5   0x7029cdac in _TSWaitOnSemaphoreCommon ()
 #6   0x702e5f98 in _TSWaitOnSemaphoreRelative ()
 #7   0x702e7208 in _TimerThread ()
 #8   0x70014f04 in __pthread_body ()

Thread 4:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x7029b550 in _TSWaitOnCondition ()
 #5   0x7029cd94 in _TSWaitOnSemaphoreCommon ()
 #6   0x7029cce4 in _TSWaitOnSemaphore ()
 #7   0x7029cba8 in _AsyncFileThread ()
 #8   0x70014f04 in __pthread_body ()

Thread 5:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x70653be0 in _BSD_pthread_cond_wait ()
 #5   0x70653bc0 in _CarbonConditionWait ()
 #6   0x70653ab4 in _CarbonInetOperThreadFunc ()
 #7   0x70014f04 in __pthread_body ()

Thread 6:
 #0   0x700007b8 in _mach_msg_overwrite_trap ()
 #1   0x700056e4 in _mach_msg_overwrite ()
 #2   0x700277b0 in _thread_suspend ()
 #3   0x70027744 in __pthread_become_available ()
 #4   0x70027468 in _pthread_exit ()
 #5   0x70014f08 in __pthread_body ()

PPC Thread State:
  srr0: 0x000f1844 srr1: 0x0000f030                vrsave: 0x00000000
   xer: 0x20000020   lr: 0x01ff1b64  ctr: 0x000f183c   mq: 0x00000000
    r0: 0x000f183c   r1: 0xbfffc068   r2: 0x0026f000   r3: 0xffffffff
    r4: 0xffffffff   r5: 0xbfffc314   r6: 0x0027434c   r7: 0x0027502c
    r8: 0x00000001   r9: 0x00000001  r10: 0x00000001  r11: 0xd14c7111
   r12: 0x0026fc20  r13: 0x00260514  r14: 0x50490000  r15: 0xbfffc308
   r16: 0x54450000  r17: 0xbfffc324  r18: 0xbfffc328  r19: 0xbfffc2e0
   r20: 0xbfffc2c8  r21: 0xbfffc32c  r22: 0xbfffc318  r23: 0xbfffc30c
   r24: 0x02059a3c  r25: 0x02059bb0  r26: 0xbfffc300  r27: 0xbfffc0d0
   r28: 0x044e2de0  r29: 0xbfffc314  r30: 0xbfffc310  r31: 0x02004366

**********
off to Kin for debug
Assignee: beppe → kin
Priority: -- → P2
Target Milestone: --- → mozilla0.9.4
Chris, is this happening for you on the trunk or branch ?
Summary: Crash occurs when cutting or copying HR or Anchor element from the document → Crash occurs on MacOS X when cutting or copying HR or Anchor element from the document
Testing was done only on Branch. Bug doesn't reproduce on Mac OS 9.1, Windows
ME, or Linux Redhat 7.1 (July 26th) branch builds. Verifying problem on Mac OS X .
Providing a more informative stack trace from the trunk carbon build (8-1):

Date/Time: 2001-08-01 12:50:35 -0700

PID:       244
Command:   Netscape 6

Exception: EXC_BAD_ACCESS (0x0001)
Codes:     KERN_PROTECTION_FAILURE (0x0002) at 0x00000000

Thread 0:
 #0   0x000fba28 in strlen ()
 #1   0x02024d8c in
ConvertUnicodeToPlatformPlainText__18nsPrimitiveHelpersFPwiPPc ()
 #2   0x020193f8 in SetNativeClipboardData__11nsClipboardFi ()
 #3   0x02018ca0 in
SetData__15nsBaseClipboardFP15nsITransferableP17nsIClipboardOw ()
 #4   0x028822a4 in HTMLCopy__13nsCopySupportFP12nsISelectionP11nsIDocuments ()
 #5   0x02717074 in DoCopy__9PresShellFv ()
 #6   0x03d00634 in Copy__17nsPlaintextEditorFv ()
 #7   0x03cc9e08 in Copy__15nsHTMLEditorLogFv ()
 #8   0x03d003d8 in Cut__17nsPlaintextEditorFv ()
 #9   0x03cc9d2c in Cut__15nsHTMLEditorLogFv ()
 #10  0x03ce56a8 in DoCommand__12nsCutCommandFRC9nsAStringP11nsISupports ()
 #11  0x023a4e80 in
DoCommand__26nsControllerCommandManagerFRC9nsAStringP11nsISupp ()
 #12  0x03ccf808 in DoCommand__18nsEditorControllerFRC9nsAString ()
 #13  0x00186a74 in _XPTC_InvokeByIndex ()
 #14  0x0018696c in XPTC_InvokeByIndex ()
 #15  0x01d029e0 in 0x1d029e0 ()
 #16  0x01d08978 in XPC_WN_CallMethod__FP9JSContextP8JSObjectUiPlPl ()
 #17  0x01c40fac in js_Invoke ()
 #18  0x01c48f64 in 0x1c48f64 ()
 #19  0x01c41004 in js_Invoke ()
 #20  0x01c41240 in js_InternalInvoke ()
 #21  0x01c243d4 in JS_CallFunctionValue ()
 #22  0x02a78774 in CallEventHandler__11nsJSContextFPvPvUiPvPii ()
 #23  0x02a932e0 in HandleEvent__17nsJSEventListenerFP11nsIDOMEvent ()
 #24  0x021de570 in
HandleEventSubType__22nsEventListenerManagerFP16nsListenerStru ()
 #25  0x021e09dc in
HandleEvent__22nsEventListenerManagerFP14nsIPresContextP7nsEve ()
 #26  0x023fa788 in
HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP11n ()
 #27  0x020378ac in DoCommand__11nsMenuItemXFv ()
 #28  0x02037478 in MenuItemSelected__11nsMenuItemXFRC11nsMenuEvent ()
 #29  0x02032b0c in MenuItemSelected__7nsMenuXFRC11nsMenuEvent ()
 #30  0x0202e304 in MenuSelected__10nsMenuBarXFRC11nsMenuEvent ()
 #31  0x01ffefa4 in 0x1ffefa4 ()
 #32  0x01fff094 in DispatchWindowEvent__8nsWindowFR10nsGUIEvent ()
 #33  0x0200d724 in HandleMenuCommand__17nsMacEventHandlerFR11EventRecordl ()
 #34  0x0200c78c in HandleMenuCommand__11nsMacWindowFR11EventRecordl ()
 #35  0x02011598 in
DispatchMenuCommand__16nsMacMessageSinkFR11EventRecordlP15Opaq ()
 #36  0x02015db8 in
DispatchMenuCommandToRaptor__16nsMacMessagePumpFR11EventRecord ()
 #37  0x02015abc in DoMenu__16nsMacMessagePumpFR11EventRecordl ()
 #38  0x02015178 in 0x2015178 ()
 #39  0x02014e1c in DispatchEvent__16nsMacMessagePumpFiP11EventRecord ()
 #40  0x02014850 in DoMessagePump__16nsMacMessagePumpFv ()
 #41  0x020140e0 in Run__10nsAppShellFv ()
 #42  0x01dbc1f4 in Run__17nsAppShellServiceFv ()
 #43  0x00095dfc in main1__FiPPcP11nsISupports ()
 #44  0x00096b6c in main ()

Thread 1:
 #0   0x7000424c in _syscall ()
 #1   0x706584b8 in _ProcessReadyEvent ()
 #2   0x706582b0 in _CarbonSelectThreadFunc ()
 #3   0x70014f04 in __pthread_body ()

Thread 2:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x70653be0 in _BSD_pthread_cond_wait ()
 #5   0x70653bc0 in _CarbonConditionWait ()
 #6   0x7065557c in _CarbonOperationThreadFunc ()
 #7   0x70014f04 in __pthread_body ()

Thread 3:
 #0   0x70059b48 in _semaphore_timedwait_signal_trap ()
 #1   0x7003f7f8 in _semaphore_timedwait_signal ()
 #2   0x70015f68 in __pthread_cond_wait ()
 #3   0x7003f7c4 in _pthread_cond_timedwait_relative_np ()
 #4   0x7029b590 in _TSWaitOnConditionTimedRelative ()
 #5   0x7029cdac in _TSWaitOnSemaphoreCommon ()
 #6   0x702e5f98 in _TSWaitOnSemaphoreRelative ()
 #7   0x702e7208 in _TimerThread ()
 #8   0x70014f04 in __pthread_body ()

Thread 4:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x7029b550 in _TSWaitOnCondition ()
 #5   0x7029cd94 in _TSWaitOnSemaphoreCommon ()
 #6   0x7029cce4 in _TSWaitOnSemaphore ()
 #7   0x7029cba8 in _AsyncFileThread ()
 #8   0x70014f04 in __pthread_body ()

Thread 5:
 #0   0x70059b68 in _semaphore_wait_signal_trap ()
 #1   0x70016110 in _semaphore_wait_signal ()
 #2   0x70015f78 in __pthread_cond_wait ()
 #3   0x70015d18 in _pthread_cond_wait ()
 #4   0x70653be0 in _BSD_pthread_cond_wait ()
 #5   0x70653bc0 in _CarbonConditionWait ()
 #6   0x70653ab4 in _CarbonInetOperThreadFunc ()
 #7   0x70014f04 in __pthread_body ()

Thread 6:
 #0   0x700007b8 in _mach_msg_overwrite_trap ()
 #1   0x700056e4 in _mach_msg_overwrite ()
 #2   0x700277b0 in _thread_suspend ()
 #3   0x70027744 in __pthread_become_available ()
 #4   0x70027468 in _pthread_exit ()
 #5   0x70014f08 in __pthread_body ()

PPC Thread State:
  srr0: 0x000fba28 srr1: 0x0000f030                vrsave: 0x00000000
   xer: 0x20000020   lr: 0x02024d98  ctr: 0x000fba20   mq: 0x00000000
    r0: 0x000fba20   r1: 0xbfffc038   r2: 0x002c6000   r3: 0xffffffff
    r4: 0xffffffff   r5: 0xbfffc300   r6: 0x002cb34c   r7: 0x002cc02c
    r8: 0x00000001   r9: 0x00000001  r10: 0x00000001  r11: 0xd14c7111
   r12: 0x002c6c20  r13: 0x50490000  r14: 0xbfffc2f4  r15: 0x54450000
   r16: 0xbfffc318  r17: 0xbfffc2cc  r18: 0xbfffc2b4  r19: 0xbfffc31c
   r20: 0xbfffc304  r21: 0xbfffc2f8  r22: 0x020a2994  r23: 0xbfffc314
   r24: 0x05b3e050  r25: 0xbfffc2ec  r26: 0x0203c30a  r27: 0xbfffc0a0
   r28: 0x05ab2e10  r29: 0xbfffc300  r30: 0xbfffc2fc  r31: 0x0203c6be

**********


Passing off to sfraser.
Assignee: kin → sfraser
Whiteboard: OSX
pink: your clipboard stuff is on the stack.
Target Milestone: mozilla0.9.4 → mozilla0.9.5
looks like someone is passing null data into the clipboard and strlen doesn't
like it. i can bulletproof the helper class, but that's not the real problem
here i don't think...
Summary: Crash occurs on MacOS X when cutting or copying HR or Anchor element from the document → Crash occurs on MacOS X when cutting or copying HR or Ancho566666
i've got a couple of ideas. we are trying to get the platform charset, and on
osx somehow it's null but the routine doesn't fail, so it goes on being null.
That's about the only strlen() i can immediately see from eyeballing the code.
Assignee: sfraser → pinkerton
Whiteboard: OSX → OSX+
Target Milestone: mozilla0.9.5 → mozilla0.9.4
Fix the damage done by pinkerton's cat.
Summary: Crash occurs on MacOS X when cutting or copying HR or Ancho566666 → Crash occurs on MacOS X when cutting or copying HR or Anchor
patch attached that removes old code and checks for null before calling strlen(). 
r/sr needed.
Status: NEW → ASSIGNED
Hey, a crash dereferencing null on OS X! How about that! r=pchen
sr=sfraser

a=asa on behalf of drivers for checkin. 
fixed.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Fantasic ! Marking verfied in the August 24th Mac OS X build.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: