Closed Bug 6295 Opened 25 years ago Closed 25 years ago

Crash exiting editor window

Categories

(Core :: DOM: Editor, defect, P3)

x86
Linux
defect

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: akkzilla, Assigned: sfraser_bugs)

Details

Linux: run apprunner -editor, then exit using Exit from the File menu. The app crashes (most of the time but not 100% of the time), with this stack trace: #3 0x4001c225 in nsAppShellService::Shutdown (this=0x8079180) at /builds/tue/mozilla/xpfe/appshell/src/nsAppShellService.cpp:216 #4 0x40f45a58 in nsEditorAppCore::Exit (this=0x820b750) at /builds/tue/mozilla/xpfe/AppCores/src/nsEditorAppCore.cpp:1446 #5 0x40f52176 in EditorAppCoreExit (cx=0x8126fd8, obj=0x81ad1b0, argc=0, argv=0x81b3e30, rval=0xbfffe2e8) at /builds/tue/mozilla/xpfe/AppCores/src/nsJSEditorAppCore.cpp:1107 #6 0x403f692b in js_Invoke (cx=0x8126fd8, argc=0, constructing=0) at /builds/tue/mozilla/js/src/jsinterp.c:650 #7 0x404070fe in js_Interpret (cx=0x8126fd8, result=0xbfffe6f0) at /builds/tue/mozilla/js/src/jsinterp.c:2199 #8 0x403f6989 in js_Invoke (cx=0x8126fd8, argc=0, constructing=0) at /builds/tue/mozilla/js/src/jsinterp.c:666 #9 0x404070fe in js_Interpret (cx=0x8126fd8, result=0xbfffeb24) at /builds/tue/mozilla/js/src/jsinterp.c:2199 #10 0x403f6989 in js_Invoke (cx=0x8126fd8, argc=1, constructing=0) at /builds/tue/mozilla/js/src/jsinterp.c:666 #11 0x403f6c40 in js_CallFunctionValue (cx=0x8126fd8, obj=0x81ad320, fval=135975720, argc=1, argv=0xbfffec80, rval=0xbfffec84) at /builds/tue/mozilla/js/src/jsinterp.c:735 #12 0x403d0829 in JS_CallFunctionValue (cx=0x8126fd8, obj=0x81ad320, fval=135975720, argc=1, argv=0xbfffec80, rval=0xbfffec84) at /builds/tue/mozilla/js/src/jsapi.c:2437 #13 0x403698bd in nsJSEventListener::HandleEvent (this=0x82562e0, aEvent=0x8198f58) at /builds/tue/mozilla/dom/src/events/nsJSEventListener.cpp:97 #14 0x40b8d116 in nsEventListenerManager::HandleEvent (this=0x8255ba8, aPresContext=@0x8117718, aEvent=0xbfffedd0, aDOMEvent=0xbfffed48, aFlags=3, aEventStatus=@0xbfffee04) at /builds/tue/mozilla/layout/events/src/nsEventListenerManager.cpp:561 #15 0x4095118e in RDFElementImpl::HandleDOMEvent (this=0x8255780, aPresContext=@0x8117718, aEvent=0xbfffedd0, aDOMEvent=0xbfffed48, aFlags=1, aEventStatus=@0xbfffee04) at /builds/tue/mozilla/rdf/content/src/nsRDFElement.cpp:2271 #16 0x400be772 in nsMenuItem::DoCommand (this=0x8257480) at /builds/tue/mozilla/widget/src/gtk/nsMenuItem.cpp:447 #17 0x400be19e in nsMenuItem::MenuItemSelected (this=0x8257480, aMenuEvent=@0xbfffee48) at /builds/tue/mozilla/widget/src/gtk/nsMenuItem.cpp:343 #18 0x400bf6f4 in menu_item_activate_handler (w=0x8256bc0, p=0x8257480) at /builds/tue/mozilla/widget/src/gtk/nsGtkEventHandler.cpp:440
I used the 5/11 build and it doesn't crash on exit for me..I tried it 4-5 times. You're simply using File | Quit right?
Yes, File | Quit. Maybe it's a debug-build thing.
Try openening two editor windows, then closing the second. Now it will crash, but I think for different reasons.
I fixed a leakage of the pres shell in DoEditorMode, which caused the usual caret crash after closing the window (bug 6339). But that looks like a different crash to this one. Leaving the bug open. Sujay, please test for this in Friday's build.
For what it's worth, in today's build this crash seems to have gone away -- I've tried running apprunner -editor as well as running apprunner and bringing up multiple editor windows and closing them one by one, and haven't seen any close-window crashes so far. At least as far as my linux debug build, this looks fixed.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
Given akkana's comments, I'm marking this a dup of bug 6339. It was probably caused by the same problem. *** This bug has been marked as a duplicate of 6339 ***
Status: RESOLVED → VERIFIED
verified in 5/14 build.
Status: VERIFIED → REOPENED
This is back as of the 5/24 build; wasn't here last Friday.
Remove resolution
Resolution: DUPLICATE → ---
This seems to have been caused, indirectly, by charlie's focus() call that was added to the JS of the editor window. We should debug further from there.
Target Milestone: M6
Since this is a regression, maybe we should back out that focus() call for M6.
on 5/26 build I don't crash on File | Quit after launching apprunner -editor. Akkana, can you see if you're still crashing?
Status: REOPENED → RESOLVED
Closed: 25 years ago25 years ago
Resolution: --- → WORKSFORME
Worksforme is the latest resolution for this one. Who knows when it will come back to haunt us?
Doing this under Purify gets the log appended here ... I've seen IPRs out of Purify before, but in the loading shared libraries side of things. Srinivas says the output from Purify in that case isn't valid (as I interpret things), but who knows? **** Purify instrumented ./apprunner.pure (pid 5417) **** IPR: Invalid pointer read (237 times): * This is occurring while in: strlen [rtlib.o] DLLErrorInternal [prlink.c:131] pr_FindSymbolInLib [prlink.c:908] PR_FindSymbol [prlink.c:944] nsDll::FindSymbol(const char*) [xcDll.cpp:170] nsFreeLibraryEnum(nsHashKey*,void*,void*) [nsComponentManager.cpp:1482] _hashEnumerate(PLHashEntry*,int,void*) [nsHashtable.cpp:85] PL_HashTableEnumerateEntries [plhash.c:368] nsHashtable::Enumerate(int(*)(nsHashKey*,void*,void*),void*) [nsHashtable.cpp:211] nsComponentManagerImpl::FreeLibraries() [nsComponentManager.cpp:1512] nsComponentManager::FreeLibraries() [nsRepository.cpp:137] nsServiceManagerImpl::ReleaseService(const nsID&,nsISupports*,nsIShutdownListener*) [nsServiceManager.cpp:289] nsServiceManager::ReleaseService(const nsID&,nsISupports*,nsIShutdownListener*) [nsServiceManager.cpp:455] nsAppShellService::ShutdownComponent(const nsID&) [nsAppShellService.cpp:384] nsAppShellService::EnumerateComponents(void(nsAppShellService::*)(const nsID&)*) [nsAppShellService.cpp:289] nsAppShellService::Shutdown() [nsAppShellService.cpp:411] nsEditorAppCore::Exit() [nsEditorAppCore.cpp:979] EditorAppCoreExit(JSContext*,JSObject*,unsigned int,long*,long*) [nsJSEditorAppCore.cpp:813] js_Invoke [jsinterp.c:650] js_Interpret [jsinterp.c:2199] js_Invoke [jsinterp.c:666] js_Interpret [jsinterp.c:2199] js_Invoke [jsinterp.c:666] js_CallFunctionValue [jsinterp.c:735] JS_CallFunctionValue [jsapi.c:2437] nsJSEventListener::HandleEvent(nsIDOMEvent*) [nsJSEventListener.cpp:97] nsEventListenerManager::HandleEvent(nsIPresContext&,nsEvent*,nsIDOMEvent**,unsig ned int,nsEventStatus&) [nsEventListenerManager.cpp:561] RDFElementImpl::HandleDOMEvent(nsIPresContext&,nsEvent*,nsIDOMEvent**,unsigned int,nsEventStatus&) [nsRDFElement.cpp:2260] nsMenuItem::DoCommand() [nsMenuItem.cpp:408] nsMenuItem::MenuItemSelected(const nsMenuEvent&) [nsMenuItem.cpp:304] * Reading 65 bytes from 0xec1b0468 between the heap and the stack. **** Purify instrumented ./apprunner.pure (pid 5417) **** IPR: Invalid pointer read (237 times): * This is occurring while in: memcpy [rtlib.o] PR_SetErrorText [prerror.c:69] DLLErrorInternal [prlink.c:131] pr_FindSymbolInLib [prlink.c:908] PR_FindSymbol [prlink.c:944] nsDll::FindSymbol(const char*) [xcDll.cpp:170] nsFreeLibraryEnum(nsHashKey*,void*,void*) [nsComponentManager.cpp:1482] _hashEnumerate(PLHashEntry*,int,void*) [nsHashtable.cpp:85] PL_HashTableEnumerateEntries [plhash.c:368] nsHashtable::Enumerate(int(*)(nsHashKey*,void*,void*),void*) [nsHashtable.cpp:211] nsComponentManagerImpl::FreeLibraries() [nsComponentManager.cpp:1512] nsComponentManager::FreeLibraries() [nsRepository.cpp:137] nsServiceManagerImpl::ReleaseService(const nsID&,nsISupports*,nsIShutdownListener*) [nsServiceManager.cpp:289] nsServiceManager::ReleaseService(const nsID&,nsISupports*,nsIShutdownListener*) [nsServiceManager.cpp:455] nsAppShellService::ShutdownComponent(const nsID&) [nsAppShellService.cpp:384] nsAppShellService::EnumerateComponents(void(nsAppShellService::*)(const nsID&)*) [nsAppShellService.cpp:289] nsAppShellService::Shutdown() [nsAppShellService.cpp:411] nsEditorAppCore::Exit() [nsEditorAppCore.cpp:979] EditorAppCoreExit(JSContext*,JSObject*,unsigned int,long*,long*) [nsJSEditorAppCore.cpp:813] js_Invoke [jsinterp.c:650] js_Interpret [jsinterp.c:2199] js_Invoke [jsinterp.c:666] js_Interpret [jsinterp.c:2199] js_Invoke [jsinterp.c:666] js_CallFunctionValue [jsinterp.c:735] JS_CallFunctionValue [jsapi.c:2437] nsJSEventListener::HandleEvent(nsIDOMEvent*) [nsJSEventListener.cpp:97] nsEventListenerManager::HandleEvent(nsIPresContext&,nsEvent*,nsIDOMEvent**,unsig ned int,nsEventStatus&) [nsEventListenerManager.cpp:561] RDFElementImpl::HandleDOMEvent(nsIPresContext&,nsEvent*,nsIDOMEvent**,unsigned int,nsEventStatus&) [nsRDFElement.cpp:2260] nsMenuItem::DoCommand() [nsMenuItem.cpp:408] * Reading 65 bytes from 0xec1b0468 between the heap and the stack.
Status: RESOLVED → VERIFIED
verified in 5/26 build.
You need to log in before you can comment on or make changes to this bug.