Closed
Bug 108704
Opened 23 years ago
Closed 23 years ago
Mozilla crashes when form is moved by JavaScript M096 & Trunk [@ nsGenericHTMLElement::GetPrimaryFrame]
Categories
(Core :: Layout: Form Controls, defect)
Core
Layout: Form Controls
Tracking
()
RESOLVED
DUPLICATE
of bug 114220
mozilla0.9.8
People
(Reporter: nine, Assigned: kinmoz)
References
()
Details
(Keywords: crash, qawanted, topcrash)
Crash Data
Attachments
(1 file)
(deleted),
text/html
|
Details |
if you go to http://www.detonation.org/mozilla-crash-testcase.html and hit
the "quickpost" link Mozilla crashes. This happens on builds 2001110503 and
2001110603 for me. #mozillazine reported that it works on 2001100303.
The testcase is a form consisting at least two <input> inside a form. It is
initially on position -300 -300 and should be moved to inside the screen when
hitting the link. However if you remove one of the two <input> the crash goes
away and everything works fine. Same is when you remove the value attribute of
the first input but then both fields are initialized with the value of the
second one.
Talkback of crash: TB37641687G
Reporter | ||
Comment 1•23 years ago
|
||
Comment 2•23 years ago
|
||
confirming with win2k build 20011106..
Stack Trace:
CallQueryInterface(nsIFrame * 0x047dfa84, nsIFormControlFrame * * 0x0012ca84)
line 270 + 19 bytes
nsGenericHTMLElement::GetPrimaryFrame(nsIHTMLContent * 0x03dea050,
nsIFormControlFrame * & 0x00000000, int 0, int 0) line 3143 + 13 bytes
nsHTMLInputElement::SetValueSecure(nsHTMLInputElement * const 0x03dea050, const
nsAString & {...}, int 1) line 520 + 17 bytes
nsHTMLInputElement::SetValue(nsHTMLInputElement * const 0x03dea07c, const
nsAString & {...}) line 484
nsHTMLInputElement::RestoreState(nsHTMLInputElement * const 0x03dea074,
nsIPresContext * 0x03b04848, nsIPresState * 0x03d732e0) line 2011
nsFormControlHelper::RestoreContentState(nsIFrame * 0x047e024c, nsIPresContext *
0x03b04848, nsIPresState * 0x03d732e0) line 1077
nsGfxTextControlFrame2::RestoreState(nsGfxTextControlFrame2 * const 0x047e02d8,
nsIPresContext * 0x03b04848, nsIPresState * 0x03d732e0) line 3511 + 23 bytes
FrameManager::RestoreFrameStateFor(FrameManager * const 0x03e7db70,
nsIPresContext * 0x03b04848, nsIFrame * 0x047e024c, nsILayoutHistoryState *
0x03ea5cd0, nsIStatefulFrame::SpecialStateID eNoID) line 2218 + 25 bytes
FrameManager::RestoreFrameState(FrameManager * const 0x03e7db70, nsIPresContext
* 0x03b04848, nsIFrame * 0x047e024c, nsILayoutHistoryState * 0x03ea5cd0) line
2232 + 29 bytes
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x03b04848,
nsFrameConstructorState & {...}, nsIContent * 0x03dea050, nsIFrame * 0x047df828,
nsIStyleContext * 0x047e0218, nsIFrame * 0x00000000, nsIFrame * 0x047e024c) line
6517
nsCSSFrameConstructor::ConstructFrameByTag(nsIPresShell * 0x03df3520,
nsIPresContext * 0x03b04848, nsFrameConstructorState & {...}, nsIContent *
0x03dea050, nsIFrame * 0x047df828, nsIAtom * 0x00f8b700, int 3, nsIStyleContext
* 0x047e0218, nsFrameItems & {...}) line 4745
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x03df3520,
nsIPresContext * 0x03b04848, nsFrameConstructorState & {...}, nsIContent *
0x03dea050, nsIFrame * 0x047df828, nsIAtom * 0x00f8b700, int 3, nsIStyleContext
* 0x047e0218, nsFrameItems & {...}, int 0) line 7031 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x03df3520, nsIPresContext
* 0x03b04848, nsFrameConstructorState & {...}, nsIContent * 0x03dea050, nsIFrame
* 0x047df828, nsFrameItems & {...}) line 6945 + 56 bytes
nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x03df3520, nsIPresContext
* 0x03b04848, nsFrameConstructorState & {...}, nsIContent * 0x03dd9980, nsIFrame
* 0x047df828, int 1, nsFrameItems & {...}, int 0, nsTableCreator * 0x00000000)
line 11572 + 66 bytes
nsCSSFrameConstructor::ConstructFrameByTag(nsIPresShell * 0x03df3520,
nsIPresContext * 0x03b04848, nsFrameConstructorState & {...}, nsIContent *
0x03dd9980, nsIFrame * 0x047df600, nsIAtom * 0x00f8ce28, int 3, nsIStyleContext
* 0x047df790, nsFrameItems & {...}) line 4779 + 41 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x03df3520,
nsIPresContext * 0x03b04848, nsFrameConstructorState & {...}, nsIContent *
0x03dd9980, nsIFrame * 0x047df600, nsIAtom * 0x00f8ce28, int 3, nsIStyleContext
* 0x047df790, nsFrameItems & {...}, int 0) line 7031 + 49 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x03df3520, nsIPresContext
* 0x03b04848, nsFrameConstructorState & {...}, nsIContent * 0x03dd9980, nsIFrame
* 0x047df600, nsFrameItems & {...}) line 6945 + 56 bytes
nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x03df3520, nsIPresContext
* 0x03b04848, nsFrameConstructorState & {...}, nsIContent * 0x03adcf20, nsIFrame
* 0x047df600, int 1, nsFrameItems & {...}, int 1, nsTableCreator * 0x00000000)
line 11572 + 66 bytes
nsCSSFrameConstructor::ConstructFrameByDisplayType(nsIPresShell * 0x03df3520,
nsIPresContext * 0x03b04848, nsFrameConstructorState & {...}, const
nsStyleDisplay * 0x047df524, nsIContent * 0x03adcf20, nsIFrame * 0x047dda0c,
nsIStyleContext * 0x047df4f0, nsFrameItems & {...}) line 6130
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x03df3520,
nsIPresContext * 0x03b04848, nsFrameConstructorState & {...}, nsIContent *
0x03adcf20, nsIFrame * 0x047dda0c, nsIAtom * 0x00f8c7c8, int 3, nsIStyleContext
* 0x047df4f0, nsFrameItems & {...}, int 0) line 7074 + 45 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x03df3520, nsIPresContext
* 0x03b04848, nsFrameConstructorState & {...}, nsIContent * 0x03adcf20, nsIFrame
* 0x047dda0c, nsFrameItems & {...}) line 6945 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x03c19850,
nsIPresContext * 0x03b04848, nsIContent * 0x03b58de0, nsIContent * 0x03adcf20,
int 5, nsILayoutHistoryState * 0x03ea5cd0) line 8679
nsCSSFrameConstructor::RecreateFramesForContent(nsIPresContext * 0x03b04848,
nsIContent * 0x03adcf20, int 1, nsIStyleRule * 0x03dd990c, nsIStyleContext *
0x047df4f0) line 11430 + 45 bytes
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const
0x03c19850, nsIPresContext * 0x03b04848, nsIContent * 0x03adcf20, int 0, nsIAtom
* 0x00f8f988, int 1, int 6) line 10057 + 38 bytes
StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x03c052f0, nsIPresContext *
0x03b04848, nsIContent * 0x03adcf20, int 0, nsIAtom * 0x00f8f988, int 1, int 6)
line 1456
PresShell::AttributeChanged(PresShell * const 0x03df3528, nsIDocument *
0x03dee058, nsIContent * 0x03adcf20, int 0, nsIAtom * 0x00f8f988, int 1, int 6)
line 5094 + 61 bytes
nsDocument::AttributeChanged(nsDocument * const 0x03dee058, nsIContent *
0x03adcf20, int 0, nsIAtom * 0x00f8f988, int 1, int 6) line 1785 + 36 bytes
nsHTMLDocument::AttributeChanged(nsHTMLDocument * const 0x03dee058, nsIContent *
0x03adcf20, int 0, nsIAtom * 0x00f8f988, int 1, int 6) line 1252
nsDOMCSSAttributeDeclaration::RemoveProperty(nsDOMCSSAttributeDeclaration *
const 0x03ae7550, const nsAString & {...}, nsAString & {...}) line 219
CallSetProperty(nsDOMCSSDeclaration * 0x03ae7550, const nsAString & {...}, const
nsAString & {...}) line 225 + 23 bytes
nsDOMCSSDeclaration::SetTop(nsDOMCSSDeclaration * const 0x03ae7554, const
nsAString & {...}) line 357 + 39 bytes
XPTC_InvokeByIndex(nsISupports * 0x03ae7554, unsigned int 226, unsigned int 1,
nsXPTCVariant * 0x0012e218) line 154
XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode
CALL_SETTER) line 2009 + 42 bytes
XPCWrappedNative::SetAttribute(XPCCallContext & {...}) line 1828 + 14 bytes
XPC_WN_GetterSetter(JSContext * 0x0378aaa0, JSObject * 0x03b87288, unsigned int
1, long * 0x03d83878, long * 0x0012e500) line 1290 + 12 bytes
js_Invoke(JSContext * 0x0378aaa0, unsigned int 1, unsigned int 2) line 832 + 23
bytes
js_InternalInvoke(JSContext * 0x0378aaa0, JSObject * 0x03b87288, long 62419664,
unsigned int 0, unsigned int 1, long * 0x0012f32c, long * 0x0012f32c) line 924 +
20 bytes
js_SetProperty(JSContext * 0x0378aaa0, JSObject * 0x03b87288, long 15826824,
long * 0x0012f32c) line 2590 + 47 bytes
js_Interpret(JSContext * 0x0378aaa0, long * 0x0012f54c) line 2634 + 1939 bytes
js_Execute(JSContext * 0x0378aaa0, JSObject * 0x03ac78e8, JSScript * 0x03df6c58,
JSStackFrame * 0x00000000, unsigned int 0, long * 0x0012f54c) line 1012 + 13
bytes
JS_EvaluateUCScriptForPrincipals(JSContext * 0x0378aaa0, JSObject * 0x03ac78e8,
JSPrincipals * 0x03df13d8, const unsigned short * 0x0012f688, unsigned int 16,
const char * 0x00000000, unsigned int 0, long * 0x0012f54c) line 3368 + 25 bytes
nsJSContext::EvaluateString(nsJSContext * const 0x03adab90, const nsAString &
{...}, void * 0x03ac78e8, nsIPrincipal * 0x03df13d4, const char * 0x00000000,
unsigned int 0, const char * 0x00000000, nsAString & {...}, int * 0x0012f74c)
line 653 + 85 bytes
nsJSThunk::EvaluateScript() line 260 + 64 bytes
nsJSChannel::AsyncOpen(nsJSChannel * const 0x03e3f8e0, nsIStreamListener *
0x03e3e538, nsISupports * 0x00000000) line 576 + 11 bytes
nsDocumentOpenInfo::Open(nsIChannel * 0x03e3f8e0, int 1, nsISupports *
0x03ab4358) line 198 + 18 bytes
nsURILoader::OpenURIVia(nsURILoader * const 0x00fbd180, nsIChannel * 0x03e3f8e0,
int 1, nsISupports * 0x03ab4358, unsigned int 0) line 548 + 20 bytes
nsURILoader::OpenURI(nsURILoader * const 0x00fbd180, nsIChannel * 0x03e3f8e0,
int 1, nsISupports * 0x03ab4358) line 510
nsDocShell::DoChannelLoad(nsIChannel * 0x03e3f8e0, nsIURILoader * 0x00fbd180)
line 4455 + 39 bytes
nsDocShell::DoURILoad(nsIURI * 0x03e87e20, nsIURI * 0x047c4200, nsISupports *
0x03df13c8, nsIInputStream * 0x00000000, nsIInputStream * 0x00000000) line 4239
+ 38 bytes
nsDocShell::InternalLoad(nsDocShell * const 0x03ab4358, nsIURI * 0x03e87e20,
nsIURI * 0x047c4200, nsISupports * 0x00000000, int 1, const unsigned short *
0x0012fc10, nsIInputStream * 0x00000000, nsIInputStream * 0x00000000, unsigned
int 2097153, nsISHEntry * 0x00000000) line 4054 + 39 bytes
nsWebShell::HandleLinkClickEvent(nsIContent * 0x03b5b490, nsLinkVerb
eLinkVerb_Replace, const unsigned short * 0x03e0d210, const unsigned short *
0x100d1150 gCommonEmptyBuffer, nsIInputStream * 0x00000000, nsIInputStream *
0x00000000) line 807 + 80 bytes
OnLinkClickEvent::HandleEvent() line 655
HandlePLEvent(OnLinkClickEvent * 0x03adc9e8) line 669
PL_HandleEvent(PLEvent * 0x03adc9e8) line 590 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00e59428) line 520 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x002203c8, unsigned int 49380, unsigned int 0,
long 15045672) line 1071 + 9 bytes
USER32! 77e02e98()
USER32! 77e030e0()
USER32! 77e05824()
nsAppShellService::Run(nsAppShellService * const 0x00e56f10) line 303
main1(int 2, char * * 0x003526f0, nsISupports * 0x00000000) line 1304 + 32 bytes
main(int 2, char * * 0x003526f0) line 1630 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e87d08()
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 3•23 years ago
|
||
jkeiser, is this yours? CallQueryInterface is not null-safe...
I see this on Linux too.
OS: Windows 98 → All
Hardware: PC → All
Comment 4•23 years ago
|
||
Yeah, I think that's me. Didn't know it wasn't null-safe. I'll go through the
code I changed and see if anything else does that. Thanks!
Assignee: rods → jkeiser
Comment 5•23 years ago
|
||
Hmm. Much like the Transformers, there's more than meets the eye here.
This is not a null problem at all. The strange thing is, aSource looks like
this when I print it in GDB:
$2 = {<nsISupports> = {_vptr.nsISupports = 0x0}, mRect = {x = 0, y = 0, width =
1406,
height = 380}
, mContent = 0x0, mStyleContext = 0x0, mParent = 0x86fcd40,
mNextSibling = 0x86dee90, mState = 2160345124}
Since CallQueryInterface() is doing aSource->QueryInterface(), I am thinking the
problem lies in the fact that the nsISupports vptr is null! I am not sure how
to interpret this. Could this mean the frame was deleted and someone hung on to
it? The mParent and mNextSibling pointers seem to be valid (I can follow them
and they have vptrs and all that).
Given that this worked on the 3rd, I am unsure whether this was caused by my
checkin(s). CC'ing people who might have an idea (or at least have an idea who
would have an idea).
Comment 6•23 years ago
|
||
Looks like nsIPresShell::GetPrimaryFrameFor() is handing back a pointer to a
deleted frame, we've seen that before, and I think there are open bugs on it
already. Typically if a vptr is bad (null or garbage) it means the underlying
object has been deleted. And since frames (nsIFrame's) aren't refcounted it's
kinda hard to say where this problem comes from.
John, did you change the destructor or any ::Destroy() methods? IIRC that's
where we make sure frames that are destroyed are removed from the
nsIContent->nsIFrame maps.
Comment 7•23 years ago
|
||
OK, for now I am thinking the problem just looks like it's 34297 breakage
because of where it shows up, but the real problem is when it's getting deleted.
My changes haven't messed with that stuff (only added to Destroy() and ~, not
deleted). I've heard there have been bug reports like this in the preceding
months too.
To rods with love.
Assignee: jkeiser → rods
Comment 8•23 years ago
|
||
this is probably what I'm getting as well. This game, which plays fine in ie or
ns, crashes mz when opened. http://www6.ewebcity.com/nakedchaos/keyboarder.html
Comment 9•23 years ago
|
||
I am going to send this over to kin.
Here is what I know by setting breakpoints in the constructor and destructor of
GfxText. When they get removed and destroyed, in nsFrame::Destroy the
ClearFrameRefs is NOT being called for either of the GfxText frames.
if ((mState & NS_FRAME_EXTERNAL_REFERENCE) ||
(mState & NS_FRAME_SELECTED_CONTENT)) {
if (shell) {
shell->ClearFrameRefs(this);
}
}
What is strange is that it doesn't crash until after the GfxText is created the
second tmie (when it is being moved). I't also doesn't crash with one text
control and some other form control. It seems that it takes to text controls to
crash.
Assignee: rods → kin
Reporter | ||
Comment 10•23 years ago
|
||
this is what I said in the first comment. Repeat: if you remove the value
attribute of the first textfield the crash does not happen but both fields are
initialized with the value of the second field.
Comment 11•23 years ago
|
||
I'm seeing a similar crash with recent MozillaTrunk builds and Mozilla 0.9.6.
Adding topcrash keyword and M096 & Trunk [@
nsGenericHTMLElement::GetPrimaryFrame] to summary.
Here is the latest info from MozillaTrunk Talkback data:
nsGenericHTMLElement::GetPrimaryFrame 13
BBID range: 38486432 - 38805101
Min/Max Seconds since last crash: 605 - 79756
Min/Max Runtime: 605 - 347005
Crash data range: 2001-11-25 to 2001-12-02
Build ID range: 2001112210 to 2001120211
Keyword List :
Stack Trace:
nsGenericHTMLElement::GetPrimaryFrame
[d:\builds\seamonkey\mozilla\content\html\content\src\nsGenericHTMLElement.cpp
line 2799]
nsHTMLInputElement::SetValueSecure
[d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLInputElement.cpp
line 521]
nsHTMLInputElement::SetValue
[d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLInputElement.cpp
line 476]
nsHTMLInputElement::RestoreState
[d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLInputElement.cpp
line 2033]
nsFormControlHelper::RestoreContentState
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsFormControlHelper.cpp line
1080]
nsGfxTextControlFrame2::RestoreState
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsGfxTextControlFrame2.cpp
line 3527]
FrameManager::RestoreFrameStateFor
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrameManager.cpp line 2220]
FrameManager::RestoreFrameState
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrameManager.cpp line 2236]
nsCSSFrameConstructor::InitAndRestoreFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 6480]
nsCSSFrameConstructor::ConstructFrameByTag
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 4722]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 7001]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 6911]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 11678]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 5602]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 7005]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 6911]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 11678]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 5602]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 7005]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 6911]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 11678]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 5602]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 7005]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 6972]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 6911]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 11678]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 5602]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 7005]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 6911]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 11678]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 5602]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 7005]
nsCSSFrameConstructor::CreateTreeWidgetContent
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp
line 12705]
nsXULTreeGroupFrame::GetFirstTreeBox
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsXULTreeGroupFrame.cpp line 326]
nsTreeLayout::LazyRowCreator
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsTreeLayout.cpp line 362]
nsTreeLayout::LazyRowCreator
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsTreeLayout.cpp line 373]
nsXULTreeOuterGroupFrame::ReflowFinished
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsXULTreeOuterGroupFrame.cpp
line 1351]
PresShell::HandlePostedReflowCallbacks
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 4947]
PresShell::ProcessReflowCommands
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 6185]
PresShell::FlushPendingNotifications
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 5041]
nsXULTreeOuterGroupFrame::InternalPositionChanged
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsXULTreeOuterGroupFrame.cpp
line 809]
nsXULTreeOuterGroupFrame::PositionChanged
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsXULTreeOuterGroupFrame.cpp
line 669]
nsSliderFrame::SetCurrentPosition
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsSliderFrame.cpp line 816]
nsSliderFrame::HandleEvent
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsSliderFrame.cpp line 596]
PresShell::HandleEventInternal
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 5871]
PresShell::HandleEvent
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp line 5779]
nsView::HandleEvent
[d:\builds\seamonkey\mozilla\view\src\nsView.cpp line 385]
nsViewManager::DispatchEvent
[d:\builds\seamonkey\mozilla\view\src\nsViewManager.cpp line 1914]
HandleEvent
[d:\builds\seamonkey\mozilla\view\src\nsView.cpp line 83]
nsWindow::DispatchEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp line 849]
nsWindow::DispatchWindowEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp line 866]
nsWindow::DispatchMouseEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp line 4424]
ChildWindow::DispatchMouseEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp line 4674]
nsWindow::ProcessMessage
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp line 3390]
nsWindow::WindowProc
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp line 1114]
USER32.DLL + 0x2e98 (0x77e12e98)
USER32.DLL + 0x30e0 (0x77e130e0)
USER32.DLL + 0x5824 (0x77e15824)
nsAppShellService::Run
[d:\builds\seamonkey\mozilla\xpfe\appshell\src\nsAppShellService.cpp line 303]
main1
[d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp line 1285]
main
[d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp line 1602]
WinMain
[d:\builds\seamonkey\mozilla\xpfe\bootstrap\nsAppRunner.cpp line 1620]
WinMainCRTStartup()
KERNEL32.DLL + 0x17d08 (0x77e97d08)
Source File :
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/content/html/content/src/nsGenericHTMLElement.cpp
line : 2799
(38805101) Comments: creating an address list
(38673103) Comments: working with addressing fields of mail/news composition. I've
always experienced random instability with this Mozilla component. I sense it's
with LDAP auto-complete.
(38660341) URL:
http://www.detonation.org/cgi-bin/onit/forumclient.cgi?FORUMID=10&FID=56981#NEW
(38617494)
Comments: Composed a message in HTML format (with images) added several
recipients started to change some of the recipients from "To:" to "Cc:"
(38578773) URL:
http://www.detonation.org/cgi-bin/onit/forumclient.cgi?FORUMID=10&FID=56981#NEW
(38578773)
Comments: http://bugzilla.mozilla.org/show_bug.cgi?id=108704
(38566916)
URL: http://www.detonation.org/cgi-bin/onit/forumclient.cgi?FORUMID=10&FID=56981#NEW
(38554498)
Comments: send a big email with attached file while writing another email
(38522292) Comments: aaargghhhh!!!
(38487518) Comments: Scrolling the recipient list in a message composition window...
THIS HAS HAPPENED REPEATEDLY
Here's the comments from M096 data as well:
Source File :
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/content/html/content/src/nsGenericHTMLElement.cpp
line : 2804
(38777884) Comments: I was editing message filtering rule.
(38773860) Comments: I was adding receipients to an email message
(38716872) Comments: cutting an email address from web page and about to paste into
the email client
(38638817) Comments: Failed to create a mail filter
(38627709) Comments: composing an email - specifically using my mouse wheel to scroll
up on the list of email recepiants for review after keying them in (To: and Cc:
area)
(38610598) Comments: composing email (addressing)
(38598472) Comments: trying to add more than one rule to a single message filter
(38598435) Comments: attempting to add more than one rule to a message filter
(38583779) Comments: clicked on the more button to add to a filter
(38582138) Comments: composing an email...
(38578365) Comments: Adding a new rule (first and only rule) to the mail client's
message filter.
(38569467) Comments: Composing an email. At particular time of failure I was scrolling
through list of people that I planned sending the message to. I had 5 addresses
in my distribution list.
(38561245) Comments: auto completion of e-mail addresses. Addresses were both LDAPand
local address book
(38556409) Comments: send EMAIL!
(38554808) Comments: Adding e-mail addresses to a mail. One e-mail address was suddenly
not display (the field was blank) and when I clicked on that field Mozilla crashed.
(38543270) Comments: I was scrolling in the address list of a mail message I was composing.
(38530056) URL: http://www.centrobank.com
(38530056)
Comments: dhtml
(38508026) Comments: mailnews. sending a message to several recipients. Got an error
message (dialog box) for one of them saying the recipients mailbox quota had
been exceeded (recipient on same ISP). Dismissed the dialog and then clicked on
message window and got a crash.
(38501039) Comments: Changing and adding email recipients
(38498541) Comments: clicking in mailfilters and an then twice the up arrow in the
criteriaselector
(38488089) URL: www.overture.com
(38474459)
Comments: Entering a Filter-Rule in the Mail-Client
(38462627) Comments: Creating a list in the address book. It was a long list. I was
dragging and dropping the addresses. When I clicked OK it died.
(38405871) Comments: I was generating an email-filter rule. after pressing the more
button I tried to scroll down -> mozilla died [:(]
(38367039)
Comments: Scrolling down the recipients list in a message compose window. Almost
reproducible. Cannot find the exact way to reproduce it.
(38365867) Comments: I renamed a mail folder (freshmeat to osdn) then warning occured
that correspondent filter will be updated then afterwards I wanted to edit the
filter renamed it and wanted to add another criteria (MORE) then strange date
has been displayed as
(38365867) Comments: subject then in 1 sec crash
Keywords: topcrash
Summary: Mozilla crashes when form is moved by JavaScript → Mozilla crashes when form is moved by JavaScript M096 & Trunk [@ nsGenericHTMLElement::GetPrimaryFrame]
Comment 12•23 years ago
|
||
*** Bug 114329 has been marked as a duplicate of this bug. ***
Comment 13•23 years ago
|
||
*** Bug 114403 has been marked as a duplicate of this bug. ***
Comment 14•23 years ago
|
||
Here's a recent incident on the MozillaTrunk if it helps:
Incident ID 272145
Stack Signature nsGenericHTMLElement::GetPrimaryFrame ed8e0c95
Trigger Time 2001-12-10 01:44:37
Email Address
URL visited
User Comments
Build ID 2001120509
Product ID MozillaTrunk
Platform
Operating System Win32
Module
Trigger Reason Access violation
Stack Trace
nsGenericHTMLElement::GetPrimaryFrame
[d:\builds\seamonkey\mozilla\content\html\content\src\nsGenericHTMLElement.cpp,
line 2794]
nsHTMLInputElement::SetValueSecure
[d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLInputElement.cpp,
line 521]
nsHTMLInputElement::SetValue
[d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLInputElement.cpp,
line 476]
nsHTMLInputElement::RestoreState
[d:\builds\seamonkey\mozilla\content\html\content\src\nsHTMLInputElement.cpp,
line 2037]
nsFormControlHelper::RestoreContentState
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsFormControlHelper.cpp, line
1080]
nsGfxTextControlFrame2::RestoreState
[d:\builds\seamonkey\mozilla\layout\html\forms\src\nsGfxTextControlFrame2.cpp,
line 3527]
FrameManager::RestoreFrameStateFor
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrameManager.cpp, line 2220]
FrameManager::RestoreFrameState
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsFrameManager.cpp, line 2236]
nsCSSFrameConstructor::InitAndRestoreFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6514]
nsCSSFrameConstructor::ConstructFrameByTag
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 4723]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7035]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6945]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 11729]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 5618]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7039]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6945]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 11729]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 5618]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7039]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6945]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 11729]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 5618]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7039]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7006]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6945]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 11729]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 5618]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7039]
nsCSSFrameConstructor::ConstructFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 6945]
nsCSSFrameConstructor::ProcessChildren
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 11729]
nsCSSFrameConstructor::ConstructXULFrame
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 5618]
nsCSSFrameConstructor::ConstructFrameInternal
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 7039]
nsCSSFrameConstructor::CreateTreeWidgetContent
[d:\builds\seamonkey\mozilla\layout\html\style\src\nsCSSFrameConstructor.cpp,
line 12756]
nsXULTreeGroupFrame::GetFirstTreeBox
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsXULTreeGroupFrame.cpp, line 326]
nsTreeLayout::LazyRowCreator
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsTreeLayout.cpp, line 362]
nsTreeLayout::LazyRowCreator
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsTreeLayout.cpp, line 373]
nsXULTreeOuterGroupFrame::ReflowFinished
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsXULTreeOuterGroupFrame.cpp,
line 1351]
PresShell::HandlePostedReflowCallbacks
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 4947]
PresShell::ProcessReflowCommands
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 6185]
PresShell::FlushPendingNotifications
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5041]
nsXULTreeOuterGroupFrame::InternalPositionChanged
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsXULTreeOuterGroupFrame.cpp,
line 809]
nsXULTreeOuterGroupFrame::PositionChanged
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsXULTreeOuterGroupFrame.cpp,
line 669]
nsSliderFrame::SetCurrentPosition
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsSliderFrame.cpp, line 816]
nsSliderFrame::HandleEvent
[d:\builds\seamonkey\mozilla\layout\xul\base\src\nsSliderFrame.cpp, line 596]
PresShell::HandleEventInternal
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5871]
PresShell::HandleEvent
[d:\builds\seamonkey\mozilla\layout\html\base\src\nsPresShell.cpp, line 5779]
nsView::HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 387]
nsViewManager::DispatchEvent
[d:\builds\seamonkey\mozilla\view\src\nsViewManager.cpp, line 1914]
HandleEvent [d:\builds\seamonkey\mozilla\view\src\nsView.cpp, line 83]
nsWindow::DispatchEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 849]
nsWindow::DispatchWindowEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 866]
nsWindow::DispatchMouseEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 4424]
ChildWindow::DispatchMouseEvent
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 4674]
nsWindow::ProcessMessage
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 3390]
nsWindow::WindowProc
[d:\builds\seamonkey\mozilla\widget\src\windows\nsWindow.cpp, line 1114]
KERNEL32.DLL + 0x363b (0xbff7363b)
KERNEL32.DLL + 0x245af (0xbff945af)
0x00688bfe
This continues to be topcrasher for M096 and there are a few incidents with
recent MozillaTrunk builds as well. Adding qawanted to see if we can reproduce
with any builds after 12/5 (which is the last build Talkback currently shows
this crashing with).
This bug is also missing a target milestone...
Keywords: qawanted
Comment 15•23 years ago
|
||
I believe this was fixed by dbaron a week ago or so, can someone still reproduce
this?
Comment 16•23 years ago
|
||
madhur: see if you can reproduce this with any build after 12/5. if not, we can
mark this fixed according to jst's comment #15.
i'm not sure if i'm allowed to change the target milestone or not...but since
this was just fixed recently, i'm going to make it mozilla0.9.7.
Target Milestone: --- → mozilla0.9.7
Comment 17•23 years ago
|
||
Even if this isn't fixed yet, it most likely won't be fixed for mozilla0.9.7,
moving to mozilla0.9.8 to avoid having this hold mozilla0.9.7 from being released.
Target Milestone: mozilla0.9.7 → mozilla0.9.8
Reporter | ||
Comment 18•23 years ago
|
||
from the testcase it seems like this bug is fixed. Does not crash anymore when
hitting "Quickpost". This is on a 2001121306 Linux.
Comment 19•23 years ago
|
||
The bug jst mentioned in comment 15 was bug 114220, fixed in 2001-12-11 builds
or later.
Comment 20•23 years ago
|
||
WFM on
win2k build : 2001-12-17-06trunk
redhatlinux 7.1 build : 2001-20-01-08trunk
macos9.1 build : 2001-20-01-06trunk
I do not get any crash. We can go ahead and mark this fixed.
Comment 21•23 years ago
|
||
ok
*** This bug has been marked as a duplicate of 114220 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Updated•14 years ago
|
Crash Signature: [@ nsGenericHTMLElement::GetPrimaryFrame]
You need to log in
before you can comment on or make changes to this bug.
Description
•