Closed
Bug 255366
Opened 20 years ago
Closed 20 years ago
File picker calls crash mozilla (open file, file attach, file browser, etc)
Categories
(Core :: XUL, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: harri, Assigned: caillon)
References
Details
(Keywords: 64bit, crash, helpwanted)
Attachments
(2 files)
|
(deleted),
application/x-tar
|
Details | |
|
(deleted),
patch
|
caillon
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.2) Gecko/20040811 Debian/1.7.2-2 Build Identifier: Current snapshot of 1.8 as of Aug 11th, compiled on Debian AMD64, gcc 3.4.1 If I try to attach a file to my EMail, then Mozilla dies. Reproducible: Always Steps to Reproduce: 1.compose EMail 2.set a To: address, add some text 3.right klick on Attachments list, select "Attach Files" Actual Results: core dump the version of yesterday crashed, too
|
Reporter | |
Comment 1•20 years ago
|
||
Here is the real build identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8a3) Gecko/20040812
|
||
Comment 2•20 years ago
|
||
Herald: Are you able to reproduce with official Mozilla nightbuild? Could you provide TalkBack incident ID in such case?
Severity: normal → critical
Keywords: crash
|
|
Reporter | |
Comment 3•20 years ago
|
||
AFAIK there are no nightly builds for AMD64. I grabbed the current image for x86 and installed it on another PC. There was no crash when I did a right click to [Select Files], but when I clicked on [Cancel] in the file browser Mozilla x86 died, too. But maybe this is unrelated.
|
|
Reporter | |
Comment 4•20 years ago
|
||
The crash on x86 is not reproducable.
Any attempt to attach a file, from menu or attachment frame, causes an immediate crash. No other components of the message need be filled out. AMD64, CVS HEAD, 20040813
Further info, you can attach a web page, but you can not attach a file.
Unfortunately gdb and mozilla aren't playing well - when started with --debug,
mozilla hangs before realizing any widgets on screen.
Here is startup info. Note the file picker module failure:
*** Registering nsWidgetGtk2Module components (all right -- a generic module!)
nsGenericModule nsWidgetGtk2Module: Register hook for Gtk2 File Picker
component returned error => 80040155
(Gecko:8622): GLib-GObject-WARNING **: invalid cast from GdkWindow' to GtkWindow'
/usr/local/lib/mozilla-1.8a3/run-mozilla.sh: line 131: 8622 Segmentation fault
"$prog" ${1+"$@"}
On a side note, I've often wondered why mozilla developers choose to return
numbers like 80040155 instead of an error string which is far more descriptive.
80040155 actually sounds like a pointer location. But I see this all over the
place.If you twiddle gdb/moz carefully you can sometimes get somewhere. Here is a partially informative stack trace. It now seems very apparent where it's crashing, but as I can't yet get at the values passed to this function I don't know why it blew up. Program received signal SIGSEGV, Segmentation fault. 0x0000002a95e6f6db in gtk_file_chooser_dialog_get_type () from /usr/lib/libgtk-x11-2.0.so.0 (gdb) bt #0 0x0000002a95e6f6db in gtk_file_chooser_dialog_get_type () from /usr/lib/libgtk-x11-2.0.so.0 #1 0x0000003000000020 in ?? () #2 0x0000000000000001 in ?? () #3 0x00000000008d25c0 in ?? () #4 0x0000002a9555fcc4 in _dl_rtld_di_serinfo () from /lib64/ld-linux-x86-64.so.2 #5 0x0000002a9e689e6a in nsIFileURL::GetIID()::iid () from /usr/local/lib/mozilla-1.8a3/components/libwidget_gtk2.so #6 0x0000000000000000 in ?? () #7 0x00000000005716e0 in ?? () #8 0x0000002a968eb2e8 in ?? () from /usr/lib/libgobject-2.0.so.0 #9 0x0000000000000010 in ?? () #10 0x0000002a968e5248 in ?? () from /usr/lib/libgobject-2.0.so.0 #11 0x00000000008d1e60 in ?? () #12 0x0000000000000001 in ?? () #13 0x0000002a968b0000 in ?? () #14 0x00000000000000a6 in ?? () #15 0x0000002a968de524 in g_type_check_instance_cast () from /usr/lib/libgobject-2.0.so.0 #16 0x0000002a9e677106 in nsFilePicker::ReadValuesFromFileChooser () from /usr/local/lib/mozilla-1.8a3/components/libwidget_gtk2.so #17 0x0000002a984ef47e in XPTC_InvokeByIndex () from /usr/local/lib/mozilla-1.8a3/libxpcom.so #18 0x0000002a994ace4d in XPCWrappedNative::CallMethod () from /usr/local/lib/mozilla-1.8a3/components/libxpconnect.so #19 0x0000002a994b19e1 in XPC_WN_CallMethod () from /usr/local/lib/mozilla-1.8a3/components/libxpconnect.so #20 0x0000002a956c3f73 in js_Invoke () from /usr/local/lib/mozilla-1.8a3/libmozjs.so #21 0x0000002a956b8c41 in js_Interpret () from /usr/local/lib/mozilla-1.8a3/libmozjs.so #22 0x0000002a956c42c6 in js_Invoke () from /usr/local/lib/mozilla-1.8a3/libmozjs.so #23 0x0000002a994a5bf9 in nsXPCWrappedJSClass::CheckForException () from /usr/local/lib/mozilla-1.8a3/components/libxpconnect.so #24 0x0000002a984f00ac in PrepareAndDispatch () from /usr/local/lib/mozilla-1.8a3/libxpcom.so #25 0x0000002a984ef4eb in XPTC_InvokeByIndex () from /usr/local/lib/mozilla-1.8a3/libxpcom.so #26 0x0000002a984ef47e in XPTC_InvokeByIndex () from /usr/local/lib/mozilla-1.8a3/libxpcom.so #27 0x0000002a994ace4d in XPCWrappedNative::CallMethod () from /usr/local/lib/mozilla-1.8a3/components/libxpconnect.so #28 0x0000002a994b19e1 in XPC_WN_CallMethod () from /usr/local/lib/mozilla-1.8a3/components/libxpconnect.so #29 0x0000002a956c3f73 in js_Invoke () from /usr/local/lib/mozilla-1.8a3/libmozjs.so #30 0x0000002a956b8c41 in js_Interpret () from /usr/local/lib/mozilla-1.8a3/libmozjs.so #31 0x0000002a956c42c6 in js_Invoke () from /usr/local/lib/mozilla-1.8a3/libmozjs.so #32 0x0000002a956c465d in js_InternalInvoke () from /usr/local/lib/mozilla-1.8a3/libmozjs.so #33 0x0000002a95688e99 in JS_CallFunctionValue () from /usr/local/lib/mozilla-1.8a3/libmozjs.so #34 0x0000002a9a1cd9c3 in nsJSContext::CallEventHandler () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #35 0x0000002a9a20f40e in nsJSEventListener::SetEventName () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #36 0x0000002a9a078d56 in nsEventListenerManager::HandleEventSubType () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #37 0x0000002a9a07a266 in nsCOMPtr<nsIEventListenerManager>::nsCOMPtr () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #38 0x0000002a9a23579f in nsXULElement::HandleDOMEvent () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #39 0x0000002a9a23561a in nsXULElement::HandleDOMEvent () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #40 0x0000002a9a23561a in nsXULElement::HandleDOMEvent () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so ---Type <return> to continue, or q <return> to quit--- #41 0x0000002a99ecbf75 in PresShell::HandleEventInternal () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #42 0x0000002a99ecc252 in PresShell::HandleEventInternal () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #43 0x0000002a9a080f1c in nsEventStateManager::CheckForAndDispatchClick () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #44 0x0000002a9a081e48 in nsEventStateManager::DoScrollText () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #45 0x0000002a99ecc02a in PresShell::HandleEventInternal () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #46 0x0000002a99eccc7b in PresShell::RetargetEventToParent () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #47 0x0000002a9a1c64fe in nsViewManager::HandleEvent () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #48 0x0000002a9a1c6c01 in nsViewManager::HandleEvent () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #49 0x0000002a9a1b99c7 in nsView::GetViewFor () from /usr/local/lib/mozilla-1.8a3/components/libgklayout.so #50 0x0000002a9e66d0c9 in nsCommonWidget::DispatchResizeEvent () from /usr/local/lib/mozilla-1.8a3/components/libwidget_gtk2.so #51 0x0000002a9e660ca6 in nsWindow::OnButtonReleaseEvent () from /usr/local/lib/mozilla-1.8a3/components/libwidget_gtk2.so #52 0x0000002a9e663260 in getter_AddRefs<nsISupports> () from /usr/local/lib/mozilla-1.8a3/components/libwidget_gtk2.so #53 0x0000002a95ebc976 in _gtk_marshal_BOOLEAN__BOXED () from /usr/lib/libgtk-x11-2.0.so.0 #54 0x0000002a968bd02a in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #55 0x0000002a968d25ea in g_signal_has_handler_pending () from /usr/lib/libgobject-2.0.so.0 #56 0x0000002a968d39fd in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #57 0x0000002a968d40e3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #58 0x0000002a95fa6d80 in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0 #59 0x0000002a95eba95e in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0 #60 0x0000002a95ebace5 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0 #61 0x0000002a961ee750 in _gdk_events_queue () from /usr/lib/libgdk-x11-2.0.so.0 #62 0x0000002a96b1e56d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #63 0x0000002a96b20247 in g_main_context_acquire () from /usr/lib/libglib-2.0.so.0 #64 0x0000002a96b205e5 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #65 0x0000002a95eba141 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #66 0x0000002a9e66ab41 in nsCOMPtr<nsIEventQueue>::operator nsDerivedSafe<nsIEventQueue>* () from /usr/local/lib/mozilla-1.8a3/components/libwidget_gtk2.so #67 0x0000000000423e1a in ?? () #68 0x000000000041ba63 in main ()
|
||
Comment 8•20 years ago
|
||
isn't this the same as bug 255604 (similar stacks)
bug 255604 does indeed look like a dupe of this bug. here is my build configuration, exchange disable-debug for enable, and cflags/strip naturally; cflags would be -O2 -g with cpu/arch the same. about:buildconfig Build platform target x86_64-unknown-linux-gnu Build tools Compiler Version Compiler flags gcc gcc version 3.4.1 20040803 (Gentoo Linux 3.4.1-r2, ssp-3.4-2, pie-8.7.6.5) -Wall -W -Wno-unused -Wpointer-arith -Wcast-align -Wno-long-long -pedantic -pthread -pipe g++ gcc version 3.4.1 20040803 (Gentoo Linux 3.4.1-r2, ssp-3.4-2, pie-8.7.6.5) -fno-rtti -fno-exceptions -Wall -Wconversion -Wpointer-arith -Wcast-align -Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -Wno-long-long -pedantic -fshort-wchar -pthread -pipe -I/usr/X11R6/include Configure arguments --disable-ldap --disable-gnomevfs --disable-gnomeui --disable-accessibility --disable-tests --disable-debug '--enable-optimize=-Os -fomit-frame-pointer -pipe -march=opteron -mtune=opteron -ffast-math -mfpmath=sse,387 -fexpensive-optimizations' --enable-strip --disable-toolkit-qt --enable-calendar --enable-xft --enable-xprint --enable-crypto --enable-reorder --enable-xterm-updates --enable-toolkit-gtk2 --enable-default-toolkit=gtk2 --enable-x11-shm --enable-freetype2 --enable-extensions=default --without-system-nspr --with-system-jpeg --with-system-zlib --with-system-png --with-system-mng
|
||
Comment 10•20 years ago
|
||
*** Bug 255604 has been marked as a duplicate of this bug. ***
|
|
||
Comment 11•20 years ago
|
||
Reassigning, please see end comment on bug 255604.
Assignee: sspitzer → caillon
Component: Mail Window Front End → XP Toolkit/Widgets
Product: MailNews → Browser
Summary: crash on "Attach file" → File picker calls crash mozilla (open file, file attach, file browser, etc)
|
|
||
Comment 12•20 years ago
|
||
(gdb) l
391 NS_IMETHODIMP
392 nsFilePicker::Show(PRInt16 *aReturn)
393 {
394 NS_ENSURE_ARG_POINTER(aReturn);
395
396 nsXPIDLCString title;
397 title.Adopt(ToNewUTF8String(mTitle));
398
399 GtkWidget *parent =
(GtkWidget*)mParentWidget->GetNativeData(NS_NATIVE_WIDGET);
400 GtkFileChooserAction action = GetGtkFileChooserAction(mMode);
401 const gchar *accept_button = (mMode == GTK_FILE_CHOOSER_ACTION_SAVE)
402 ? GTK_STOCK_SAVE : GTK_STOCK_OPEN;
403
404 GtkWidget *file_chooser =
405 _gtk_file_chooser_dialog_new(title, GTK_WINDOW(parent), action,
406 GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL,
407 accept_button, GTK_RESPONSE_ACCEPT,
408 NULL);
409 if (mMode == nsIFilePicker::modeOpenMultiple) {
410 _gtk_file_chooser_set_select_multiple
(GTK_FILE_CHOOSER(file_chooser), TRUE);
(gdb) p title
$4 = {<nsCString> = {<nsCSubstring> = {<nsACString> = {mVTable = 0xac2ff0,
mData = 0x2a984f123e
"\205ΐtnA\203ώ\005w*H\213T$\020D\211πA�ΖH\211,ΒA�ΕH\203Γ\030E9ύr€H\203Δ\030
[]A\\A]A^A_ΓI\211,$I\203Δ\bλΫfff\220H\215{\020θ§ρχ�\017Άΐ\203ψ\fw\022H\215\025\220'\002",
mLength = 3221200880,
mFlags = 0}, <No data fields>}, <No data fields>}, <No data fields>}
(gdb) p parent
$5 = (GtkWidget *) 0x1
(gdb) p action
$6 = 16154736
(gdb) p accept_button
$7 = (const gchar *) 0x2a9c9a8e41 "gtk-save"
(gdb) p mtitle
No symbol "mtitle" in current context.
(gdb) p mTitle
$8 = {<nsSubstring> = {<nsAString> = {mVTable = 0x54def0, mData = 0xf67518,
mLength = 9, mFlags = 5}, <No data fields>}, <No data fields>}
the 'parent' pointer looks suspicious.
|
Assignee | |
Updated•20 years ago
|
Keywords: helpwanted
|
|
Reporter | |
Comment 13•20 years ago
|
||
file xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_linux.cpp, line 205: I am not sure, but doesn't "methodAddress += 8 * methodIndex" break the 16-byte alignment necessary for amd64? Regards Harri
Does AMD64's ABI (as used on Linux) really require 16-byte alignment? I don't have an x86-64 machine to test on, but that would surprise me tremendously, since it would mean that you couldn't densely pack native (8-byte == 64-bit) pointers. I'm always happy to learn, though, so a pointer to a reference correcting me would be welcome.
|
|
Reporter | |
Comment 15•20 years ago
|
||
Stack pointers must be aligned to 16 bytes in 64bit mode. See http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/24592.pdf, 3.73, Page 94. But I am not sure whether this is the problem here.
|
|
||
Comment 16•20 years ago
|
||
Requesting blocking, this is starting to show up with a lot of people and it's a fairly necessary item.
Flags: blocking1.8a4?
|
|
Reporter | |
Comment 17•20 years ago
|
||
I could reproduce the broken parent in nsFilePicker::Show() :
(gdb) print *parent
$4 = {object = {parent_instance = {g_type_instance = {g_class = 0x56e460},
ref_count = 2, qdata = 0x567220}, flags = 16503664}, private_flags = 53824,
state = 251 'û', saved_state = 0 '\0', name = 0x76d8c0 "\200\214y", style = 0x0,
requisition = {width = 0, height = 0}, allocation = {x = 0, y = 0, width =
5671232, height = 0}, window = 0x0, parent = 0x0}
But I do not know yet where this comes from. That is successfully hidden
by Smart Pointers.
Using brute force I checked when this problem was introduced. The snapshot in
nightly/2004-08-07-07-trunk/mozilla-source.tar.bz2 works, but the version
nightly/2004-08-08-07-trunk/mozilla-source.tar.bz2 is broken. The changes
include some new stuff in gtk2/nsFilePicker.{cpp,h}, gtk2/nsWidgetFactory.cpp
and the filepicker.properties. I can post the complete diffs, if somebody is
interested.
Regards
Harri
|
|
Reporter | |
Comment 19•20 years ago
|
||
|
|
Reporter | |
Comment 20•20 years ago
|
||
Maybe this helps: On amd64 I get a message : Document http://www.kernel.org/pub/linux/kernel/ loaded successfully Document http://www.kernel.org/pub/linux/kernel/v2.6/ loaded successfully Document http://www.kernel.org/pub/linux/kernel/v2.6/patch-2.6.8.1.gz loaded successfully (Gecko:13592): GLib-GObject-WARNING **: invalid cast from `GdkWindow' to `GtkWindow' immediately before the crash. When I try the same on i386, then there is no message about an invalid cast.
|
||
Comment 21•20 years ago
|
||
Also occurs on Firefox 1.0 preview as well as CVS trunk. I have an i386 (P4 2.8GHz) and I also see the invalid cast message. Occurs when opening any file chooser (i.e. open file, import bookmarks).
|
|
||
Comment 22•20 years ago
|
||
On i386 this seems to be a problem with the GTK+ 2.5 series; it works fine with v2.4.9.
|
||
Comment 23•20 years ago
|
||
|
|
||
Comment 24•20 years ago
|
||
Comment on attachment 159629 [details] [diff] [review] Make our prototype for _gtk_file_chooser_dialog_new_fn() match reality (patch by bryner) Chris, was this done this way intentionally, or would this be more appropriate here?
Attachment #159629 -
Flags: superreview+
Attachment #159629 -
Flags: review?(caillon)
|
|
Assignee | |
Comment 25•20 years ago
|
||
Comment on attachment 159629 [details] [diff] [review] Make our prototype for _gtk_file_chooser_dialog_new_fn() match reality (patch by bryner) Hm, cool.
Attachment #159629 -
Flags: review?(caillon) → review+
|
||
Updated•20 years ago
|
Flags: blocking1.8a4?
|
|
Reporter | |
Comment 27•20 years ago
|
||
Sorry, but I cannot share your optimism here. I've compiled the new Mozilla sources on AMD64. The core dump is gone, but I still don't get the standard file picker that I get on i386. I get a strange looking file picker with a floppy on the save button. It doesn't match the look of other Mozilla components. And I've got an assertion failure: (Gecko:12493): Gtk-CRITICAL **: file gtkwindow.c: line 1883 (gtk_window_set_transient_for): assertion `parent == NULL || GTK_IS_WINDOW (parent)' failed If you think this is a serious problem, then would you mind to reopen this bug report?
|
|
Assignee | |
Comment 28•20 years ago
|
||
Harald, this bug is about the crash only. The assertion is fixed with the patch in bug 260872. The new dialog is the GTK2 dialog, which Mozilla is now using.
|
|
Reporter | |
Comment 29•20 years ago
|
||
Sorry, but since the new file picker looks so _completely_ different than the rest of Mozilla (especially for the Modern theme), I thought that there is still a serious problem. I liked the old file picker of 1.7.
You need to log in
before you can comment on or make changes to this bug.
Description
•