Closed
Bug 24193
Opened 25 years ago
Closed 25 years ago
crash closing window in nsURILoader::DispatchContent
Categories
(Core :: XUL, defect, P3)
Tracking
()
RESOLVED
FIXED
M14
People
(Reporter: warrensomebody, Assigned: mscott)
Details
(Keywords: crash, Whiteboard: haven't been able to reproduce this yet.)
I clicked the close box on a window and got the following crash:
nsURILoader::DispatchContent(nsURILoader * const 0x012e8de0, const char *
0x02a4ef30, int 0x00000000, const char * 0x100782d0 gCommonEmptyBuffer,
nsIChannel * 0x02a4a8d0, nsISupports * 0x00000000, nsIURIContentListener *
0x0290b6dc, char * * 0x0012c998, nsIURIContentListener * * 0x0012c9a0) line 539
+ 29 bytes
nsDocumentOpenInfo::DispatchContent(nsIChannel * 0x02a4a8d0, nsISupports *
0x00000000) line 273 + 146 bytes
nsDocumentOpenInfo::OnStartRequest(nsDocumentOpenInfo * const 0x0283f5c0,
nsIChannel * 0x02a4a8d0, nsISupports * 0x00000000) line 221 + 16 bytes
nsCachedChromeChannel::AsyncRead(nsCachedChromeChannel * const 0x02a4a8d0,
unsigned int 0x00000000, int 0xffffffff, nsISupports * 0x00000000,
nsIStreamListener * 0x0283f5c0) line 170 + 20 bytes
nsDocumentOpenInfo::Open(nsIURI * 0x02c4bbe0, int 0x00000000, const char *
0x00000000, nsISupports * 0x0290b6c0, nsIURI * 0x00000000, nsIInputStream *
0x00000000, nsISupports * 0x029089e0, nsISupports * * 0x0012cba4) line 212 + 42
bytes
nsURILoader::OpenURIWithPostDataVia(nsURILoader * const 0x012e8de4, nsIURI *
0x02c4bbe0, int 0x00000000, const char * 0x00000000, nsISupports * 0x0290b6c0,
nsIURI * 0x00000000, nsIInputStream * 0x00000000, nsISupports * 0x029089e0,
nsISupports * * 0x0012cba4, unsigned int 0x00000000) line 500 + 40 bytes
nsURILoader::OpenURIVia(nsURILoader * const 0x012e8de0, nsIURI * 0x02c4bbe0,
int 0x00000000, const char * 0x00000000, nsISupports * 0x0290b6c0, nsIURI *
0x00000000, nsISupports * 0x029089e0, nsISupports * * 0x0012cba4, unsigned int
0x00000000) line 458
nsURILoader::OpenURI(nsURILoader * const 0x012e8de0, nsIURI * 0x02c4bbe0, int
0x00000000, const char * 0x00000000, nsISupports * 0x0290b6c0, nsIURI *
0x00000000, nsISupports * 0x029089e0, nsISupports * * 0x0012cba4) line 444
nsDocLoaderImpl::LoadDocument(nsDocLoaderImpl * const 0x0290b0e0, nsIURI *
0x02c4bbe0, const char * 0x00380684, nsISupports * 0x0290b6c0, nsIInputStream *
0x00000000, nsISupports * 0x00000000, unsigned int 0x00000000, const unsigned
int 0x00000000, const unsigned short * 0x00000000) line 384 + 75 bytes
nsWebShell::DoLoadURL(nsIURI * 0x02c4bbe0, const char * 0x00380684,
nsIInputStream * 0x00000000, unsigned int 0x00000000, const unsigned int
0x00000000, const unsigned short * 0x00000000, int 0x00000001) line 1677 + 101
bytes
nsWebShell::LoadURI(nsWebShell * const 0x0290b6c0, nsIURI * 0x02c4bbe0, const
char * 0x00380684, nsIInputStream * 0x00000000, int 0x00000001, unsigned int
0x00000000, const unsigned int 0x00000000, nsISupports * 0x00000000, const
unsigned short * 0x00000000) line 1949 + 40 bytes
nsWebShell::LoadURL(nsWebShell * const 0x0290b6c0, const unsigned short *
0x02c42980, const char * 0x00380684, nsIInputStream * 0x00000000, int
0x00000001, unsigned int 0x00000000, const unsigned int 0x00000000, nsISupports
* 0x00000000, const unsigned short * 0x00000000) line 2180 + 52 bytes
nsWebShell::LoadURL(nsWebShell * const 0x0290b6c0, const unsigned short *
0x02c42980, nsIInputStream * 0x00000000, int 0x00000001, unsigned int
0x00000000, const unsigned int 0x00000000, nsISupports * 0x00000000, const
unsigned short * 0x00000000) line 1485
nsHTMLFrameInnerFrame::ReloadURL() line 951 + 66 bytes
nsHTMLFrameOuterFrame::AttributeChanged(nsHTMLFrameOuterFrame * const
0x020a0498, nsIPresContext * 0x02b204a0, nsIContent * 0x02c42cbc, int
0x00000000, nsIAtom * 0x015e5ed0 {"src"}, int 0x00000002) line 414
nsCSSFrameConstructor::AttributeChanged(nsCSSFrameConstructor * const
0x02b9a9b0, nsIPresContext * 0x02b204a0, nsIContent * 0x02c42cbc, int
0x00000000, nsIAtom * 0x015e5ed0 {"src"}, int 0x00000002) line 7615 + 35 bytes
StyleSetImpl::AttributeChanged(StyleSetImpl * const 0x02b9aa50, nsIPresContext
* 0x02b204a0, nsIContent * 0x02c42cbc, int 0x00000000, nsIAtom * 0x015e5ed0
{"src"}, int 0xffffffff) line 996
PresShell::AttributeChanged(PresShell * const 0x02b9a7b8, nsIDocument *
0x02b21ad0, nsIContent * 0x02c42cbc, int 0x00000000, nsIAtom * 0x015e5ed0
{"src"}, int 0xffffffff) line 2385 + 57 bytes
nsXULDocument::AttributeChanged(nsXULDocument * const 0x02b21ad0, nsIContent *
0x02c42cbc, int 0x00000000, nsIAtom * 0x015e5ed0 {"src"}, int 0xffffffff) line
1394
nsGenericHTMLElement::SetAttribute(int 0x00000000, nsIAtom * 0x015e5ed0
{"src"}, const nsString & {"chrome://related/content/related-panel.xul"}, int
0x00000001) line 734
nsHTMLIFrameElement::SetAttribute(nsHTMLIFrameElement * const 0x02c42cbc, int
0x00000000, nsIAtom * 0x015e5ed0 {"src"}, const nsString &
{"chrome://related/content/related-panel.xul"}, int 0x00000001) line 89 + 30
bytes
nsGenericElement::SetAttribute(const nsString & {"src"}, const nsString &
{"chrome://related/content/related-panel.xul"}) line 426 + 32 bytes
nsGenericHTMLElement::SetAttribute(const nsString & {"src"}, const nsString &
{"chrome://related/content/related-panel.xul"}) line 80
nsHTMLIFrameElement::SetAttribute(nsHTMLIFrameElement * const 0x02c42cb0, const
nsString & {"src"}, const nsString &
{"chrome://related/content/related-panel.xul"}) line 55 + 22 bytes
ElementSetAttribute(JSContext * 0x02b26e90, JSObject * 0x0205e5e0, unsigned int
0x00000002, long * 0x0201b014, long * 0x0012db68) line 263 + 26 bytes
js_Invoke(JSContext * 0x02b26e90, unsigned int 0x00000002, unsigned int
0x00000000) line 665 + 26 bytes
js_Interpret(JSContext * 0x02b26e90, long * 0x0012e3d8) line 2226 + 15 bytes
js_Invoke(JSContext * 0x02b26e90, unsigned int 0x00000002, unsigned int
0x00000000) line 681 + 13 bytes
js_Interpret(JSContext * 0x02b26e90, long * 0x0012ec04) line 2226 + 15 bytes
js_Invoke(JSContext * 0x02b26e90, unsigned int 0x00000001, unsigned int
0x00000002) line 681 + 13 bytes
js_InternalCall(JSContext * 0x02b26e90, JSObject * 0x01ff8780, long 0x00da2940,
unsigned int 0x00000001, long * 0x0012ed78, long * 0x0012ed34) line 758 + 15
bytes
JS_CallFunctionValue(JSContext * 0x02b26e90, JSObject * 0x01ff8780, long
0x00da2940, unsigned int 0x00000001, long * 0x0012ed78, long * 0x0012ed34) line
2758 + 29 bytes
nsJSContext::CallEventHandler(nsJSContext * const 0x02b201a0, void *
0x01ff8780, void * 0x00da2940, unsigned int 0x00000001, void * 0x0012ed78, int
* 0x0012ed74) line 564 + 33 bytes
nsJSDOMEventListener::HandleEvent(nsIDOMEvent * 0x02c13944) line 94 + 47 bytes
nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x02c43a80,
nsIDOMEvent * 0x02c13944, unsigned int 0x00000001) line 640 + 19 bytes
nsEventListenerManager::HandleEvent(nsIPresContext * 0x02b204a0, nsEvent *
0x0012f574, nsIDOMEvent * * 0x0012f0d8, unsigned int 0x00000007, nsEventStatus
* 0x0012f5b4) line 1191 + 31 bytes
GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x02b20204,
nsIPresContext * 0x02b204a0, nsEvent * 0x0012f574, nsIDOMEvent * * 0x0012f0d8,
unsigned int 0x00000001, nsEventStatus * 0x0012f5b4) line 3251
nsWebShell::OnEndDocumentLoad(nsWebShell * const 0x02b25590, nsIDocumentLoader
* 0x02b22c70, nsIChannel * 0x02b27cb0, unsigned int 0x804b0002) line 3089 + 34
bytes
nsDocLoaderImpl::FireOnEndDocumentLoad(nsDocLoaderImpl * 0x02b22c70, nsIChannel
* 0x02b27cb0, unsigned int 0x804b0002) line 822
nsDocLoaderImpl::DocLoaderIsEmpty(unsigned int 0x804b0002) line 713
nsDocLoaderImpl::OnStopRequest(nsDocLoaderImpl * const 0x02b22c74, nsIChannel *
0x02b27cb0, nsISupports * 0x00000000, unsigned int 0x804b0002, const unsigned
short * 0x00000000) line 657
nsLoadGroup::RemoveChannel(nsLoadGroup * const 0x02b22b60, nsIChannel *
0x02b27cb0, nsISupports * 0x00000000, unsigned int 0x804b0002, const unsigned
short * 0x00000000) line 535 + 42 bytes
nsLoadGroup::Cancel(nsLoadGroup * const 0x02b22b60) line 218
nsDocLoaderImpl::Stop(nsDocLoaderImpl * const 0x02b22c70) line 420 + 26 bytes
nsWebShell::Stop(nsWebShell * const 0x02b25580) line 2202
nsWebShell::Destroy(nsWebShell * const 0x02b254dc) line 3745
nsWebShellWindow::Close(nsWebShellWindow * const 0x02b22a10) line 440
nsWebShellWindow::HandleEvent(nsGUIEvent * 0x0012f8d8) line 505
nsWindow::DispatchEvent(nsWindow * const 0x02b24b14, nsGUIEvent * 0x0012f8d8,
nsEventStatus & nsEventStatus_eIgnore) line 502 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f8d8) line 523
nsWindow::DispatchStandardEvent(unsigned int 0x00000065) line 543 + 15 bytes
nsWindow::ProcessMessage(unsigned int 0x00000010, unsigned int 0x00000000, long
0x00000000, long * 0x0012faf4) line 2597
nsWindow::WindowProc(HWND__ * 0x033e06b2, unsigned int 0x00000010, unsigned int
0x00000000, long 0x00000000) line 689 + 27 bytes
USER32! 77e719d0()
USER32! 77e71982()
NTDLL! 77f763a3()
USER32! 77e718d2()
nsWindow::DefaultWindowProc(HWND__ * 0x033e06b2, unsigned int 0x00000112,
unsigned int 0x0000f060, long 0x005c042c) line 716
USER32! 77e727fe()
USER32! 77e72889()
nsWindow::WindowProc(HWND__ * 0x033e06b2, unsigned int 0x00000112, unsigned int
0x0000f060, long 0x005c042c) line 696 + 31 bytes
USER32! 77e719d0()
USER32! 77e71982()
NTDLL! 77f763a3()
USER32! 77e718d2()
nsWindow::DefaultWindowProc(HWND__ * 0x033e06b2, unsigned int 0x000000a1,
unsigned int 0x00000014, long 0x005c042c) line 716
USER32! 77e727fe()
USER32! 77e72889()
nsWindow::WindowProc(HWND__ * 0x033e06b2, unsigned int 0x000000a1, unsigned int
0x00000014, long 0x005c042c) line 696 + 31 bytes
USER32! 77e71820()
rv = listener->CanHandleContent(aContentType, aCommand,
aWindowTarget,
aContentTypeToUse,
&canHandleContent);
I think listener is bad. It's vtable ptr is 0x80000001. Must be a bad
assumption about its lifetime w.r.t. window destruction.
Assignee | ||
Comment 1•25 years ago
|
||
Warren is this a browser chrome window you are closing or like a JS pop up
window? I can't seem to reproduce this from my debug build from today...
Updated•25 years ago
|
Severity: normal → critical
Reporter | ||
Comment 2•25 years ago
|
||
It was a browser window with chrome. I was trying to reproduce Bug#20604
(without any luck) -- clicking on the menu items pops up new windows (although
the content it's looking for can't be found). I either clicked the close box on
the new window, or typed Ctrl-W (I forget) and I got the crash.
BULK MOVE: Changing component from XUL to XP Toolkit/Widgets: XUL. XUL
component will be deleted.
Component: XUL → XP Toolkit/Widgets: XUL
Assignee | ||
Comment 5•25 years ago
|
||
I'm still trying to get this to happen on my machine.
Whiteboard: haven't been able to reproduce this yet.
Adding "crash" keyword to all known open crasher bugs.
Keywords: crash
Assignee | ||
Comment 7•25 years ago
|
||
waterson saw a similar crash Saturday but he hasn't been able to reproduce it again.
I have a theory. Right now, the browser window and the mail window register
themselves as nsIURIContentListeners with the uriloader when they are first
created. The method for registration on the loader looks like:
RegisterContentListener(nsIURIContentListener * aContentListener)
and it adds the content listener to a void array.
When I call regiserContentListener, I am passing in the this ptr for the window
instead of QI (or casting it) explicitly to a nsIURIContentListener.
In the destructor for the browser instance / msg window, we unregister
ourselves, again passing in the this ptr for the content listener.
The uri loader then calls removeElement on the void array.
I wonder if by not explicitly casting to a nsIURIContentListener before
registering and unregistering the listener, the void array is failing to find
the element when it goes to remove it.
I'm adding some code to my build to detect this condition in case this is indeed
what's going on.
Although it's difficult because we haven't been able to reliably reproduce the
crash.
Status: NEW → ASSIGNED
Target Milestone: M14
Assignee | ||
Comment 8•25 years ago
|
||
I found a scenario I could reproduce where the mail window registered itself
twice with the uri loader. And when you dismissed the mail window, it of course
only gets removed once. I fixed the problem where it registered twice.
Since making that change, I hven't been able to generate any crashes in
DispatchContent due to deleted content listeners.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Comment 9•25 years ago
|
||
please ignore, massive spam giving jrgm@netscape.com backlog of XPToolkits
resolved fixed bugs to verify
QA Contact: paulmac → jrgm
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: jrgmorrison → xptoolkit.widgets
You need to log in
before you can comment on or make changes to this bug.
Description
•