Closed Bug 133633 Opened 23 years ago Closed 23 years ago

Trunk M1RC2 crash accepting cookies/images [@ libgdk-1.2.so.0 | libX11.so.6 - nsRenderingContextGTK::FillRect]

Categories

(Core :: Networking: Cookies, defect)

x86
Linux
defect
Not set
critical

Tracking

()

VERIFIED DUPLICATE of bug 110112

People

(Reporter: jay, Assigned: danm.moz)

References

Details

(Keywords: crash, testcase, topcrash+, Whiteboard: [adt1] [ETA Needed])

Crash Data

Attachments

(1 file)

There have been quite a few crashes recently on the MozillaTrunk with Linux users accepting cookies and/or images. Here is one set of Talkback crashes: Count Offset Real Signature [ 2 libgdk-1.2.so.0 + 0x15135 (0x40360135) 7b099014 - nsRenderingContextGTK::FillRect() ] Crash date range: 2002-03-20 to 2002-03-20 Min/Max Seconds since last crash: 505 - 17483 Min/Max Runtime: 94384 - 94889 Keyword List : Count Platform List 2 Linux 2.4.9-31 Count Build Id List 2 2002031808 No of Unique Users 1 Stack trace(Frame) libgdk-1.2.so.0 + 0x15135 (0x40360135) nsRenderingContextGTK::FillRect() nsRenderingContextGTK::FillRect() nsCSSRendering::PaintBackgroundWithSC() nsCSSRendering::PaintBackground() nsHTMLContainerFrame::Paint() CanvasFrame::Paint() PresShell::Paint() nsView::Paint() nsViewManager::RenderDisplayListElement() nsViewManager::RenderViews() nsViewManager::Refresh() nsViewManager::DispatchEvent() HandleEvent() nsWidget::DispatchEvent() nsWidget::DispatchWindowEvent() nsWindow::DoPaint() nsWindow::Update() nsWindow::Update() nsWindow::UpdateIdle() libglib-1.2.so.0 + 0x1283d (0x4039783d) libglib-1.2.so.0 + 0x117f3 (0x403967f3) libglib-1.2.so.0 + 0x11dd9 (0x40396dd9) libglib-1.2.so.0 + 0x11f8c (0x40396f8c) libgtk-1.2.so.0 + 0x94803 (0x402aa803) nsAppShell::Run() nsAppShellService::Run() main1() main() libc.so.6 + 0x1c627 (0x404f5627) (4276421) URL: http://www.povertyfighters.com/ (4276421) Comments: with `ask me before images/cookies' enabled visit above URL. Answer `yes' to`...wants to load an image' with `remember' checked. Get broken dialog (image: http://www.mit.edu/~yandros/mozilla-broken-dialog.gif). If you hit `no' the pageloads (4276421) Comments: normally. If you hit `yes' mozilla crashes. (4275792) URL: http://www.povertyfighters.com/ (4275792) Comments: As before visit new web site with ``ask me before images/cookies''. Getdialog ``site wants to load an image.'' select `yes remember'. Get same(multiple dialogs sometimes mapped at the same time with the same content).accept them all mozilla (4275792) Comments: crashes. And some more user comments: (4469433) Comments: asked if I want to permit a cookie chose `yes remember'. Asked if I want to allow an image. Chose `yes remember'. Mozilla crashes. (4467841) URL: http://www.compuserve.com (4467841) Comments: 1. Clicked on the Link "More..." in the box titled "My Compuserve". 2. Answered some questions about loading images and setting cookies. (4404926) URL: jnaudin.free.fr (4286692) URL: http://vmyths.com/rant.cfm?id=410&page=4 (4286692) Comments: asked if I wanted to allow a cookie (no remember).asked if I wanted to allow images (yes remember).mozilla crash. Unlike previous reports single instance of each dialog. (4276421) URL: http://www.povertyfighters.com/ (4276421) Comments: with `ask me before images/cookies' enabled visit above URL. Answer `yes' to`...wants to load an image' with `remember' checked. Get broken dialog (image: http://www.mit.edu/~yandros/mozilla-broken-dialog.gif). If you hit `no' the pageloads (4276421) Comments: normally. If you hit `yes' mozilla crashes. (4275792) URL: http://www.povertyfighters.com/ (4275792) Comments: As before visit new web site with ``ask me before images/cookies''. Getdialog ``site wants to load an image.'' select `yes remember'. Get same(multiple dialogs sometimes mapped at the same time with the same content).accept them all mozilla (4275792) Comments: crashes. (4217876) URL: http://www.viewsonicoutlet.com (4217876) Comments: with `ask me before accepting images' and `ask me before accepting cookies' enabled I get a crash shortly after answering the dialogs.
One user even submitted an entire stack as his comments: Incident ID 4288666 Stack Signature libgdk-1.2.so.0 + 0x15135 (0x40360135) 6634a24b Trigger Time 2002-03-20 20:02:53 Email Address URL visited http://oeone.com/ Build ID 2002031808 Product ID MozillaTrunk Platform Operating System LinuxIntel Module Trigger Reason SIGSEGV: Segmentation Fault: (signal 11) User Comments Here's the backtrace: #0 0x40360135 in gdk_draw_rectangle () from /usr/lib/libgdk-1.2.so.0 #1 0x4140dbe7 in NSGetModule () from /local/usr/mozilla/components/libgfx_gtk.so #2 0x4140daf8 in NSGetModule () from /local/usr/mozilla/components/libgfx_gtk.so #3 0x418b93b1 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #4 0x418b8eb4 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #5 0x418303f1 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #6 0x41831426 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #7 0x4185c149 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #8 0x419f6e9b in NSGetModule () from /local/usr/mozilla/components/libgkview.so #9 0x419ff03c in NSGetModule () from /local/usr/mozilla/components/libgkview.so #10 0x419feecb in NSGetModule () from /local/usr/mozilla/components/libgkview.so #11 0x419fdf2a in NSGetModule () from /local/usr/mozilla/components/libgkview.so #12 0x41a0019a in NSGetModule () from /local/usr/mozilla/components/libgkview.so #13 0x419f6a1d in NSGetModule () from /local/usr/mozilla/components/libgkview.so #14 0x412f6dfa in NSGetModule () from /local/usr/mozilla/components/libwidget_gtk.so #15 0x412f6d25 in NSGetModule () from /local/usr/mozilla/components/libwidget_gtk.so #16 0x412f9b39 in NSGetModule () from /local/usr/mozilla/components/libwidget_gtk.so #17 0x412f9cb5 in NSGetModule () from /local/usr/mozilla/components/libwidget_gtk.so #18 0x412f99ed in NSGetModule () from /local/usr/mozilla/components/libwidget_gtk.so #19 0x4039783d in g_idle_dispatch () from /usr/lib/libglib-1.2.so.0 #20 0x403967f3 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0 #21 0x40396dd9 in g_main_iterate () from /usr/lib/libglib-1.2.so.0 #22 0x40396ebe in g_main_iteration () from /usr/lib/libglib-1.2.so.0 #23 0x412eb774 in NSGetModule () from /local/usr/mozilla/components/libwidget_gtk.so #24 0x412c51c7 in fullsoft_copyright () from /local/usr/mozilla/components/libnsappshell.so #25 0x412ce550 in fullsoft_copyright () from /local/usr/mozilla/components/libnsappshell.so #26 0x412c34be in fullsoft_copyright () from /local/usr/mozilla/components/libnsappshell.so #27 0x40662c6e in NSGetModule () from /local/usr/mozilla/components/libembedcomponents.so #28 0x40661d6e in NSGetModule () from /local/usr/mozilla/components/libembedcomponents.so #29 0x40661004 in NSGetModule () from /local/usr/mozilla/components/libembedcomponents.so #30 0x40660229 in NSGetModule () from /local/usr/mozilla/components/libembedcomponents.so #31 0x4065ef70 in NSGetModule () from /local/usr/mozilla/components/libembedcomponents.so #32 0x4117246a in NSGetModule () from /local/usr/mozilla/components/libcookie.so #33 0x41172727 in NSGetModule () from /local/usr/mozilla/components/libcookie.so #34 0x41172191 in NSGetModule () from /local/usr/mozilla/components/libcookie.so #35 0x4116cec2 in NSGetModule () from /local/usr/mozilla/components/libcookie.so #36 0x40e21b43 in NSGetModule () from /local/usr/mozilla/components/libgkcontent.so #37 0x40e21bac in NSGetModule () from /local/usr/mozilla/components/libgkcontent.so #38 0x4183aae2 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #39 0x418399d6 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #40 0x4183990f in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #41 0x41835f7e in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #42 0x418a5c5f in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #43 0x418a2632 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #44 0x418a6a22 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #45 0x418a66e1 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #46 0x418b0db2 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #47 0x4189e7c3 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #48 0x4189f154 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #49 0x4189ed81 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #50 0x4189e1dc in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #51 0x4189f0e6 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #52 0x4189ed81 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #53 0x4189de63 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #54 0x4189f0b5 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #55 0x4189ed81 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #56 0x4189da8b in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #57 0x418a57b4 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #58 0x418a6afd in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #59 0x418a66e1 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #60 0x418b0db2 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #61 0x4189e7c3 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #62 0x4189f154 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #63 0x4189ed81 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #64 0x4189e1dc in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #65 0x4189f0e6 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #66 0x4189ed81 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #67 0x4189de63 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #68 0x4189f0b5 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #69 0x4189ed81 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #70 0x4189da8b in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #71 0x418a57b4 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #72 0x418a6afd in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #73 0x418a66e1 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #74 0x418b2e02 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #75 0x418b2bc7 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #76 0x418a5532 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #77 0x418a6afd in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #78 0x418a66e1 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #79 0x418b2e02 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #80 0x418b2bc7 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #81 0x418a5532 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #82 0x418a6afd in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #83 0x418a66e1 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #84 0x418a91c0 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #85 0x40e75e97 in NSGetModule () from /local/usr/mozilla/components/libgkcontent.so #86 0x4185b300 in NSGetModule () from /local/usr/mozilla/components/libgklayout.so #87 0x40e2759e in NSGetModule () from /local/usr/mozilla/components/libgkcontent.so #88 0x40d3dbf1 in NSGetModule () from /local/usr/mozilla/components/libgkcontent.so #89 0x40d373bf in NSGetModule () from /local/usr/mozilla/components/libgkcontent.so #90 0x40d30768 in NSGetModule () from /local/usr/mozilla/components/libgkcontent.so #91 0x40d32e68 in NSGetModule () from /local/usr/mozilla/components/libgkcontent.so #92 0x40bf1be7 in NSGetModule () from /local/usr/mozilla/components/libhtmlpars.so #93 0x40bf235a in NSGetModule () from /local/usr/mozilla/components/libhtmlpars.so #94 0x40bf2456 in NSGetModule () from /local/usr/mozilla/components/libhtmlpars.so #95 0x40bf26c9 in NSGetModule () from /local/usr/mozilla/components/libhtmlpars.so #96 0x40bed972 in NSGetModule () from /local/usr/mozilla/components/libhtmlpars.so #97 0x40bfeb1c in NSGetModule () from /local/usr/mozilla/components/libhtmlpars.so #98 0x40bff7c5 in NSGetModule () from /local/usr/mozilla/components/libhtmlpars.so #99 0x40bfec6f in NSGetModule () from /local/usr/mozilla/components/libhtmlpars.so #100 0x40d378bc in NSGetModule () from /local/usr/mozilla/components/libgkcontent.so #101 0x40e84eaa in NSGetModule () from /local/usr/mozilla/components/libgkcontent.so #102 0x40e84cf8 in NSGetModule () from /local/usr/mozilla/components/libgkcontent.so #103 0x40e85f54 in NSGetModule () from /local/usr/mozilla/components/libgkcontent.so #104 0x407223e2 in NSGetModule () from /local/usr/mozilla/components/libnecko.so #105 0x40721a0a in NSGetModule () from /local/usr/mozilla/components/libnecko.so #106 0x407535fd in NSGetModule () from /local/usr/mozilla/components/libnecko.so #107 0x40766bb8 in NSGetModule () from /local/usr/mozilla/components/libnecko.so #108 0x40711044 in NSGetModule () from /local/usr/mozilla/components/libnecko.so #109 0x40165c07 in PL_HandleEvent () from /usr/local/mozilla/libxpcom.so #110 0x40165b23 in PL_ProcessPendingEvents () from /usr/local/mozilla/libxpcom.so #111 0x40166a58 in nsEventQueueImpl::ProcessPendingEvents () from /usr/local/mozilla/libxpcom.so #112 0x412eb273 in NSGetModule () from /local/usr/mozilla/components/libwidget_gtk.so #113 0x412eafed in NSGetModule () from /local/usr/mozilla/components/libwidget_gtk.so #114 0x4039501e in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0 #115 0x403967f3 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0 #116 0x40396dd9 in g_main_iterate () from /usr/lib/libglib-1.2.so.0 #117 0x40396f8c in g_main_run () from /usr/lib/libglib-1.2.so.0 #118 0x402aa803 in gtk_main () from /usr/lib/libgtk-1.2.so.0 #119 0x412eb704 in NSGetModule () from /local/usr/mozilla/components/libwidget_gtk.so #120 0x412cabc6 in fullsoft_copyright () from /local/usr/mozilla/components/libnsappshell.so #121 0x080504a9 in main1 () #122 0x08050cf7 in main () #123 0x404f5627 in __libc_start_main (main=Error accessing memory address 0xbfffe220: No such process. ) at ../sysdeps/generic/libc-start.c:129 Error accessing memory address 0xbfffe218: No such process. Also, debugging under gdb (GNU gdb Red Hat Linux (5.1-0.71) causes gdb to fail with `generic error' if you try to quit. Stack Trace libgdk-1.2.so.0 + 0x15135 (0x40360135) nsRenderingContextGTK::FillRect() nsRenderingContextGTK::FillRect() nsCSSRendering::PaintBackgroundWithSC() nsCSSRendering::PaintBackground() nsHTMLContainerFrame::Paint() CanvasFrame::Paint() PresShell::Paint() nsView::Paint() nsViewManager::RenderDisplayListElement() nsViewManager::RenderViews() nsViewManager::Refresh() nsViewManager::DispatchEvent() HandleEvent() nsWidget::DispatchEvent() nsWidget::DispatchWindowEvent() nsWindow::DoPaint() nsWindow::Update() nsWindow::UpdateIdle() libglib-1.2.so.0 + 0x1283d (0x4039783d) libglib-1.2.so.0 + 0x117f3 (0x403967f3) libglib-1.2.so.0 + 0x11dd9 (0x40396dd9) libglib-1.2.so.0 + 0x11ebe (0x40396ebe) nsAppShell::DispatchNativeEvent() nsXULWindow::ShowModal() nsWebShellWindow::ShowModal() nsContentTreeOwner::ShowAsModal() nsWindowWatcher::OpenWindowJS() nsWindowWatcher::OpenWindow() nsPromptService::DoDialog() nsPromptService::ConfirmEx() nsPrompt::ConfirmEx() permission_CheckConfirmYN() Permission_Check() IMAGE_CheckForPermission() nsImgManager::ShouldLoad() nsContentPolicy::CheckPolicy() nsContentPolicy::ShouldLoad() nsImageFrame::CanLoadImage() nsImageFrame::RealLoadImage() nsImageFrame::LoadImage() nsImageFrame::Init() nsCSSFrameConstructor::InitAndRestoreFrame() nsCSSFrameConstructor::ConstructHTMLFrame() nsCSSFrameConstructor::ConstructFrameInternal() nsCSSFrameConstructor::ConstructFrame() nsCSSFrameConstructor::ProcessChildren() nsCSSFrameConstructor::ConstructTableCellFrame() nsCSSFrameConstructor::TableProcessChild() nsCSSFrameConstructor::TableProcessChildren() nsCSSFrameConstructor::ConstructTableRowFrame() nsCSSFrameConstructor::TableProcessChild() nsCSSFrameConstructor::TableProcessChildren() nsCSSFrameConstructor::ConstructTableRowGroupFrame() nsCSSFrameConstructor::TableProcessChild() nsCSSFrameConstructor::TableProcessChildren() nsCSSFrameConstructor::ConstructTableFrame() nsCSSFrameConstructor::ConstructFrameByDisplayType() nsCSSFrameConstructor::ConstructFrameInternal() nsCSSFrameConstructor::ConstructFrame() nsCSSFrameConstructor::ProcessChildren() nsCSSFrameConstructor::ConstructTableCellFrame() nsCSSFrameConstructor::TableProcessChild() nsCSSFrameConstructor::TableProcessChildren() nsCSSFrameConstructor::ConstructTableRowFrame() nsCSSFrameConstructor::TableProcessChild() nsCSSFrameConstructor::TableProcessChildren() nsCSSFrameConstructor::ConstructTableRowGroupFrame() nsCSSFrameConstructor::TableProcessChild() nsCSSFrameConstructor::TableProcessChildren() nsCSSFrameConstructor::ConstructTableFrame() nsCSSFrameConstructor::ConstructFrameByDisplayType() nsCSSFrameConstructor::ConstructFrameInternal() nsCSSFrameConstructor::ConstructFrame() nsCSSFrameConstructor::ProcessBlockChildren() nsCSSFrameConstructor::ConstructBlock() nsCSSFrameConstructor::ConstructFrameByDisplayType() nsCSSFrameConstructor::ConstructFrameInternal() nsCSSFrameConstructor::ConstructFrame() nsCSSFrameConstructor::ProcessBlockChildren() nsCSSFrameConstructor::ConstructBlock() nsCSSFrameConstructor::ConstructFrameByDisplayType() nsCSSFrameConstructor::ConstructFrameInternal() nsCSSFrameConstructor::ConstructFrame() nsCSSFrameConstructor::ContentAppended() StyleSetImpl::ContentAppended() PresShell::ContentAppended() nsDocument::ContentAppended() nsHTMLDocument::ContentAppended() HTMLContentSink::NotifyAppend() SinkContext::FlushTags() HTMLContentSink::CloseBody() CNavDTD::CloseBody() CNavDTD::CloseContainer() CNavDTD::CloseContainersTo() CNavDTD::CloseContainersTo() CNavDTD::DidBuildModel() nsParser::DidBuildModel() nsParser::ResumeParse() nsParser::ContinueParsing()
Keywords: crash, qawanted, topcrash
Looks like it's the modal dialog issue. cc'ing danm
From the stacktrace, it appears that the problem is due to the dispatching of events while the modal dialog is being displayed. Therefore reassigning to danm.
Assignee: morse → danm
dupe of bug 57188? see also bug 128677, bug 126092 and bug 133433
Attached file test case - background image (deleted) —
With the above attachment and a break point in nsImgMananger::ShouldLoad, I get the following stack trace. It goes on to crash after one of the dialogues closes. (gdb) where #0 nsImgManager::ShouldLoad (this=0x855fe40, aContentType=2, aContentLoc=0x864d5f8, aContext=0x8618210, aWindow=0x84ec744, _retval=0xbfffcd6c) at nsImgManager.cpp:167 #1 0x41098ee3 in nsContentPolicy::CheckPolicy (this=0x8560178, policyType=0, contentType=2, contentLocation=0x864d5f8, context=0x8618210, window=0x84ec744, shouldProceed=0xbfffcd6c) at nsContentPolicy.cpp:140 #2 0x41098fb3 in nsContentPolicy::ShouldLoad (this=0x8560178, contentType=2, contentLocation=0x864d5f8, context=0x8618210, window=0x84ec744, shouldLoad=0xbfffcd6c) at nsContentPolicy.cpp:166 #3 0x41e59ac9 in NS_CheckContentLoadPolicy (contentType=2, aURI=0x864d5f8, context=0x8618210, window=0x84ec744, shouldLoad=0xbfffcd6c) at ../../../dist/include/content/nsContentPolicyUtils.h:56 #4 0x41dda05e in nsPresContext::LoadImage (this=0x84fc468, aURL=@0xbfffd0d0, aTargetFrame=0x85edfc0, aRequest=0xbfffd040) at nsPresContext.cpp:1510 #5 0x41d37de1 in nsCSSRendering::PaintBackgroundWithSC ( aPresContext=0x84fc468, aRenderingContext=@0x864b078, aForFrame=0x85edfc0, aDirtyRect=@0xbfffd3e0, aBorderArea=@0xbfffd190, aColor=@0xbfffd0c0, aBorder=@0x865cb14, aDX=0, aDY=0, aUsePrintSettings=0) at nsCSSRendering.cpp:2751 #6 0x41d377d0 in nsCSSRendering::PaintBackground (aPresContext=0x84fc468, aRenderingContext=@0x864b078, aForFrame=0x85edfc0, aDirtyRect=@0xbfffd3e0, aBorderArea=@0xbfffd190, aBorder=@0x865cb14, aDX=0, aDY=0, aUsePrintSettings=0) at nsCSSRendering.cpp:2633 #7 0x41c6f36c in nsHTMLContainerFrame::Paint (this=0x85edfc0, aPresContext=0x84fc468, aRenderingContext=@0x864b078, aDirtyRect=@0xbfffd3e0, aWhichLayer=eFramePaintLayer_Underlay, aFlags=0) at nsHTMLContainerFrame.cpp:95 #8 0x41c70ebc in CanvasFrame::Paint (this=0x85edfc0, aPresContext=0x84fc468, aRenderingContext=@0x864b078, aDirtyRect=@0xbfffd3e0, aWhichLayer=eFramePaintLayer_Underlay, aFlags=0) at nsHTMLFrame.cpp:388 #9 0x41cb0aaa in PresShell::Paint (this=0x8502560, aView=0x865e268, aRenderingContext=@0x864b078, aDirtyRect=@0xbfffd3e0) at nsPresShell.cpp:5773 #10 0x4194aafc in nsView::Paint (this=0x865e268, rc=@0x864b078, rect=@0xbfffd3e0, aPaintFlags=0, aResult=@0xbfffd418) at nsView.cpp:278 #11 0x41954ca7 in nsViewManager::RenderDisplayListElement (this=0x861c0a0, element=0x864afe0, aRC=@0x864b078) at nsViewManager.cpp:1179 #12 0x41954ae5 in nsViewManager::RenderViews (this=0x861c0a0, aRootView=0x865dfa8, aRC=@0x864b078, aRect=@0xbfffd4f0, aResult=@0xbfffd54c) at nsViewManager.cpp:1127 #13 0x4195370f in nsViewManager::Refresh (this=0x861c0a0, aView=0x865dfa8, aContext=0x864b078, aRegion=0x85e2ea8, aUpdateFlags=1) at nsViewManager.cpp:720 #14 0x41956426 in nsViewManager::DispatchEvent (this=0x861c0a0, aEvent=0xbfffd7d0, aStatus=0xbfffd650) at nsViewManager.cpp:1720 #15 0x4194a3d2 in HandleEvent (aEvent=0xbfffd7d0) at nsView.cpp:80 #16 0x413b9742 in nsWidget::DispatchEvent (this=0x865e038, aEvent=0xbfffd7d0, aStatus=@0xbfffd70c) at nsWidget.cpp:1483 #17 0x413b935a in nsWidget::DispatchWindowEvent (this=0x865e038, event=0xbfffd7d0) at nsWidget.cpp:1371 #18 0x413be35c in nsWindow::DoPaint (this=0x865e038, aX=0, aY=0, aWidth=800, aHeight=792, aClipRegion=0x865df30) at nsWindow.cpp:759 #19 0x413be5c5 in nsWindow::Update (this=0x865e038) at nsWindow.cpp:805 #20 0x413bdf44 in nsWindow::UpdateIdle (data=0x0) at nsWindow.cpp:668 #21 0x404bd79d in g_idle_dispatch () from /usr/lib/libglib-1.2.so.0 #22 0x404bc773 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0 #23 0x404bcd39 in g_main_iterate () from /usr/lib/libglib-1.2.so.0 #24 0x404bce1e in g_main_iteration () from /usr/lib/libglib-1.2.so.0 #25 0x413a778e in nsAppShell::DispatchNativeEvent (this=0x864ae50, aRealEvent=0, aEvent=0x0) at nsAppShell.cpp:401 #26 0x41341dcb in nsXULWindow::ShowModal (this=0x86619e0) at nsXULWindow.cpp:285 #27 0x4134fe5f in nsWebShellWindow::ShowModal (this=0x86619e0) at nsWebShellWindow.cpp:1088 #28 0x4133f84b in nsContentTreeOwner::ShowAsModal (this=0x864a228) at nsContentTreeOwner.cpp:441 #29 0x407b0e8d in nsWindowWatcher::OpenWindowJS (this=0x8184b10, aParent=0x80e41e4, aUrl=0x407edb40 "chrome://global/content/commonDialog.xul", aName=0x407edec3 "_blank", aFeatures=0x407edea0 "centerscreen,chrome,modal,titlebar", aDialog=1, argc=1, argv=0x8505258, _retval=0xbfffddf0) at nsWindowWatcher.cpp:704 #30 0x407af30f in nsWindowWatcher::OpenWindow (this=0x8184b10, aParent=0x80e41e4, aUrl=0x407edb40 "chrome://global/content/commonDialog.xul", aName=0x407edec3 "_blank", aFeatures=0x407edea0 "centerscreen,chrome,modal,titlebar", aArguments=0x8430378, _retval=0xbfffddf0) at nsWindowWatcher.cpp:451 #31 0x407adec0 in nsPromptService::DoDialog (this=0x85aadd0, aParent=0x80e41e4, aParamBlock=0x8430378, aChromeURL=0x407edb40 "chrome://global/content/commonDialog.xul") at nsPromptService.cpp:629 #32 0x407ac8af in nsPromptService::ConfirmEx (this=0x85aadd0, parent=0x80e41e4, dialogTitle=0x8627208, text=0x86614a0, buttonFlags=0, button0Title=0x0, button1Title=0x0, button2Title=0x0, checkMsg=0x8645f00, checkValue=0xbfffe0e8, buttonPressed=0xbfffe048) at nsPromptService.cpp:347 #33 0x407aafe1 in nsPrompt::ConfirmEx (this=0x855fe08, dialogTitle=0x8627208, text=0x86614a0, buttonFlags=1027, button0Title=0x0, button1Title=0x0, button2Title=0x0, checkMsg=0x8645f00, checkValue=0xbfffe0e8, buttonPressed=0xbfffe048) at nsPrompt.cpp:167 #34 0x412fccec in permission_CheckConfirmYN (aPrompter=0x855fe08, szMessage=0x86614a0, szCheckMessage=0x8645f00, checkValue=0xbfffe0e8) at nsPermissions.cpp:99 #35 0x412fcff5 in Permission_Check (aPrompter=0x855fe08, hostname=0xbfffe1f0 "bugzilla.mozilla.org", type=1, warningPref=1, message=0x86614a0) at nsPermissions.cpp:203 #36 0x412fc9d2 in IMAGE_CheckForPermission (aPrompter=0x855fe08, hostname=0xbfffe1f0 "bugzilla.mozilla.org", firstHostname=0xbfffe240 "itchy.ecs.soton.ac.uk", permission=0xbfffe4ac) at nsImages.cpp:191 #37 0x412f648e in nsImgManager::ShouldLoad (this=0x855fe40, aContentType=2, aContentLoc=0x8660e50, aContext=0x8660844, aWindow=0x84ec744, _retval=0xbfffe4ac) at nsImgManager.cpp:177 #38 0x41098ee3 in nsContentPolicy::CheckPolicy (this=0x8560178, policyType=0, contentType=2, contentLocation=0x8660e50, context=0x8660844, window=0x84ec744, shouldProceed=0xbfffe4ac) at nsContentPolicy.cpp:140 #39 0x41098fb3 in nsContentPolicy::ShouldLoad (this=0x8560178, contentType=2, contentLocation=0x8660e50, context=0x8660844, window=0x84ec744, shouldLoad=0xbfffe4ac) at nsContentPolicy.cpp:166 #40 0x41e59ac9 in NS_CheckContentLoadPolicy (contentType=2, aURI=0x8660e50, context=0x8660844, window=0x84ec744, shouldLoad=0xbfffe4ac) at ../../../dist/include/content/nsContentPolicyUtils.h:56 #41 0x41e595f5 in nsImageFrame::CanLoadImage (this=0x865e9e0, aURI=0x8660e50) at nsImageFrame.cpp:2097 #42 0x41c7dc17 in nsImageFrame::RealLoadImage (this=0x865e9e0, aSpec=@0xbfffe640, aPresContext=0x84fc468, aRequest=0x865f538, aCheckContentPolicy=1) at nsImageFrame.cpp:1936 #43 0x41c7daee in nsImageFrame::LoadImage (this=0x865e9e0, aSpec=@0xbfffe640, aPresContext=0x84fc468, aRequest=0x865f538, aCheckContentPolicy=1) at nsImageFrame.cpp:1909 #44 0x41c789ae in nsImageFrame::Init (this=0x865e9e0, aPresContext=0x84fc468, aContent=0x8660820, aParent=0x865e618, aContext=0x865e98c, aPrevInFlow=0x0) at nsImageFrame.cpp:325 #45 0x41d1bea9 in nsCSSFrameConstructor::InitAndRestoreFrame (this=0x861c4f0, aPresContext=0x84fc468, aState=@0xbfffea00, aContent=0x8660820, aParentFrame=0x865e618, aStyleContext=0x865e98c, aPrevInFlow=0x0, aNewFrame=0x865e9e0) at nsCSSFrameConstructor.cpp:6554 #46 0x41d17b5b in nsCSSFrameConstructor::ConstructHTMLFrame (this=0x861c4f0, aPresShell=0x8502560, aPresContext=0x84fc468, aState=@0xbfffea00, aContent=0x8660820, aParentFrame=0x865e618, aTag=0x8129f78, aNameSpaceID=3, aStyleContext=0x865e98c, aFrameItems=@0xbfffead0) at nsCSSFrameConstructor.cpp:4796 #47 0x41d1d5c5 in nsCSSFrameConstructor::ConstructFrameInternal ( this=0x861c4f0, aPresShell=0x8502560, aPresContext=0x84fc468, aState=@0xbfffea00, aContent=0x8660820, aParentFrame=0x865e618, aTag=0x8129f78, aNameSpaceID=3, aStyleContext=0x865e98c, aFrameItems=@0xbfffead0, aXBLBaseTag=0) at nsCSSFrameConstructor.cpp:7166 #48 0x41d1cffd in nsCSSFrameConstructor::ConstructFrame (this=0x861c4f0, aPresShell=0x8502560, aPresContext=0x84fc468, aState=@0xbfffea00, aContent=0x8660820, aParentFrame=0x865e618, aFrameItems=@0xbfffead0) at nsCSSFrameConstructor.cpp:7062 #49 0x41d20ea9 in nsCSSFrameConstructor::ContentAppended (this=0x861c4f0, aPresContext=0x84fc468, aContainer=0x85ff788, aNewIndexInContainer=0) at nsCSSFrameConstructor.cpp:8215 #50 0x41121f01 in StyleSetImpl::ContentAppended (this=0x861c460, aPresContext=0x84fc468, aContainer=0x85ff788, aNewIndexInContainer=0) at nsStyleSet.cpp:1429 #51 0x41caf01e in PresShell::ContentAppended (this=0x8502560, aDocument=0x8631840, aContainer=0x85ff788, aNewIndexInContainer=0) at nsPresShell.cpp:5154 #52 0x4109fd66 in nsDocument::ContentAppended (this=0x8631840, aContainer=0x85ff788, aNewIndexInContainer=0) at nsDocument.cpp:1893 #53 0x40f48a6d in nsHTMLDocument::ContentAppended (this=0x8631840, aContainer=0x85ff788, aNewIndexInContainer=0) at nsHTMLDocument.cpp:1335 #54 0x40f3f92c in HTMLContentSink::NotifyAppend (this=0x85f7b28, aContainer=0x85ff788, aStartIndex=0) at nsHTMLContentSink.cpp:4807 #55 0x40f35be7 in SinkContext::FlushTags (this=0x860a000, aNotify=1) at nsHTMLContentSink.cpp:2182 #56 0x40f39c9a in HTMLContentSink::CloseBody (this=0x85f7b28, aNode=@0x85fbf38) at nsHTMLContentSink.cpp:3223 #57 0x40b7ef82 in CNavDTD::CloseBody (this=0x85ff880, aNode=0x85fbf38) at CNavDTD.cpp:3188 #58 0x40b7f96e in CNavDTD::CloseContainer (this=0x85ff880, aNode=0x85fbf38, aTarget=eHTMLTag_body, aClosedByStartTag=0) at CNavDTD.cpp:3537 #59 0x40b7fb0a in CNavDTD::CloseContainersTo (this=0x85ff880, anIndex=1, aTarget=eHTMLTag_body, aClosedByStartTag=0) at CNavDTD.cpp:3600 #60 0x40b7fed7 in CNavDTD::CloseContainersTo (this=0x85ff880, aTarget=eHTMLTag_body, aClosedByStartTag=0) at CNavDTD.cpp:3756 #61 0x40b7994e in CNavDTD::DidBuildModel (this=0x85ff880, anErrorCode=0, aNotifySink=1, aParser=0x8618108, aSink=0x85f7b28) at CNavDTD.cpp:614 #62 0x40b8c185 in nsParser::DidBuildModel (this=0x8618108, anErrorCode=0) at nsParser.cpp:1248 #63 0x40b8d1ac in nsParser::ResumeParse (this=0x8618108, allowIteration=1, aIsFinalChunk=1, aCanInterrupt=1) at nsParser.cpp:1776 #64 0x40b8edf4 in nsParser::OnStopRequest (this=0x8618108, request=0x860d0f8, aContext=0x0, status=0) at nsParser.cpp:2417 #65 0x40c38eeb in nsDocumentOpenInfo::OnStopRequest (this=0x84dd1d0, request=0x860d0f8, aCtxt=0x0, aStatus=0) at nsURILoader.cpp:254 #66 0x409be1eb in nsStreamListenerTee::OnStopRequest (this=0x8645f80, request=0x860d0f8, context=0x0, status=0) at nsStreamListenerTee.cpp:24 #67 0x40a01f9c in nsHttpChannel::OnStopRequest (this=0x860d0f8, request=0x857cee4, ctxt=0x0, status=0) at nsHttpChannel.cpp:2811 #68 0x40a2f6bc in nsOnStopRequestEvent::HandleEvent (this=0x8505288) at nsRequestObserverProxy.cpp:212 #69 0x409a6580 in nsARequestObserverEvent::HandlePLEvent (plev=0x8505288) at nsRequestObserverProxy.cpp:115 #70 0x4021fca4 in PL_HandleEvent (self=0x8505288) at plevent.c:596 #71 0x4021fab9 in PL_ProcessPendingEvents (self=0x80f5e18) at plevent.c:526 #72 0x40221cea in nsEventQueueImpl::ProcessPendingEvents (this=0x80f5dd0) at nsEventQueue.cpp:388 #73 0x413a7074 in event_processor_callback (data=0x80f5dd0, source=7, condition=GDK_INPUT_READ) at nsAppShell.cpp:184 #74 0x413a6c53 in our_gdk_io_invoke (source=0x81fb188, condition=G_IO_IN, data=0x81fb178) at nsAppShell.cpp:77 #75 0x404baf9e in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0 #76 0x404bc773 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0 #77 0x404bcd39 in g_main_iterate () from /usr/lib/libglib-1.2.so.0 #78 0x404bceec in g_main_run () from /usr/lib/libglib-1.2.so.0 #79 0x403d7333 in gtk_main () from /usr/lib/libgtk-1.2.so.0 #80 0x413a76e9 in nsAppShell::Run (this=0x8165fd8) at nsAppShell.cpp:364 #81 0x41349f41 in nsAppShellService::Run (this=0x8165910) at nsAppShellService.cpp:308 #82 0x0805cc51 in main1 (argc=3, argv=0xbffff584, nativeApp=0x0) at nsAppRunner.cpp:1415 #83 0x0805d8cf in main (argc=3, argv=0xbffff584) at nsAppRunner.cpp:1763 #84 0x4061a306 in __libc_start_main (main=0x805d6c8 <main>, argc=3, ubp_av=0xbffff584, init=0x805637c <_init>, fini=0x8067c20 <_fini>, rtld_fini=0x4000d2dc <_dl_fini>, stack_end=0xbffff57c) at ../sysdeps/generic/libc-start.c:129
Depends on: 57188
*** Bug 135730 has been marked as a duplicate of this bug. ***
There is a stack trace and test case in this bug report. Also reproducible steps are in the duplicate bug. Removing qawanted.
Keywords: qawanted
Making this topcrash+ and nominating for nsbeta1. This has been a consistent topcrasher on the MozillaTrunk for a while now. Here is the latest info from Talbkack: libgdk-1.2.so.0 39 133633 NEW danm@netscape.com --- 2002-04-08 56417 VERI FIXE mcafee@netscape.com Future 2001-05-17 63342 VERI DUPL pavlov@netscape.com mozilla0.8 2002-01-03 71507 VERI FIXE pavlov@netscape.com --- 2001-11-30 BBID range: 4894412 - 5285992 Min/Max Seconds since last crash: 26 - 403139 Min/Max Runtime: 98 - 458726 Crash data range: 2002-04-06 to 2002-04-16 Build ID range: 2002040606 to 2002041609 Keyword List : load(5), Stack Trace: libgdk-1.2.so.0 + 0x15035 (0x40355035) nsRenderingContextGTK::FillRect() nsRenderingContextGTK::FillRect() nsCSSRendering::PaintBackgroundWithSC() nsCSSRendering::PaintBackground() nsHTMLContainerFrame::Paint() CanvasFrame::Paint() PresShell::Paint() nsView::Paint() nsViewManager::RenderDisplayListElement() nsViewManager::RenderViews() nsViewManager::Refresh() nsViewManager::DispatchEvent() HandleEvent() nsWidget::DispatchEvent() nsWidget::DispatchWindowEvent() nsWindow::DoPaint() nsWindow::Update() nsWindow::UpdateIdle() libglib-1.2.so.0 + 0x1279d (0x4038c79d) libglib-1.2.so.0 + 0x11773 (0x4038b773) libglib-1.2.so.0 + 0x11d39 (0x4038bd39) libglib-1.2.so.0 + 0x11eec (0x4038beec) libgtk-1.2.so.0 + 0x94333 (0x402a6333) nsAppShell::Run() nsAppShellService::Run() main1() main() libc.so.6 + 0x1c627 (0x404d3627) (5280227) Comments: clicking "yes" to allow loading of images (bug 133633). (5278676) Comments: Answering dialog boxes about whether to allow <server> to load images. (5274696) Comments: I was using it. Seems to work pretty good if I don't use it. (5245453) Comments: It always fails when putting up a prompt asking if I want to accept an image. (5197643) URL: www.dell.com (5185935) URL: www.allesliebe.at (5181558) URL: www.le-shop.ch (5180430) URL: www.le-shop.ch (5180430) Comments: I had just entered the URL www.le-shop.ch and waited for the page to load. (5162797) Comments: multiple image requesters four tabs open (5109768) Comments: multiple image requesters (5098760) Comments: clicking "yes" to accept images from a site. (5061591) URL: google.com (5032336) URL: www.degen.ch (5032336) Comments: clickd on the picture which is a link to www.thalwil.ch (5015927) Comments: clicking on "yes" to allow site to load images (5006514) Comments: clicking on "yes" to allow a site to load images. (4894412) Comments: Newer mozilla's always crash when I have both "accept all images"and "accept all cookies" with the prompting turned on. If I get2 accepts for the exact same page it will crash. It also crasheswhen several prompts are on the screen at the same time. (4894412) Comments: Once Ihave accepted and it has crashed it won't crash on the next visitto the same page. Almost all the comments mention clicking through accept image dialogs. Don't see too many comments about cookie dialogs...so this bug probably needs a reassignment.
Marking as nsbeta1+/adt1 as this seems to be a consistent topcrash, with the acceptance of cookies and images. What are the chances we could have a fix for this one by 04.26?
Keywords: nsbeta1nsbeta1+
Whiteboard: [adt1] [ETA Needed]
This bug is by far the most common reason for my Mozilla crashes. In fact I can't remember mozilla crashing on me for any other reason, going back to at least 0.9.7 or so. This is on two Linux x86, KDE 2.2.x, XFree86 4.x boxen.
Assuming this is the same as bug 128677 like someone suggested, the only reason I'm not flooding talkback with reports is that I disabled image management due to the frequency of crashes. Any one who decides to use image management on mozilla's going to be very disappointed until this bug is fixed.
Whiteboard: [adt1] [ETA Needed] → [adt1] [ETA Needed] [m5+]
Whiteboard: [adt1] [ETA Needed] [m5+] → [adt1] [ETA Needed]
Dan: Is this a dup of bug 128677? If it is, we should mark it so and update that bug with the topcrash+ and nsbeta+ keywords since this is a topcrasher with Mozilla1.0 RC1.
Summary: Trunk crash accepting cookies/images [@ libgdk-1.2.so.0 - nsRenderingContextGTK::FillRect] → Trunk M1RC1 crash accepting cookies/images [@ libgdk-1.2.so.0 - nsRenderingContextGTK::FillRect]
Adding libX11.so.6 to summary since these crashes are being reported under that stack signature as well.
Summary: Trunk M1RC1 crash accepting cookies/images [@ libgdk-1.2.so.0 - nsRenderingContextGTK::FillRect] → Trunk M1RC1 crash accepting cookies/images [@ libgdk-1.2.so.0 | libX11.so.6 - nsRenderingContextGTK::FillRect]
Dan: Could this be related to bug 110112 by any chance?
*** Bug 133433 has been marked as a duplicate of this bug. ***
*** Bug 128677 has been marked as a duplicate of this bug. ***
Please see my comments in bug 128677. In short, mOffScreenSurface is freed in the destructor regardless of who owns it (unless, of course, I misunderstand Mozilla's ownership system, wouldn't be the first time :-) I know for a fact that my crashes are caused by freeing mOffScreenSurface/mSurface twice, so someone is freeing it who shouldn't.
Blocks: 143047
Updating summary with M1RC2 since this is a topcrasher with Mozilla 1.0 RC2. Dan: Any progress on this one? It's been a major topcrasher for both Mozilla 1.0 RC releases. We should at least set the priority and target milestone for this bug! If anyone wishes to reproduce this, here are the latest comments from Talkback data: For crashes under the libgdk-1.2.so.0 stack signature: (6223333) URL: audiovisualizers.com (6223333) Comments: granted permission to load image (gee I think we have a trend here) (6205586) URL: goldenhawk.com (6205586) Comments: granted permission to load an image (6194290) Comments: Finding out information about hamsters And crashes under the libX11.so.6 stack signature: (6207787) URL: http://everquest.allakhazam.com/ (6207787) Comments: Trying to deny image loading from http://rcm-images.amazon.com/ (6207831) URL: http://www.eqatlas.com/ (6207831) Comments: I have told moz to ask me for every image it wants to load and I wasclicking OK for a series of images Cc'ing waterson since he provided the patch for bug 110112 (which hopefully will prevent these crashes).
Summary: Trunk M1RC1 crash accepting cookies/images [@ libgdk-1.2.so.0 | libX11.so.6 - nsRenderingContextGTK::FillRect] → Trunk M1RC2 crash accepting cookies/images [@ libgdk-1.2.so.0 | libX11.so.6 - nsRenderingContextGTK::FillRect]
I'm looking at this one, finally. After reading the related bugs I'm not optimistic about fixing this. Chris' comments in bug 110112 especially make me twitch. Note this entire feature has been disabled, so you can't actually have this crash any more. The reason for disabling it was that it was just too impossible to fix. Looking...
Same as bug 110112, and since a lot of good analysis has already gone into that bug (and it's owned by someone who isn't me!)... Note also that the hack in bug 128677 (see comment 17) doesn't completely stop the crash, it just delays it. This one sucks. I don't know what to do about it. Make alerts not be XUL windows? *** This bug has been marked as a duplicate of 110112 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
V/dupe. sure. the other dupes in this bug are for image blocking anyhow, which should have been tracked in different bugs or via a depends.
Status: RESOLVED → VERIFIED
QA Contact: tever → benc
Crash Signature: [@ libgdk-1.2.so.0 | libX11.so.6 - nsRenderingContextGTK::FillRect]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: