Closed
Bug 7344
Opened 26 years ago
Closed 26 years ago
second mail message viewed causes crash
Categories
(Core :: Layout, defect, P3)
Core
Layout
Tracking
()
VERIFIED
FIXED
M7
People
(Reporter: sspitzer, Assigned: joki)
Details
something landed between may 28 - may 29 that makes it so the second message I
click to view in messenger crashes.
this happens for mail and news messages.
This is on linux and windows, I haven't tried the mac.
Here's the linux stack trace:
#0 0x40f4f422 in nsDocument::HandleDOMEvent (this=0x86807c0,
aPresContext=@0x829fa88, aEvent=0xbfffef54, aDOMEvent=0xbfffef20, aFlags=4,
aEventStatus=@0xbfffef80) at nsDocument.cpp:2271
#1 0x4038cc7a in GlobalWindowImpl::HandleDOMEvent (this=0x830e958,
aPresContext=@0x829fa88, aEvent=0xbfffef54, aDOMEvent=0xbfffef20, aFla
gs=1, aEventStatus=@0xbfffef80) at nsGlobalWindow.cpp:2036
#2 0x402e69a8 in nsWebShell::Destroy (this=0x82cb468) at nsWebShell.cpp:929
#3 0x40e89e24 in nsHTMLFrameInnerFrame::~nsHTMLFrameInnerFrame (this=0x82cb350,
__in_chrg=3) at nsFrameFrame.cpp:464
#4 0x40dc1452 in nsFrame::DeleteFrame (this=0x82cb350, aPresContext=@0x8144570)
at nsFrame.cpp:390
#5 0x40f58053 in nsFrameList::DeleteFrames (this=0x82f7fe8,
aPresContext=@0x8144570) at nsFrameList.cpp:28
#6 0x40dbed29 in nsContainerFrame::DeleteFrame (this=0x82f7fb0,
aPresContext=@0x8144570) at nsContainerFrame.cpp:79
#7 0x40f58053 in nsFrameList::DeleteFrames (this=0x829f630,
aPresContext=@0x8144570) at nsFrameList.cpp:28
#8 0x40dbed29 in nsContainerFrame::DeleteFrame (this=0x829f5f8,
aPresContext=@0x8144570) at nsContainerFrame.cpp:79
#9 0x40dd8707 in nsLineBox::DeleteLineList (aPresContext=@0x8144570,
aLine=0x829f6d0) at nsLineBox.cpp:157
#10 0x40db2b13 in nsBlockFrame::DeleteFrame (this=0x829f2b8,
aPresContext=@0x8144570) at nsBlockFrame.cpp:806
#11 0x40db0c26 in nsAreaFrame::DeleteFrame (this=0x829f2b8,
aPresContext=@0x8144570) at nsAreaFrame.cpp:105
#12 0x40f58053 in nsFrameList::DeleteFrames (this=0x829f010,
aPresContext=@0x8144570) at nsFrameList.cpp:28
#13 0x40dbed29 in nsContainerFrame::DeleteFrame (this=0x829efd8,
aPresContext=@0x8144570) at nsContainerFrame.cpp:79
#14 0x40f58053 in nsFrameList::DeleteFrames (this=0x82f8350,
aPresContext=@0x8144570) at nsFrameList.cpp:28
#15 0x40dbed29 in nsContainerFrame::DeleteFrame (this=0x82f8318,
aPresContext=@0x8144570) at nsContainerFrame.cpp:79
#16 0x40df60ca in ViewportFrame::DeleteFrame (this=0x82f8318,
aPresContext=@0x8144570) at nsViewportFrame.cpp:115
#17 0x40de2be2 in PresShell::~PresShell (this=0x8380cb8, __in_chrg=3) at
nsPresShell.cpp:548
#18 0x40de2948 in PresShell::Release (this=0x8380cb8) at nsPresShell.cpp:485
#19 0x40069e1c in nsCOMPtr_base::~nsCOMPtr_base (this=0x83778ac, __in_chrg=2) at
nsCOMPtr.cpp:25
#20 0x40033457 in nsCOMPtr<nsIPresShell>::~nsCOMPtr (this=0x83778ac,
__in_chrg=2) at nsWebShellWindow.cpp:738
#21 0x40f53362 in DocumentViewerImpl::~DocumentViewerImpl (this=0x8377888,
__in_chrg=3) at nsDocumentViewer.cpp:240
#22 0x40f53075 in DocumentViewerImpl::Release (this=0x8377888) at
nsDocumentViewer.cpp:184
#23 0x402e63c3 in nsWebShell::Embed (this=0x82db018, aContentViewer=0x8388850,
aCommand=0x834d358 "view", aExtraInfo=0x0) at nsWebShell.cp
p:755
#24 0x402e3c01 in nsDocumentBindInfo::OnStartBinding (this=0x834d328,
aURL=0x834d368, aContentType=0x833bb48 "text/html") at nsDocLoader.c
pp:1432
#25 0x402c9d6b in NET_NGLayoutConverter (format_out=38, converter_obj=0x0,
URL_s=0x834d460, context=0x834d658) at nsStubContext.cpp:949
#26 0x402a1f85 in NET_StreamBuilder (format_out=38, URL_s=0x834d460,
context=0x834d658) at mkstream.c:237
#27 0x4027a197 in NET_PluginStream (fmt=38, data_obj=0x0, URL_s=0x834d460,
w=0x834d658) at cvplugin.cpp:222
#28 0x402a1f85 in NET_StreamBuilder (format_out=38, URL_s=0x834d460,
context=0x834d658) at mkstream.c:237
#29 0x401e373f in net_setup_file_stream (cur_entry=0x834d7a0) at mkfile.c:783
#30 0x401e4511 in net_ProcessFile (cur_entry=0x834d7a0) at mkfile.c:1319
#31 0x40298f17 in NET_ProcessNet (ready_fd=0x0, fd_type=1) at mkgeturl.c:3355
#32 0x402a0df9 in NET_PollSockets () at mkselect.c:298
#33 0x402c2f1a in nsNetlibService::NetPollSocketsCallback (aTimer=0x85fd088,
aClosure=0x805f178) at nsNetService.cpp:1276
#34 0x4013f9d5 in ?? () from
/builds/sspitzer/MOZILLA/05.29.1999/04.30/mozilla/dist/bin/libgfxgtk.so
#35 0x4013febe in ?? () from
/builds/sspitzer/MOZILLA/05.29.1999/04.30/mozilla/dist/bin/libgfxgtk.so
#36 0x406b1c11 in ?? () from /usr/lib/libglib-1.2.so.0
#37 0x406b0dd2 in ?? () from /usr/lib/libglib-1.2.so.0
#38 0x406b13bb in ?? () from /usr/lib/libglib-1.2.so.0
#39 0x406b1571 in ?? () from /usr/lib/libglib-1.2.so.0
#40 0x405d715b in ?? () from /usr/lib/libgtk-1.2.so.0
#41 0x400e50ed in ?? () from
/builds/sspitzer/MOZILLA/05.29.1999/04.30/mozilla/dist/bin/libwidgetgtk.so
#42 0x400212c9 in nsAppShellService::Run (this=0x8079250) at
nsAppShellService.cpp:402
#43 0x804bb48 in main (argc=2, argv=0xbffffa04) at nsAppRunner.cpp:483
Reporter | ||
Comment 1•26 years ago
|
||
here's the window's stack trace.
nsDocument::HandleDOMEvent(nsDocument * const 0x03d3e200, nsIPresContext &
{...}, nsEvent * 0x0012fb5c, nsIDOMEvent * * 0x0012fb30, unsigned int 4,
nsEventStatus & nsEventStatus_eIgnore) line 2271 + 22 bytes
GlobalWindowImpl::HandleDOMEvent(GlobalWindowImpl * const 0x03cb29b4,
nsIPresContext & {...}, nsEvent * 0x0012fb5c, nsIDOMEvent * * 0x0012fb30,
unsigned int 1, nsEventStatus & nsEventStatus_eIgnore) line 2040
nsWebShell::Destroy(nsWebShell * const 0x03cb5e10) line 929 + 34 bytes
nsHTMLFrameInnerFrame::~nsHTMLFrameInnerFrame() line 465
nsHTMLFrameInnerFrame::`scalar deleting destructor'(unsigned int 1) + 15 bytes
nsFrame::DeleteFrame(nsFrame * const 0x03cb41d0, nsIPresContext & {...}) line
390 + 34 bytes
nsFrameList::DeleteFrames(nsIPresContext & {...}) line 29
nsContainerFrame::DeleteFrame(nsContainerFrame * const 0x03cb4600,
nsIPresContext & {...}) line 82
nsFrameList::DeleteFrames(nsIPresContext & {...}) line 29
nsContainerFrame::DeleteFrame(nsContainerFrame * const 0x03cb1040,
nsIPresContext & {...}) line 82
nsLineBox::DeleteLineList(nsIPresContext & {...}, nsLineBox * 0x03cb4f60) line
158
nsBlockFrame::DeleteFrame(nsBlockFrame * const 0x03cb14e0, nsIPresContext &
{...}) line 806 + 16 bytes
nsAreaFrame::DeleteFrame(nsAreaFrame * const 0x03cb14e0, nsIPresContext & {...})
line 106
nsFrameList::DeleteFrames(nsIPresContext & {...}) line 29
nsContainerFrame::DeleteFrame(nsContainerFrame * const 0x03cb1870,
nsIPresContext & {...}) line 82
nsFrameList::DeleteFrames(nsIPresContext & {...}) line 29
nsContainerFrame::DeleteFrame(nsContainerFrame * const 0x03cb1c50,
nsIPresContext & {...}) line 82
ViewportFrame::DeleteFrame(ViewportFrame * const 0x03cb1c50, nsIPresContext &
{...}) line 116
PresShell::~PresShell() line 549
PresShell::`scalar deleting destructor'(unsigned int 1) + 15 bytes
PresShell::Release(PresShell * const 0x039af900) line 485 + 34 bytes
nsCOMPtr_base::~nsCOMPtr_base() line 26
nsCOMPtr<nsIPresShell>::~nsCOMPtr<nsIPresShell>() + 15 bytes
DocumentViewerImpl::~DocumentViewerImpl() line 242 + 22 bytes
DocumentViewerImpl::`scalar deleting destructor'(unsigned int 1) + 15 bytes
DocumentViewerImpl::Release(DocumentViewerImpl * const 0x03d3d0f0) line 184 + 99
bytes
nsWebShell::Embed(nsWebShell * const 0x0393fbf0, nsIContentViewer * 0x0437b6f0,
const char * 0x0437a820, nsISupports * 0x00000000) line 755 + 27 bytes
nsDocumentBindInfo::OnStartBinding(nsDocumentBindInfo * const 0x0437a860, nsIURL
* 0x0437a7a0, const char * 0x0437bed0) line 1432 + 36 bytes
OnStartBindingProxyEvent::HandleEvent(OnStartBindingProxyEvent * const
0x0437aa50) line 507
StreamListenerProxyEvent::HandlePLEvent(PLEvent * 0x0437aa54) line 472 + 12
bytes
PL_HandleEvent(PLEvent * 0x0437aa54) line 491 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00c050b0) line 452 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x00a40142, unsigned int 49381, unsigned int 0,
long 12603568) line 868 + 9 bytes
USER32! 77e71250()
00c050b0()
Reporter | ||
Comment 2•26 years ago
|
||
adding lisa to the cc list
Reporter | ||
Comment 3•26 years ago
|
||
I've checked in the following fix.
It prevents the crash, and allows me to use messenger again.
I'm not marking this fixed until the owner of the code reviews what I did.
sspitzer:/builds/sspitzer/MOZILLA/05.29.1999/04.30/mozilla/layout > cvs diff -c
base/src/nsDocument.cpp
Index: base/src/nsDocument.cpp
===================================================================
RCS file: /cvsroot/mozilla/layout/base/src/nsDocument.cpp,v
retrieving revision 3.113
diff -c -r3.113 nsDocument.cpp
*** nsDocument.cpp 1999/05/28 00:22:47 3.113
--- nsDocument.cpp 1999/05/29 20:52:50
***************
*** 2268,2276 ****
//Capturing stage
if (NS_EVENT_FLAG_BUBBLE != aFlags) {
nsIScriptGlobalObject* mGlobal;
! if (NS_OK == mScriptContextOwner->GetScriptGlobalObject(&mGlobal)) {
! mGlobal->HandleDOMEvent(aPresContext, aEvent, aDOMEvent,
NS_EVENT_FLAG_CAPTURE, aEventStatus);
! NS_RELEASE(mGlobal);
}
}
--- 2268,2278 ----
//Capturing stage
if (NS_EVENT_FLAG_BUBBLE != aFlags) {
nsIScriptGlobalObject* mGlobal;
! if (mScriptContextOwner != nsnull) {
! if (NS_OK == mScriptContextOwner->GetScriptGlobalObject(&mGlobal)) {
! mGlobal->HandleDOMEvent(aPresContext, aEvent, aDOMEvent,
NS_EVENT_FLAG_CAPTURE, aEventStatus);
! NS_RELEASE(mGlobal);
! }
}
}
(We didn't see this on the 5/28 build on the Mac due to bug
http://bugzilla.mozilla.org/show_bug.cgi?id=7329)
Changing severity to critical since this is a crash and it's easy to get.
Thanks, Seth, for fixing this. Rick - pls review Seth's changes to make sure
that it's a safe fix and doesn't affect your other areas. Thanks.
Reporter | ||
Comment 5•26 years ago
|
||
patrick beard re-did my fix to follow the coding convention of that file.
rickg, please review patrick's change, not mine. (his is right after mine.)
Updated•26 years ago
|
Assignee: vidur → joki
Comment 7•26 years ago
|
||
Tom, this should be a quick one for you...
Assignee | ||
Updated•26 years ago
|
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 8•26 years ago
|
||
Yeah, I'll sign off on this. I would have thought that mScriptContextOwner
would never be null but apparently (probably during doc destruction or
something) it can so this is a good fix. Marking fixed.
Verified in the June 9 optimized Seamonkey builds. I was not able to reproduce
the crash under POP3, IMAP, or News. I tried in on the following builds:
June 9 Win32 (1999060909) build installed on Gateway P200 running Win98
June 9 Linux (1999060908) build installed on Compaq P200 running Redhat 5.2
June 9 PPC (1999060909) build installed on PPC 9600/300 running Mac OS 8.5.1
You need to log in
before you can comment on or make changes to this bug.
Description
•