Closed
Bug 4395
Opened 26 years ago
Closed 26 years ago
[PP]Crash on page resize - PPC unmapped mem exception at TrimRect
Categories
(Core Graveyard :: Tracking, defect, P1)
Tracking
(Not tracked)
VERIFIED
WORKSFORME
M5
People
(Reporter: glynn, Assigned: mcmullen)
References
()
Details
March 29 optimized Seamonkey apprunner builds
*Mac only
1. Launch apprunner and go to http://abc.go.com and wait for page to load
2. Resize browser window down and right
• Crash into Macsbug with PPC unmapped mem exception, will post crawl shortly,
viewer does not crash.
MacsBug 6.5.4a6, Copyright Apple Computer, Inc. 1981-98
PowerPC unmapped memory exception at 0D42569C TrimRect+038C8
29-Mar-1999 5:53:27 PM (since boot = 2 hours, 38 minutes)
Current application is ÒapprunnerÓ
Machine = 312 (PowerBookG3Series), System $0851, sysu = $01008000
ROM version $077D, $41F5, $0002 (ROMBase $FFC00000)
VM is on; paging is currently safe
NIL^ = $FFC10000
Stack space used = -30387700
Address 0D42569C is in VM file-mapped logical memory space
It is in the CFM fragment ÒNQDÓ at 0D41D2A0
It is 000083FC bytes from the start of the fragment
and 0000837C bytes into a non-writeable code section at 0D41D320
PowerPC 740/750 Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 0D42569C CR 0100 1010 0000 0000 0000 1000 0010 1010
LR = 0D427F30 <>=O XEVO
CTR = 0D425B40
MSR = 00000000 SOC Compare Count
Int = 0 XER 001 00 00 MQ = 02ADF320
R0 = 0D428A60 R8 = 00000000 R16 = 00000000 R24 = 00000000
SP = 034B7740 R9 = 6F6C756D R17 = 00000000 R25 = 00000000
TOC = 002D32F8 R10 = 00000001 R18 = 00000000 R26 = 00000000
R3 = 6F6C756D R11 = 002D5558 R19 = 00000000 R27 = 00000009
R4 = 00000000 R12 = FFFF8024 R20 = 00000000 R28 = 02D72BCC
R5 = 002D7770 R13 = 00000000 R21 = 02B2AE18 R29 = 00000030
R6 = 00000000 R14 = 00000000 R22 = 00000000 R30 = 034B78B2
R7 = 00000040 R15 = 00000000 R23 = 00000000 R31 = 034B7828
Disassembling PowerPC code from 0D425674
TrimRect
+038A0 0D425674 lwz r0,0x0000(r25) |
80190000
+038A4 0D425678 stw r0,0x0004(r27) |
901B0004
+038A8 0D42567C stw r26,0x000C(r27) |
935B000C
+038AC 0D425680 stw r27,0x0000(r25) |
93790000
+038B0 0D425684 mr r3,r27 |
7F63DB78
+038B4 0D425688 addi SP,SP,0x0060 |
38210060
+038B8 0D42568C lwz r0,0x0008(SP) |
80010008
+038BC 0D425690 mtlr r0 ; LR = 0x0008 |
7C0803A6
+038C0 0D425694 lmw r25,-0x001C(SP) |
BB21FFE4
+038C4 0D425698 blr |
4E800020
+038C8 0D42569C *lha r12,0x0004(r3) |
A9830004
+038CC 0D4256A0 cmpwi r12,0x0000 |
2C0C0000
+038D0 0D4256A4 bge TrimRect+038E4 ; 0x0D4256B8 |
40800014
+038D4 0D4256A8 rlwinm. r4,r12,0x00,0x11,0x11 |
55840463
+038D8 0D4256AC beq TrimRect+038E4 ; 0x0D4256B8 |
4182000C
+038DC 0D4256B0 lwz r4,0x0000(r3) |
80830000
+038E0 0D4256B4 lwz r3,0x0000(r4) |
80640000
+038E4 0D4256B8 blr |
4E800020
+038E8 0D4256BC mflr r0 ; LR = 0x0008 |
7C0802A6
+038EC 0D4256C0 stmw r28,-0x0010(SP) |
BF81FFF0
Heap zones
#1 Mod 12727K 00002800 to 00C7065F SysZone^
#2 Mod 7K 0000C650 to 0000E51F ROM read-only zone
#3 Mod 256K 0083F180 to 0087F17F
#4 Mod 256K 008D9640 to 0091963F
#5 Mod 64K 00982540 to 0099253F
#6 Mod 70829K 00C70660 to 0519BA9F Process Manager zone
#7 Mod 9801K 02ADABE0 to 0346D2DF ÒapprunnerÓ ApplZone^ TheZone^
TargetZone
#8 Mod 8217K 03787A30 to 03F8E12F ÒNetscape CommunicatorªÓ
#9 Mod 4057K 03FA2240 to 0439893F ÒInternet Explorer 4.5Ó
#10 Mod 1026K 0403C120 to 0413C91F
#11 Mod 410K 04D9B260 to 04E01C0F ÒStickiesÓ
#12 Mod 18K 04E7D320 to 04E81BDF
#13 Mod 793K 04E820F0 to 04F487EF ÒSpeed Doublerª 8Ó
#14 Mod 942K 04F72870 to 0505E36F ÒFinderÓ
#15 Mod 83K 05072C00 to 05087AFF ÒTime SynchronizerÓ
#16 Mod 361K 05096390 to 050F0A8F ÒFolder ActionsÓ
#17 Mod 89K 05141640 to 05157D3F ÒControl Strip ExtensionÓ
#18 Mod 6143K 05500000 to 05AFFFCF
#19 Mod 216K 05561370 to 0559736F
#20 Mod 27K 055FB450 to 0560217F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 0000C650 is ok
The heap at 0083F180 is ok
The heap at 008D9640 is ok
The heap at 00982540 is ok
The Process Manager heap at 00C70660 is ok
The ÒapprunnerÓ heap at 02ADABE0 is ok
The ÒNetscape CommunicatorªÓ heap at 03787A30 is ok
The ÒInternet Explorer 4.5Ó heap at 03FA2240 is ok
The heap at 0403C120 is ok
The ÒStickiesÓ heap at 04D9B260 is ok
The heap at 04E7D320 is ok
The ÒSpeed Doublerª 8Ó heap at 04E820F0 is ok
The ÒFinderÓ heap at 04F72870 is ok
The ÒTime SynchronizerÓ heap at 05072C00 is ok
The ÒFolder ActionsÓ heap at 05096390 is ok
The ÒControl Strip ExtensionÓ heap at 05141640 is ok
Totaling the ÒapprunnerÓ heap at 02ADABE0
Total Blocks Total of Block Sizes
Free 0007 #7 002E9500 #3052800
Nonrelocatable 00A1 #161 00696CCC #6909132
Relocatable 056D #1389 000124F0 #74992
Locked 0000 #0 00000000 #0
Purgeable and not locked 0000 #0 00000000 #0
Heap size 0615 #1557 009926BC #10036924
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 001A #26 00008A80 #35456
Nonrelocatable 0CB1 #3249 005C2D0C #6040844
Relocatable 0A93 #2707 006A2690 #6956688
Locked 021A #538 003F3D10 #4144400
Purgeable and not locked 0079 #121 00172740 #1517376
Heap size 175E #5982 00C6DE1C #13032988
The target heap is the ÒapprunnerÓ heap at 02ADABE0
Displaying Driver Control Entries
No drivers are busy.
Displaying resource information:
> Map $02ADAD68, flags $0000, file $23FE = apprunner
+ Map $000031DC, flags $801A, file $0003 = ¥ROM resources that override
System¥
S Map $000032E8, flags $200D, file $0002 = System
Map $000D5174, flags $001C, file $17E0 = WorldScript II Resources
Map $00003124, flags $0014, file $01D8 = System Resources
[Skipped $0039 maps belonging to font files]
Calling chain using A6/R1 links
Back chain ISA Caller
00000000 PPC 0C278A50
034B9140 PPC 0C277BA8 main+0053C
034B9050 PPC 0BBF3D24 nsAppShellService::Run()+00018
034B9010 PPC 0C014878 nsAppShell::Run()+00038
034B8F90 PPC 0C0151A0 nsMacMessagePump::DoMessagePump()+0003C
034B8F40 PPC 0C015348 nsMacMessagePump::DispatchEvent(int, EventRecord*)+
00084
034B8EF0 PPC 0C0154B4 nsMacMessagePump::DoUpdate(EventRecord&)+0004C
034B8EA0 PPC 0C015C3C
nsMacMessagePump::DispatchOSEventToRaptor(EventRecord&, GrafPort
*)+00044
034B8E50 PPC 0C0101D4 nsMacMessageSink::DispatchOSEvent(EventRecord&,
GrafPort*)+00038
034B8E10 PPC 0C00C3B0 nsMacWindow::HandleOSEvent(EventRecord&)+00020
034B8DB0 PPC 0C00C6E4 nsMacEventHandler::HandleOSEvent(EventRecord&)+0006C
034B8D70 PPC 0C00D178 nsMacEventHandler::HandleUpdateEvent(EventRecord&)+
00018
034B8D30 PPC 0BFF7F6C nsWindow::HandleUpdateEvent()+0016C
034B8CB0 PPC 0BFF8170 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext*
)+00190
034B8C10 PPC 0BFF8170 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext*
)+00190
034B8B70 PPC 0BFF8170 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext*
)+00190
034B8AD0 PPC 0BFF806C nsWindow::UpdateWidget(nsRect&, nsIRenderingContext*
)+0008C
034B8A30 PPC 0BFF8678 nsWindow::DispatchWindowEvent(nsGUIEvent&)+00018
034B89F0 PPC 0BFF85A4 nsWindow::DispatchEvent(nsGUIEvent*, nsEventStatus&
)+00090
034B89A0 PPC 0BB79860 HandleEvent(nsGUIEvent*)+00058
034B8950 PPC 0BB77784 nsViewManager::DispatchEvent(nsGUIEvent*,
nsEventStatus&)+002E8
034B8810 PPC 0BB76C3C nsViewManager::Refresh(nsIView*,
nsIRenderingContext*, const nsR
ect*, unsigned int)+0016C
034B8750 PPC 0BB76E00 nsViewManager::RenderViews(nsIView*,
nsIRenderingContext&, const
nsRect&, int&)+00024
034B8710 PPC 0BB7A474 nsView::Paint(nsIRenderingContext&, const nsRect&,
unsigned int,
int&)+00438
034B84A0 PPC 0BB7AD14 nsView::Paint(nsIRenderingContext&, const nsRect&,
unsigned int,
int&)+00CD8
034B8230 PPC 0BCBBA38 PresShell::Paint(nsIView*, nsIRenderingContext&,
const nsRect&)+
00060
034B81D0 PPC 0BCCA474 nsHTMLContainerFrame::Paint(nsIPresContext&,
nsIRenderingContext
&, const nsRect&, nsFramePaintLayer)+00150
034B8150 PPC 0BCA5EAC nsContainerFrame::PaintChildren(nsIPresContext&,
nsIRenderingCon
text&, const nsRect&, nsFramePaintLayer)+000C8
034B80E0 PPC 0BCA60E4 nsContainerFrame::PaintChild(nsIPresContext&,
nsIRenderingContex
t&, const nsRect&, nsIFrame*, nsFramePaintLayer)+0015C
034B8050 PPC 0BE48100 nsBlockFrame::Paint(nsIPresContext&,
nsIRenderingContext&, const
nsRect&, nsFramePaintLayer)+001D4
034B7FB0 PPC 0BE4839C nsBlockFrame::PaintChildren(nsIPresContext&,
nsIRenderingContext
&, const nsRect&, nsFramePaintLayer)+00090
034B7F40 PPC 0BCA60E4 nsContainerFrame::PaintChild(nsIPresContext&,
nsIRenderingContex
t&, const nsRect&, nsIFrame*, nsFramePaintLayer)+0015C
034B7EB0 PPC 0BE48100 nsBlockFrame::Paint(nsIPresContext&,
nsIRenderingContext&, const
nsRect&, nsFramePaintLayer)+001D4
034B7E10 PPC 0BE4839C nsBlockFrame::PaintChildren(nsIPresContext&,
nsIRenderingContext
&, const nsRect&, nsFramePaintLayer)+00090
034B7DA0 PPC 0BCA60E4 nsContainerFrame::PaintChild(nsIPresContext&,
nsIRenderingContex
t&, const nsRect&, nsIFrame*, nsFramePaintLayer)+0015C
034B7D10 PPC 0BEB893C nsToolboxFrame::Paint(nsIPresContext&,
nsIRenderingContext&, con
st nsRect&, nsFramePaintLayer)+00034
034B7CC0 PPC 0BEB8A20 nsToolboxFrame::DrawGrippies(nsIPresContext&,
nsIRenderingContex
t&) const+00054
034B7C70 PPC 0BEB8B98 nsToolboxFrame::DrawGrippy(nsIPresContext&,
nsIRenderingContext&
, const nsRect&, int) const+000EC
034B7BF0 PPC 0BCF92D0 nsCSSRendering::PaintBackground(nsIPresContext&,
nsIRenderingCon
text&, nsIFrame*, const nsRect&, const nsRect&, const nsStyleColor&, const
nsStyleSpacing&, i
nt, int)+00470
034B7AF0 PPC 0BFE962C nsRenderingContextMac::DrawImage(nsIImage*, int,
int, int, int)+
0003C
034B7AA0 PPC 0BFE98C4 nsRenderingContextMac::DrawImage(nsIImage*, const
nsRect&)+000A4
034B7A40 PPC 0BFE05A8 nsImageMac::Draw(nsIRenderingContext&, void*, int,
int, int, int
)+00034
034B79F0 PPC 0BFE050C nsImageMac::Draw(nsIRenderingContext&, void*, int,
int, int, int
, int, int, int, int)+0013C
034B7960 PPC FFD6D5D8 CopyBits+0003C
034B7920 PPC 0D428CE4 NQDCopyBits+000B0
034B77F0 PPC 0D428A5C NQDCalcMask+00C68
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
034B7B38 68K 02C4B43E
034B7B14 68K 030DFCBE
034B7B08 PPC 0BEB7FF0 nsToolbarFrame::Paint(nsIPresContext&,
nsIRendering
Context&, const nsRect&, nsFramePaintLayer)+0000C
034B7AF8 PPC 0BCF92D0
nsCSSRendering::PaintBackground(nsIPresContext&, ns
IRenderingContext&, nsIFrame*, const nsRect&, const nsRect&, const nsStyleColor&,
const nsSty
leSpacing&, int, int)+00470
034B7AF4 68K 030DFCBE
034B7AE2 68K 00B3FFFE
034B7AB8 034B7AB0 PPC 0BFE7464 nsRenderingContextMac::FillRect(const
nsRect&)+0002
8
034B7AB4 034B7AB0 68K 030DFCBE
034B7AA8 034B7AA0 PPC 0BFE962C
nsRenderingContextMac::DrawImage(nsIImage*, int, in
t, int, int)+0003C
034B7AA4 034B7AA0 68K 030DFCBE
034B7A96 68K 00B3FFFE
034B7A64 034B7A60 68K 030DFCBE
034B7A58 034B7A50 PPC 0BFE4B38 GraphicState::Duplicate(GraphicState*)+
00088
034B7A54 034B7A50 68K 030DFCBE
034B7A48 034B7A40 PPC 0BFE98C4
nsRenderingContextMac::DrawImage(nsIImage*, const n
sRect&)+000A4
034B7A44 034B7A40 68K 030DFCBE
034B7A38 PPC 0BFE671C
nsRenderingContextMac::SetClipRectInPixels(const ns
Rect&, nsClipCombine, int&)+00140
034B7A24 034B7A20 68K 030DFCBE
034B7A18 034B7A10 PPC 0BFE4C04 GraphicState::DuplicateRgn(MacRegion**
)+00034
034B7A08 034B7A00 PPC FFD6C5C0 GetPort+0001C
034B7A04 034B7A00 68K 030DFCBE
034B79F8 034B79F0 PPC 0BFE05A8 nsImageMac::Draw(nsIRenderingContext&,
void*, int,
int, int, int)+00034
034B7978 034B7970 PPC FFD6D14C CopyRgn+00020
034B7974 034B7970 68K 030DFCBE
034B7968 034B7960 PPC 0BFE050C nsImageMac::Draw(nsIRenderingContext&,
void*, int,
int, int, int, int, int, int, int)+0013C
034B7938 034B7930 PPC 0D4C3FF8 __DisposeHandle+00010
034B7928 034B7920 PPC FFD6D5D8 CopyBits+0003C
034B78F8 034B78F0 PPC FFD6D1D0 SetRectRgn+00038
034B78D8 034B78D0 PPC 0D41DC58 NQDRGBBackColor+00080
034B78B4 034B78B0 68K 030DFCBE
034B7898 034B7890 PPC FFD6E9C4 Color2Index+0001C
034B788C 034B7888 68K 030F122E
034B77F8 034B77F0 PPC 0D428CE4 NQDCopyBits+000B0
034B77D8 PPC 0C2653AC free+00030
034B77C4 034B77C0 68K 02ADF31E
034B77B8 034B77B0 PPC 0C265344 malloc+00040
034B7798 034B7790 PPC 0D428A5C NQDCalcMask+00C68
034B7778 68K 002D566A
034B7748 034B7740 PPC 0BFD709C nsFont::~nsFont()+00024
Displaying memory from 0
00000000 FFC1 0000 FFC1 0000 001D CFB6 001D CFB8 ÿÁ¥¥ÿÁ¥¥¥¥Ï¶¥¥Ï¸
00000010 001D CFBA 001D CFBC FFC0 3378 FFC0 337A ¥¥Ïº¥¥Ï*ÿÀ3xÿÀ3z
http://www.gte.com also results in same crash/stack crawl just letting page try
to load on Mac and Linux just quits itself...
Re-assigned to mcmullen@netscape.com, set target milestone to M5, and changed
priority to P1.
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → WORKSFORME
With my current M4 build (pulled last night, actually) it does not crash now when
you carry out these steps. Much code has been checked in since the bug was filed.
Marking WorksForMe.
Updated•26 years ago
|
Status: RESOLVED → VERIFIED
Comment 7•26 years ago
|
||
verifed as worksforme using 1999042508 build on Mac 8.5
Summary: Crash on page resize - PPC unmapped mem exception at TrimRect → [PP]Crash on page resize - PPC unmapped mem exception at TrimRect
Whiteboard: [PP]
Moving from Apprunner to Other component temporarily whilst don and I set proper
component. Apprunner component will be retired/deleted shortly.
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•