Closed Bug 4395 Opened 26 years ago Closed 26 years ago

[PP]Crash on page resize - PPC unmapped mem exception at TrimRect

Categories

(Core Graveyard :: Tracking, defect, P1)

PowerPC
Mac System 8.5
defect

Tracking

(Not tracked)

VERIFIED WORKSFORME

People

(Reporter: glynn, Assigned: mcmullen)

References

()

Details

March 29 optimized Seamonkey apprunner builds *Mac only 1. Launch apprunner and go to http://abc.go.com and wait for page to load 2. Resize browser window down and right • Crash into Macsbug with PPC unmapped mem exception, will post crawl shortly, viewer does not crash.
Whiteboard: [PP]
MacsBug 6.5.4a6, Copyright Apple Computer, Inc. 1981-98 PowerPC unmapped memory exception at 0D42569C TrimRect+038C8 29-Mar-1999 5:53:27 PM (since boot = 2 hours, 38 minutes) Current application is ÒapprunnerÓ Machine = 312 (PowerBookG3Series), System $0851, sysu = $01008000 ROM version $077D, $41F5, $0002 (ROMBase $FFC00000) VM is on; paging is currently safe NIL^ = $FFC10000 Stack space used = -30387700 Address 0D42569C is in VM file-mapped logical memory space It is in the CFM fragment ÒNQDÓ at 0D41D2A0 It is 000083FC bytes from the start of the fragment and 0000837C bytes into a non-writeable code section at 0D41D320 PowerPC 740/750 Registers CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7 PC = 0D42569C CR 0100 1010 0000 0000 0000 1000 0010 1010 LR = 0D427F30 <>=O XEVO CTR = 0D425B40 MSR = 00000000 SOC Compare Count Int = 0 XER 001 00 00 MQ = 02ADF320 R0 = 0D428A60 R8 = 00000000 R16 = 00000000 R24 = 00000000 SP = 034B7740 R9 = 6F6C756D R17 = 00000000 R25 = 00000000 TOC = 002D32F8 R10 = 00000001 R18 = 00000000 R26 = 00000000 R3 = 6F6C756D R11 = 002D5558 R19 = 00000000 R27 = 00000009 R4 = 00000000 R12 = FFFF8024 R20 = 00000000 R28 = 02D72BCC R5 = 002D7770 R13 = 00000000 R21 = 02B2AE18 R29 = 00000030 R6 = 00000000 R14 = 00000000 R22 = 00000000 R30 = 034B78B2 R7 = 00000040 R15 = 00000000 R23 = 00000000 R31 = 034B7828 Disassembling PowerPC code from 0D425674 TrimRect +038A0 0D425674 lwz r0,0x0000(r25) | 80190000 +038A4 0D425678 stw r0,0x0004(r27) | 901B0004 +038A8 0D42567C stw r26,0x000C(r27) | 935B000C +038AC 0D425680 stw r27,0x0000(r25) | 93790000 +038B0 0D425684 mr r3,r27 | 7F63DB78 +038B4 0D425688 addi SP,SP,0x0060 | 38210060 +038B8 0D42568C lwz r0,0x0008(SP) | 80010008 +038BC 0D425690 mtlr r0 ; LR = 0x0008 | 7C0803A6 +038C0 0D425694 lmw r25,-0x001C(SP) | BB21FFE4 +038C4 0D425698 blr | 4E800020 +038C8 0D42569C *lha r12,0x0004(r3) | A9830004 +038CC 0D4256A0 cmpwi r12,0x0000 | 2C0C0000 +038D0 0D4256A4 bge TrimRect+038E4 ; 0x0D4256B8 | 40800014 +038D4 0D4256A8 rlwinm. r4,r12,0x00,0x11,0x11 | 55840463 +038D8 0D4256AC beq TrimRect+038E4 ; 0x0D4256B8 | 4182000C +038DC 0D4256B0 lwz r4,0x0000(r3) | 80830000 +038E0 0D4256B4 lwz r3,0x0000(r4) | 80640000 +038E4 0D4256B8 blr | 4E800020 +038E8 0D4256BC mflr r0 ; LR = 0x0008 | 7C0802A6 +038EC 0D4256C0 stmw r28,-0x0010(SP) | BF81FFF0 Heap zones #1 Mod 12727K 00002800 to 00C7065F SysZone^ #2 Mod 7K 0000C650 to 0000E51F ROM read-only zone #3 Mod 256K 0083F180 to 0087F17F #4 Mod 256K 008D9640 to 0091963F #5 Mod 64K 00982540 to 0099253F #6 Mod 70829K 00C70660 to 0519BA9F Process Manager zone #7 Mod 9801K 02ADABE0 to 0346D2DF ÒapprunnerÓ ApplZone^ TheZone^ TargetZone #8 Mod 8217K 03787A30 to 03F8E12F ÒNetscape CommunicatorªÓ #9 Mod 4057K 03FA2240 to 0439893F ÒInternet Explorer 4.5Ó #10 Mod 1026K 0403C120 to 0413C91F #11 Mod 410K 04D9B260 to 04E01C0F ÒStickiesÓ #12 Mod 18K 04E7D320 to 04E81BDF #13 Mod 793K 04E820F0 to 04F487EF ÒSpeed Doublerª 8Ó #14 Mod 942K 04F72870 to 0505E36F ÒFinderÓ #15 Mod 83K 05072C00 to 05087AFF ÒTime SynchronizerÓ #16 Mod 361K 05096390 to 050F0A8F ÒFolder ActionsÓ #17 Mod 89K 05141640 to 05157D3F ÒControl Strip ExtensionÓ #18 Mod 6143K 05500000 to 05AFFFCF #19 Mod 216K 05561370 to 0559736F #20 Mod 27K 055FB450 to 0560217F Checking all heaps The System heap at 00002800 is ok The ROM read-only heap at 0000C650 is ok The heap at 0083F180 is ok The heap at 008D9640 is ok The heap at 00982540 is ok The Process Manager heap at 00C70660 is ok The ÒapprunnerÓ heap at 02ADABE0 is ok The ÒNetscape CommunicatorªÓ heap at 03787A30 is ok The ÒInternet Explorer 4.5Ó heap at 03FA2240 is ok The heap at 0403C120 is ok The ÒStickiesÓ heap at 04D9B260 is ok The heap at 04E7D320 is ok The ÒSpeed Doublerª 8Ó heap at 04E820F0 is ok The ÒFinderÓ heap at 04F72870 is ok The ÒTime SynchronizerÓ heap at 05072C00 is ok The ÒFolder ActionsÓ heap at 05096390 is ok The ÒControl Strip ExtensionÓ heap at 05141640 is ok Totaling the ÒapprunnerÓ heap at 02ADABE0 Total Blocks Total of Block Sizes Free 0007 #7 002E9500 #3052800 Nonrelocatable 00A1 #161 00696CCC #6909132 Relocatable 056D #1389 000124F0 #74992 Locked 0000 #0 00000000 #0 Purgeable and not locked 0000 #0 00000000 #0 Heap size 0615 #1557 009926BC #10036924 The target heap is the System heap at 00002800 Totaling the System heap at 00002800 Total Blocks Total of Block Sizes Free 001A #26 00008A80 #35456 Nonrelocatable 0CB1 #3249 005C2D0C #6040844 Relocatable 0A93 #2707 006A2690 #6956688 Locked 021A #538 003F3D10 #4144400 Purgeable and not locked 0079 #121 00172740 #1517376 Heap size 175E #5982 00C6DE1C #13032988 The target heap is the ÒapprunnerÓ heap at 02ADABE0 Displaying Driver Control Entries No drivers are busy. Displaying resource information: > Map $02ADAD68, flags $0000, file $23FE = apprunner + Map $000031DC, flags $801A, file $0003 = ¥ROM resources that override System¥ S Map $000032E8, flags $200D, file $0002 = System Map $000D5174, flags $001C, file $17E0 = WorldScript II Resources Map $00003124, flags $0014, file $01D8 = System Resources [Skipped $0039 maps belonging to font files] Calling chain using A6/R1 links Back chain ISA Caller 00000000 PPC 0C278A50 034B9140 PPC 0C277BA8 main+0053C 034B9050 PPC 0BBF3D24 nsAppShellService::Run()+00018 034B9010 PPC 0C014878 nsAppShell::Run()+00038 034B8F90 PPC 0C0151A0 nsMacMessagePump::DoMessagePump()+0003C 034B8F40 PPC 0C015348 nsMacMessagePump::DispatchEvent(int, EventRecord*)+ 00084 034B8EF0 PPC 0C0154B4 nsMacMessagePump::DoUpdate(EventRecord&)+0004C 034B8EA0 PPC 0C015C3C nsMacMessagePump::DispatchOSEventToRaptor(EventRecord&, GrafPort *)+00044 034B8E50 PPC 0C0101D4 nsMacMessageSink::DispatchOSEvent(EventRecord&, GrafPort*)+00038 034B8E10 PPC 0C00C3B0 nsMacWindow::HandleOSEvent(EventRecord&)+00020 034B8DB0 PPC 0C00C6E4 nsMacEventHandler::HandleOSEvent(EventRecord&)+0006C 034B8D70 PPC 0C00D178 nsMacEventHandler::HandleUpdateEvent(EventRecord&)+ 00018 034B8D30 PPC 0BFF7F6C nsWindow::HandleUpdateEvent()+0016C 034B8CB0 PPC 0BFF8170 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext* )+00190 034B8C10 PPC 0BFF8170 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext* )+00190 034B8B70 PPC 0BFF8170 nsWindow::UpdateWidget(nsRect&, nsIRenderingContext* )+00190 034B8AD0 PPC 0BFF806C nsWindow::UpdateWidget(nsRect&, nsIRenderingContext* )+0008C 034B8A30 PPC 0BFF8678 nsWindow::DispatchWindowEvent(nsGUIEvent&)+00018 034B89F0 PPC 0BFF85A4 nsWindow::DispatchEvent(nsGUIEvent*, nsEventStatus& )+00090 034B89A0 PPC 0BB79860 HandleEvent(nsGUIEvent*)+00058 034B8950 PPC 0BB77784 nsViewManager::DispatchEvent(nsGUIEvent*, nsEventStatus&)+002E8 034B8810 PPC 0BB76C3C nsViewManager::Refresh(nsIView*, nsIRenderingContext*, const nsR ect*, unsigned int)+0016C 034B8750 PPC 0BB76E00 nsViewManager::RenderViews(nsIView*, nsIRenderingContext&, const nsRect&, int&)+00024 034B8710 PPC 0BB7A474 nsView::Paint(nsIRenderingContext&, const nsRect&, unsigned int, int&)+00438 034B84A0 PPC 0BB7AD14 nsView::Paint(nsIRenderingContext&, const nsRect&, unsigned int, int&)+00CD8 034B8230 PPC 0BCBBA38 PresShell::Paint(nsIView*, nsIRenderingContext&, const nsRect&)+ 00060 034B81D0 PPC 0BCCA474 nsHTMLContainerFrame::Paint(nsIPresContext&, nsIRenderingContext &, const nsRect&, nsFramePaintLayer)+00150 034B8150 PPC 0BCA5EAC nsContainerFrame::PaintChildren(nsIPresContext&, nsIRenderingCon text&, const nsRect&, nsFramePaintLayer)+000C8 034B80E0 PPC 0BCA60E4 nsContainerFrame::PaintChild(nsIPresContext&, nsIRenderingContex t&, const nsRect&, nsIFrame*, nsFramePaintLayer)+0015C 034B8050 PPC 0BE48100 nsBlockFrame::Paint(nsIPresContext&, nsIRenderingContext&, const nsRect&, nsFramePaintLayer)+001D4 034B7FB0 PPC 0BE4839C nsBlockFrame::PaintChildren(nsIPresContext&, nsIRenderingContext &, const nsRect&, nsFramePaintLayer)+00090 034B7F40 PPC 0BCA60E4 nsContainerFrame::PaintChild(nsIPresContext&, nsIRenderingContex t&, const nsRect&, nsIFrame*, nsFramePaintLayer)+0015C 034B7EB0 PPC 0BE48100 nsBlockFrame::Paint(nsIPresContext&, nsIRenderingContext&, const nsRect&, nsFramePaintLayer)+001D4 034B7E10 PPC 0BE4839C nsBlockFrame::PaintChildren(nsIPresContext&, nsIRenderingContext &, const nsRect&, nsFramePaintLayer)+00090 034B7DA0 PPC 0BCA60E4 nsContainerFrame::PaintChild(nsIPresContext&, nsIRenderingContex t&, const nsRect&, nsIFrame*, nsFramePaintLayer)+0015C 034B7D10 PPC 0BEB893C nsToolboxFrame::Paint(nsIPresContext&, nsIRenderingContext&, con st nsRect&, nsFramePaintLayer)+00034 034B7CC0 PPC 0BEB8A20 nsToolboxFrame::DrawGrippies(nsIPresContext&, nsIRenderingContex t&) const+00054 034B7C70 PPC 0BEB8B98 nsToolboxFrame::DrawGrippy(nsIPresContext&, nsIRenderingContext& , const nsRect&, int) const+000EC 034B7BF0 PPC 0BCF92D0 nsCSSRendering::PaintBackground(nsIPresContext&, nsIRenderingCon text&, nsIFrame*, const nsRect&, const nsRect&, const nsStyleColor&, const nsStyleSpacing&, i nt, int)+00470 034B7AF0 PPC 0BFE962C nsRenderingContextMac::DrawImage(nsIImage*, int, int, int, int)+ 0003C 034B7AA0 PPC 0BFE98C4 nsRenderingContextMac::DrawImage(nsIImage*, const nsRect&)+000A4 034B7A40 PPC 0BFE05A8 nsImageMac::Draw(nsIRenderingContext&, void*, int, int, int, int )+00034 034B79F0 PPC 0BFE050C nsImageMac::Draw(nsIRenderingContext&, void*, int, int, int, int , int, int, int, int)+0013C 034B7960 PPC FFD6D5D8 CopyBits+0003C 034B7920 PPC 0D428CE4 NQDCopyBits+000B0 034B77F0 PPC 0D428A5C NQDCalcMask+00C68 Return addresses on the stack Stack Addr Frame Addr ISA Caller 034B7B38 68K 02C4B43E 034B7B14 68K 030DFCBE 034B7B08 PPC 0BEB7FF0 nsToolbarFrame::Paint(nsIPresContext&, nsIRendering Context&, const nsRect&, nsFramePaintLayer)+0000C 034B7AF8 PPC 0BCF92D0 nsCSSRendering::PaintBackground(nsIPresContext&, ns IRenderingContext&, nsIFrame*, const nsRect&, const nsRect&, const nsStyleColor&, const nsSty leSpacing&, int, int)+00470 034B7AF4 68K 030DFCBE 034B7AE2 68K 00B3FFFE 034B7AB8 034B7AB0 PPC 0BFE7464 nsRenderingContextMac::FillRect(const nsRect&)+0002 8 034B7AB4 034B7AB0 68K 030DFCBE 034B7AA8 034B7AA0 PPC 0BFE962C nsRenderingContextMac::DrawImage(nsIImage*, int, in t, int, int)+0003C 034B7AA4 034B7AA0 68K 030DFCBE 034B7A96 68K 00B3FFFE 034B7A64 034B7A60 68K 030DFCBE 034B7A58 034B7A50 PPC 0BFE4B38 GraphicState::Duplicate(GraphicState*)+ 00088 034B7A54 034B7A50 68K 030DFCBE 034B7A48 034B7A40 PPC 0BFE98C4 nsRenderingContextMac::DrawImage(nsIImage*, const n sRect&)+000A4 034B7A44 034B7A40 68K 030DFCBE 034B7A38 PPC 0BFE671C nsRenderingContextMac::SetClipRectInPixels(const ns Rect&, nsClipCombine, int&)+00140 034B7A24 034B7A20 68K 030DFCBE 034B7A18 034B7A10 PPC 0BFE4C04 GraphicState::DuplicateRgn(MacRegion** )+00034 034B7A08 034B7A00 PPC FFD6C5C0 GetPort+0001C 034B7A04 034B7A00 68K 030DFCBE 034B79F8 034B79F0 PPC 0BFE05A8 nsImageMac::Draw(nsIRenderingContext&, void*, int, int, int, int)+00034 034B7978 034B7970 PPC FFD6D14C CopyRgn+00020 034B7974 034B7970 68K 030DFCBE 034B7968 034B7960 PPC 0BFE050C nsImageMac::Draw(nsIRenderingContext&, void*, int, int, int, int, int, int, int, int)+0013C 034B7938 034B7930 PPC 0D4C3FF8 __DisposeHandle+00010 034B7928 034B7920 PPC FFD6D5D8 CopyBits+0003C 034B78F8 034B78F0 PPC FFD6D1D0 SetRectRgn+00038 034B78D8 034B78D0 PPC 0D41DC58 NQDRGBBackColor+00080 034B78B4 034B78B0 68K 030DFCBE 034B7898 034B7890 PPC FFD6E9C4 Color2Index+0001C 034B788C 034B7888 68K 030F122E 034B77F8 034B77F0 PPC 0D428CE4 NQDCopyBits+000B0 034B77D8 PPC 0C2653AC free+00030 034B77C4 034B77C0 68K 02ADF31E 034B77B8 034B77B0 PPC 0C265344 malloc+00040 034B7798 034B7790 PPC 0D428A5C NQDCalcMask+00C68 034B7778 68K 002D566A 034B7748 034B7740 PPC 0BFD709C nsFont::~nsFont()+00024 Displaying memory from 0 00000000 FFC1 0000 FFC1 0000 001D CFB6 001D CFB8 ÿÁ¥¥ÿÁ¥¥¥¥Ï¶¥¥Ï¸ 00000010 001D CFBA 001D CFBC FFC0 3378 FFC0 337A ¥¥Ïº¥¥Ï*ÿÀ3xÿÀ3z
http://www.gte.com also results in same crash/stack crawl just letting page try to load on Mac and Linux just quits itself...
Assignee: don → mcmullen
Priority: P3 → P1
Target Milestone: M5
Re-assigned to mcmullen@netscape.com, set target milestone to M5, and changed priority to P1.
Status: NEW → ASSIGNED
Accepting.
QA Contact: 3853 → 3849
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → WORKSFORME
With my current M4 build (pulled last night, actually) it does not crash now when you carry out these steps. Much code has been checked in since the bug was filed. Marking WorksForMe.
this site hangs when visiting that URL on the 4/21 build on Mac.
Status: RESOLVED → VERIFIED
verifed as worksforme using 1999042508 build on Mac 8.5
Summary: Crash on page resize - PPC unmapped mem exception at TrimRect → [PP]Crash on page resize - PPC unmapped mem exception at TrimRect
Whiteboard: [PP]
Moving from Apprunner to Other component temporarily whilst don and I set proper component. Apprunner component will be retired/deleted shortly.
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.