Closed
Bug 3751
Opened 26 years ago
Closed 26 years ago
Resizing window with image selected crashes Gecko
Categories
(Core :: DOM: Selection, defect, P1)
Tracking
()
VERIFIED
FIXED
M3
People
(Reporter: elig, Assigned: mjudge)
Details
* TITLE/SUMMARY
Resizing window with image selected crashes Gecko
* STEPS TO REPRODUCE
0) Launch Viewer or Apprunner
1) Go to any page with images (I used www.macintouch.com)
2) Select an image and nearby text block (i.e. I dragged the mouse from a few
pixels above the MacInTouch banner, and to the end of the "Resources" navigation
label)
3) Resize the window
* RESULT
- What happened
Immediate crash.
- What was expected
Resize.
* REGRESSION
- Occurs On
AppRunner & viewer (3.15.99 optimized build for Mac OS)
AppRunner & viewer (3.11.99 optimized build for Win32 [NT 4, Service Pack
3])
viewer (3.11.99 [I think] optimized build for Linux)
- Doesn't Occur On
Communicator 4.51 RTM (Mac OS)
* CONFIGURATIONS TESTED
- [Mac] Power Mac 8500/120 (233 Mhz 604e), 64 MB RAM (VM on; 1 MB of VM used),
1024x768 (Thousands of Colors), Mac OS 8.5.1
- [Win32] Vectra VL (233 Mhz P2), 96 MB RAM, 800x600 (True Color), NT 4.0 SP3.
- [Linux] Vectra VL (266 Mhz P2), 96 MB RAM.
* STACK CRAWL (Mac OS)
PowerPC unmapped memory exception at 0B22DD14
NS_NewNameSpaceManager(nsINameSpaceManager**)+22F4C
Calling chain using A6/R1 links
Back chain ISA Caller
00000000 PPC 0BE6A77C
02E3CB40 PPC 0BE69A64
02E3CA50 PPC 0B89EF9C NSGetFactory+004F0
02E3CA10 PPC 0B44DBB8 nsMacMessageSink::IsRaptorWindow(GrafPort*)+00E84
02E3C930 PPC 0B44E0CC nsMacMessageSink::IsRaptorWindow(GrafPort*)+01398
02E3C8D0 PPC 0B44E454 nsMacMessageSink::IsRaptorWindow(GrafPort*)+01720
02E3C840 PPC 0B44E7B8 nsMacMessageSink::IsRaptorWindow(GrafPort*)+01A84
02E3C7F0 PPC 0B44C274 nsMacMessageSink::DispatchOSEvent(EventRecord&,
GrafPort*)+00038
02E3C7B0 PPC 0B4494A4 NS_GetWidgetNativeData(nsISupports*, void**)+084E4
02E3C750 PPC 0B4496A0 NS_GetWidgetNativeData(nsISupports*, void**)+086E0
02E3C710 PPC 0B449E44 NS_GetWidgetNativeData(nsISupports*, void**)+08E84
02E3C670 PPC 0B449404 NS_GetWidgetNativeData(nsISupports*, void**)+08444
02E3C620 PPC 0B43B0FC
02E3C5E0 PPC 0B43C070
02E3C570 PPC 0B43BD70
02E3C530 PPC 0B43BCE8
02E3C4E0 PPC 0B89C3AC
02E3C480 PPC 0B3A4658 NS_NewThrobberFactory+016F8
02E3C400 PPC 0B3A1358 NSGetFactory+00CEC
02E3C3C0 PPC 0B43B150
02E3C370 PPC 0B43B0FC
02E3C330 PPC 0B43C070
02E3C2C0 PPC 0B43BD70
02E3C280 PPC 0B43BCE8
02E3C230 PPC 0B35B598 NSGetFactory+02D2C
02E3C1E0 PPC 0B359CCC NSGetFactory+01460
02E3C0A0 PPC 0B359308 NSGetFactory+00A9C
02E3C050 PPC 0B0D1108 NS_NewPresShell(nsIPresShell**)+03714
02E3C010 PPC 0B0CF028 NS_NewPresShell(nsIPresShell**)+01634
02E3BEB0 PPC 0B21A9C8 NS_NewNameSpaceManager(nsINameSpaceManager**)+0FC00
02E3BD40 PPC 0B0C2AD8
02E3BCE0 PPC 0B12C298 NS_NewFrameImageLoader(nsIFrameImageLoader**)+021E8
02E3B9B0 PPC 0B0C2AD8
02E3B950 PPC 0B133E84 NS_NewEventListenerManager(nsIEventListenerManager**
)+045C0
02E3B7A0 PPC 0B0C2AD8
02E3B740 PPC 0B20F40C NS_NewNameSpaceManager(nsINameSpaceManager**)+04644
02E3B610 PPC 0B1C2DF0 NS_NewImageDocument(nsIDocument**)+8E6D0
02E3AB50 PPC 0B1C39BC NS_NewImageDocument(nsIDocument**)+8F29C
02E3AAD0 PPC 0B1C3DF4 NS_NewImageDocument(nsIDocument**)+8F6D4
02E3AA50 PPC 0B1C4CA4 NS_NewImageDocument(nsIDocument**)+90584
Closing log
this is not good. I will lookinto this as soon as I have a tree
Updated•26 years ago
|
Priority: P3 → P1
Comment 2•26 years ago
|
||
Changed to priority P1 since this is a crasher
Stack trace for Win32 is:
getNextFrame(nsIFrame * 0x00000000) line 670 + 9 bytes
nsRangeList::ResetSelection(nsRangeList * const 0x0173cad0, nsIFocusTracker *
0x0173ca0c, nsIFrame * 0x0173dbb0) line 1012 + 9 bytes
PresShell::ResizeReflow(PresShell * const 0x0173ca00, int 9195, int 4470) line
925
PresShell::ResizeReflow(PresShell * const 0x0173ca04, nsIView * 0x0173b520, int
9195, int 4470) line 1981
nsViewManager::SetWindowDimensions(nsViewManager * const 0x0173a120, int 9195,
int 4470) line 357
nsViewManager::DispatchEvent(nsViewManager * const 0x0173a120, nsGUIEvent *
0x0012f570, nsEventStatus & nsEventStatus_eIgnore) line 1578
HandleEvent(nsGUIEvent * 0x0012f570) line 64
nsWindow::DispatchEvent(nsWindow * const 0x0173b600, nsGUIEvent * 0x0012f570,
nsEventStatus & nsEventStatus_eIgnore) line 399 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f570) line 415
nsWindow::OnResize(nsRect & {...}) line 2307 + 15 bytes
nsWindow::ProcessMessage(unsigned int 71, unsigned int 0, long 1243324, long *
0x0012f850) line 1930 + 24 bytes
nsWindow::WindowProc(void * 0x002d0488, unsigned int 71, unsigned int 0, long
1243324) line 458 + 27 bytes
USER32! 77e71ab7()
USER32! 77e72fbe()
NTDLL! 77f7624f()
DocumentViewerImpl::SetBounds(DocumentViewerImpl * const 0x016bcaf0, const
nsRect & {...}) line 435
nsWebShell::SetBounds(nsWebShell * const 0x016b0700, int 0, int 32, int 613, int
298) line 875
nsBrowserWindow::Layout(int 613, int 354) line 1479
HandleBrowserEvent(nsGUIEvent * 0x0012fa1c) line 312
nsWindow::DispatchEvent(nsWindow * const 0x016b0130, nsGUIEvent * 0x0012fa1c,
nsEventStatus & nsEventStatus_eIgnore) line 399 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fa1c) line 415
nsWindow::OnResize(nsRect & {...}) line 2307 + 15 bytes
nsWindow::ProcessMessage(unsigned int 71, unsigned int 0, long 1244520, long *
0x0012fcfc) line 1930 + 24 bytes
nsWindow::WindowProc(void * 0x00330508, unsigned int 71, unsigned int 0, long
1244520) line 458 + 27 bytes
USER32! 77e71ab7()
USER32! 77e72fbe()
NTDLL! 77f7624f()
USER32! 77e7288d()
USER32! 77e72918()
nsWindow::WindowProc(void * 0x00330508, unsigned int 274, unsigned int 61448,
long 25952872) line 470
USER32! 77e71ab7()
USER32! 77e71a77()
NTDLL! 77f7624f()
USER32! 77e7288d()
USER32! 77e72918()
nsWindow::WindowProc(void * 0x00330508, unsigned int 161, unsigned int 17, long
25952872) line 470
USER32! 77e71250()
This bug can be fixed by modifying getNextFrame(), in nsRangeList.cpp, to check
if parent is null before using it:
Index: nsRangeList.cpp
===================================================================
RCS file: /cvsroot/mozilla/layout/base/src/nsRangeList.cpp,v
retrieving revision 1.67
diff -c -r1.67 nsRangeList.cpp
*** nsRangeList.cpp 1999/03/15 05:04:34 1.67
--- nsRangeList.cpp 1999/03/15 22:04:20
***************
*** 667,673 ****
{
nsIFrame *result;
nsIFrame *parent = aStart;
! if (NS_SUCCEEDED(parent->FirstChild(nsnull, &result)) && result){
return result;
}
while(parent){
--- 667,673 ----
{
nsIFrame *result;
nsIFrame *parent = aStart;
! if (parent && NS_SUCCEEDED(parent->FirstChild(nsnull, &result)) && result){
return result;
}
while(parent){
Updated•26 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Comment 5•26 years ago
|
||
checked in fix (joe & kin)
Reporter | ||
Comment 6•26 years ago
|
||
you guys are scary... (that's a compliment. ;)
Reporter | ||
Updated•26 years ago
|
Status: RESOLVED → VERIFIED
Reporter | ||
Comment 7•26 years ago
|
||
Can't reproduce this crash on 3.17.99 Mac OS, Win32 or Linux builds (Apprunner).
[Tried resizing, scrolling, etc. I note that IE keeps the selected text selected
after a resize, whereas we're unselecting the text as part of a resize, as we did
in 4.5.]
Thus, saving Claudius the trip and marking as 'Verified'. Thanks!
Per a request from Selection and Search component eng (mjudge) and qa (elig),
moving all "Selection and Search" bugs to new "Selection" component. Original
"Selection and Search" component will be retired.
You need to log in
before you can comment on or make changes to this bug.
Description
•